The National Cyber Security Center (NCSC), the Digital Trust Center (DTC) and the Cyber Security Incident Response Team for Digital Service Providers (CSIRT-DSP) are going to work even more closely together on cybersecurity. The agencies are combining their knowledge and expertise in one central expertise center. In this way, they want to improve services in major incidents and increase the digital resilience of the Netherlands.
The organizations report this in a joint press release (1). Minister of Justice and Security Dilan Yeşilgöz-Zegerius and Minister of Economic Affairs and Climate Micky Adriaansens informed the House of Representatives about this today with a letter (2).
Our country has several organizations and agencies working on cybersecurity and cyber resilience. And all of them work with their own target audience. For example, the NCSC works primarily with banks, utility providers, telecom providers and the Rijksoverheid. The DTC focuses on the business community, and the CSIRT-DSP deals with digital service providers.
This target segmentation is due to the Network and Information Systems Security Act (Wbni). This law stipulates that organizations such as the NCSC and the DTC may only share threat information with parties that are part of the vital sector or critical infrastructure, such as telecom providers, energy companies or financial institutions. Bodies such as supermarkets fall outside the scope of the Wbni.
To get around this obstacle, the Cabinet passed the Temporary Act in January (3). Although the law has not yet taken effect, agencies such as the NCSC are already allowed to share relevant threat and incident information (4) with non-vital companies and organizations.
To promote cooperation between the various agencies, there will be one central center of expertise and information hub. The knowledge and expertise present at the NCSC, DTC and CSIRT-DSP will be combined. This will make it clearer for the business community who to turn to if they are targeted by hackers or cybercriminals.
Minister Dilan Yeşilgöz-Zegerius says the cooperation is badly needed. "We are increasingly living our lives online and criminals have caught on to that. In addition, the current situation in the world, with a war on Europe's eastern flank, also makes this more topical than ever: our digital resilience to ward off cyber attacks must rise."
The Minister of Justice and Security continued. "It is therefore important that we combat fragmentation in tackling this between organizations. That's why there will soon be one organization, under the umbrella of the NCSC, to work on this. In this way we combine forces in terms of knowledge, information sharing and expertise when things do go wrong."
Minister Adriaansens concurs. "We all notice how important digital resilience is. For example, if the Internet fails due to a cyber-attack, therefore stores are empty or even industrial production fails. There are digital devices and systems everywhere. That offers opportunities for our businesses and convenience for consumers, but with that, our digital resilience must also improve."
The minister stressed that the Rijksoverheid has a responsibility to boost our country's cyber resilience. "With knowledge sharing, modern legislation and expertise in large-scale incidents. Therefore, it is good that we create clarity with one organization and contribute to our digital strength," Minister Adriaansens said.
The goal of the information hub is to better assist companies when they are hit by a cyberattack, improve the digital resilience of the Netherlands and achieve efficiency gains in cybersecurity.
However, it will still take several years for the national center of expertise to be established: not until 2026 at the earliest. For example, the NCSC and CSIRT-DSP will merge in 2024. Two years later, in 2026, it will be the turn of the NCSC and the DTC. "This creates an information hub and expertise center where cybersecurity knowledge and expertise is concentrated within the Rijksoverheid ," they said.
They promise that in the meantime, the cabinet is taking steps to make Dutch society more digitally resilient.
https://www.ncsc.nl/actueel/nieuws/2022/september/7/nationale-cybersecurity-organisaties-gaan-krachten-bundelen
https://www.tweedekamer.nl/kamerstukken/brieven_regering/detail?id=2022Z16336&did=2022D34356
https://www.vpngids.nl/nieuws/aivd-nederland-stond-vorig-jaar-continu-bloot-aan-cyberaanvallen/
https://www.vpngids.nl/nieuws/overheid-gaat-ook-niet-vitale-bedrijven-dreigingsinformatie-verstrekken/
