The National Cyber Security Center (NCSC) is working hard to make the Netherlands ever more digitally secure. The NCSC informs and advises vital providers and parts of the national government with up-to-date threat and incident information about their network and information systems. Currently, the NCSC does not always have the legal basis to provide threat and incident information to organizations other than vital organizations and the central government. As a result, those other organizations do not know that their systems are vulnerable, while the NCSC has information about them. That is why a bill by Minister Yeşilgöz-Zegerius (Justice and Security) is being sent to the House of Representatives today, regulating that the NCSC can provide that information to these other organizations in more cases.
Yeşilgöz-Zegerius:
"Today we are taking another and important step to make the Netherlands more digitally secure. This is badly needed. Many organizations are now missing crucial information to protect themselves properly and timely against digital attacks. We are increasingly living our lives online and criminals have caught on to that. In addition, the current world situation also makes this bill more topical than ever: our digital resilience must increase. The sharing of information by the NCSC plays a crucial role in this."
The bill contains an amendment to the Network and Information Systems Security Act (Wbni). The Wbni regulates (among other things) the legal tasks of the NCSC in the field of cybersecurity. The primary task of the NCSC is to inform and advise vital providers and organizations within the national government about digital threats and incidents and to conduct analyses and technical research for this purpose. As a result, the NCSC also regularly has information about digital threats or incidents that is relevant to other providers. These include, for example, distributors of food products, political parties or container handling companies. However, that information currently cannot always be provided to those other providers or their switching organizations because the law does not yet provide the basis for this.
Therefore, Minister Yeşilgöz-Zegerius proposes to amend the Wbni so that this information can be shared. This will give the NCSC the basis to share threat and incident information more broadly with so-called OKTTs (organizations objectively tasked with informing organizations or the public about threats and incidents), which act as switching organizations of other providers. These linking organizations can then use this to provide organizations in their constituencies with that information and advice. In addition, the bill contains a basis for the NCSC to share threat or incident information with other providers itself in special cases. A special case exists if there is no linking organization (such as an OKTT) that can provide the provider with the information and the information concerns a threat or incident with significant consequences for the continuity of the provider's services.