The government is allocating millions of euros in the coming years to improve the digital resilience of our country. The government has also set aside millions for tackling cybercrime and strengthening vital infrastructure. From the General Intelligence and Security Service (AIVD) to the Public Prosecutor's Office (OM), everyone is getting money.
This is evident from the figures presented by the cabinet on Tuesday on Budget Day. The Budget Memorandum (1) contains all the plans and accompanying budgets of the ministries. VPNGids.nl studied the budget documents of the Ministry of Justice and Security, Interior and Kingdom Relations, and Economic Affairs and Climate.
Cybercrime today makes almost as many victims as traditional crime, writes Minister Dilan Yeşilgöz-Zegerius of Justice and Security (JenV) in the budget plans. Therefore, the Public Prosecutor' s Office is going to invest in tackling cybercrime and investigative capacity in the digital domain. To realize this, the Public Prosecutor's Office will receive an additional 12 million euros structurally. That money will be used to "bring the knowledge and capacity for tackling cybercrime up to standard."
Furthermore, the Ministry of JenV said that the Dutch Cybersecurity Strategy (NLCS)-which aims to make Dutch society more digitally resilient-will continue to be implemented in 2023. The National Coordinator for Counterterrorism and Security (NCTV) will take charge of its coordination. The budget for the NCTV for 2023 is estimated at €54.9 million.
The National Cyber Security Center (NCSC) is getting an additional 16 million euros this year. Next year the NCSC will have over 23 million euros to spend. In the coming years that amount will increase to 42 million euros.
The Personal Data Authority is also getting a lot of extra funding. The budget for this year is just over 29 million euros. Next year, the regulator will have nearly 34.5 million euros at its disposal. Between 2024 and 2027, the amount increases in steps from 37.8 million euros to 41.4 million euros.
The privacy watchdog has been asking for extra budget for years. Initially, former Minister for Legal Protection Sander Dekker wanted nothing to do with it. Late last year, just before the fourth Rutte government took office, the government announced that the Personal Data Authority would receive an additional 8 million euros (2) structurally from 2025 to carry out its tasks.
An algorithm regulator will appear in the near future (3). It will be hosted by the Personal Data Authority. In a few weeks, State Secretary for Digitalization Alexandra van Huffelen will announce more about the yet-to-be-announced watchdog.
"Due to technological developments, espionage by state actors has greatly increased and thus poses a greater threat to Dutch interests," the Ministry of the Interior and Kingdom Relations (BZK) writes in its budget documents. The "Temporary Act Investigating AIVD and MIVD on Countries with Offensive Cyber Program," or the Temporary Act for short, is intended to give the security services more freedom to use their powers.
Now the services must ask for prior permission before using their powers. Afterwards, another check takes place to see if it was all done lawfully. The Temporary Act says that it is no longer necessary to ask for permission in advance. A "non-binding indication" will then already be sufficient to be allowed, for example, to tap the Internet cable for a year.
Dissatisfied with this forthcoming legislation, Bert Hubert submitted his resignation (4) to the Deployment Powers Review Board (TIB). In various media, the software developer explained his decision. Speaking to BNR, he said he hopes there will be a "robust discussion" (5) in the Lower House about the Temporary Act. In the fall, Minister Hanke Bruins Slot of the Interior and Kingdom Relations will send the bill to the House of Representatives.
To strengthen our country's digital resilience, the ministry wants to increase the clout of the AIVD and MIVD. For that reason, next year the AIVD will focus on a "combined approach to detecting digital attacks and advising governments and vital companies on increasing digital resilience." The service is also committed to obtaining better intelligence to strengthen national security, ensure economic security and better protect critical infrastructure.
To achieve these goals, the government is investing in the security services. The budget of the AIVD rises to 86.5 million euros in 2027. The MIVD's budget increases from 17.2 million euros to 35.8 million euros in 2023. In 2024, the budget of the MIVD will reach 71.7 million euros.
"Cybersecurity is an essential prerequisite for the Dutch digital economy and society (...) This means that the supply of ICT products and services must become more secure, cybersecurity knowledge development and innovation must be stimulated, and consumers and businesses must become more aware of digital threats and risks and become more resilient to them," reads the budget of the Ministry of Economic Affairs and Climate Change (EZK). Investing in knowledge development and innovation around cybersecurity are two important spearheads of the cabinet.
"Consumer protection and strengthening the cyber resilience of business are important for digital security," the documents go on to say. Therefore, according to the government, it is important to make the supply of ICT products and services more secure. To achieve that goal, the European Commission introduced the Cyber Resilience Act earlier this month (6).
The bill states that manufacturers must provide a minimum of five years of support for their products unless the lifespan of their devices is shorter. It also states that consumers have the right to be properly informed about the security of the devices they buy. Finally, it sets up rules to hand out fines to companies that do not follow these rules.
Next year, the department is also pushing for the implementation of the European Network and Information Security Directive (NIB2) (7). This states, among other things, that companies must take "appropriate cyber measures" and that there will be a duty to report serious cyber incidents. In this way, the government wants to protect the "Dutch vital interests." A sum of 3.54 million euros has been set aside for this purpose in 2023. In 2024, the Cabinet will allocate 6.05 million euros for this purpose, in 2025 and 2026 5.05 million euros. From 2027, 6.07 million euros will be structurally available for the implementation of the NIB2 directive.
It was agreed in the coalition agreement that the Ministry of Economic Affairs will receive an additional 6.6 million euros in 2023 to deploy in the field of cybersecurity. From 2027 this amount rises to 16.1 million euros, structurally. Among other things, the department wants to invest this money in the services of the Digital Trust Center (DTC) and the expansion of the National Coverage System ( 8). The latter is an initiative initiated by former Minister of Justice and Security Ferd Grapperhaus to facilitate the exchange of information about digital threats between the central government, commercial parties and companies working in the vital sector
Agency Telecom, which among other things monitors the security of the telecom network, has a budget of 37.3 million euros this year. In 2023, it rises to 41.4 million euros. However, this increase is one-time and temporary in nature. In 2027, the organization will have to get by on 39.5 million euros.
Finally, EZK's budget documents state that the NCSC, DTC and the Cyber Security Incident Response Team for Digital Service Providers (CSIRT-DSP) will expand starting next year. The goal is to create a single national cybersecurity center by 2026 (9). In this way, the government wants to combat fragmentation in the cybersecurity landscape. "That is why there will soon be one organization, under the umbrella of the NCSC, to work on this. In this way we will combine forces in the field of knowledge, information sharing and expertise when things do go wrong," said Minister Yeşilgöz-Zegerius.
https://www.rijksoverheid.nl/onderwerpen/prinsjesdag/miljoenennota-en-andere-officiele-stukken
https://www.vpngids.nl/nieuws/autoriteit-persoonsgegevens-krijgt-structurele-budgetverhoging/
https://www.vpngids.nl/nieuws/kabinet-presenteert-in-juni-plan-voor-algoritmetoezichthouder/
https://www.vpngids.nl/nieuws/tib-medewerker-stapt-op-uit-onvrede-over-tijdelijke-wet/
https://www.vpngids.nl/nieuws/oud-toezichthouder-wil-stevige-discussie-over-tijdelijke-wet/
https://www.vpngids.nl/nieuws/europese-commissie-wil-iot-apparaten-met-slechte-beveiliging-weren/
https://www.vpngids.nl/nieuws/eu-breidt-meldplicht-cyberincidenten-uit-naar-meer-sectoren/
https://www.vpngids.nl/nieuws/csr-pleit-voor-versneld-delen-van-informatie-over-beveiligingsincidenten/
https://www.vpngids.nl/nieuws/kabinet-werkt-aan-een-nationaal-cybersecuritycentrum/
