At NCC Group, we pay close attention to how governments address the cyber resilience challenges facing our societies. In recent weeks, for example, we’ve looked at the UK’s National Cyber Strategy as well as the US’s zero trust ambitions, and are now turning our attention to Continental Europe, outlining how only true collaboration between public and private sectors will support the Dutch government’s focus on threats and opportunities in the digital domain…
Every year, the Dutch counter-terrorism unit NCTV publishes its CSBN report – an assessment of cyber threats to national security in the Netherlands, from espionage to ransomware.
After years of warning, the NCTV’s insights have finally reached the Dutch government, too. With the arrival of Alexandra van Huffelen as the first State Secretary for Digitization, the Dutch government has sent a clear signal of its ambition fully to focus on the threats and opportunities in the digital domain. So far so good!
From fragmentation …
But if we look a little further, the new State Secretary for Digitization is yet another 'responsible person' in the digital domain, in addition to the Minister of Justice and Security who deals with cyber security, the Minister of the Interior and Kingdom Relations with the AIVD, the Minister of Defense who covers the role of the armed forces in the cyber domain and the State Secretary of Economic Affairs and Climate Policy who looks after SMEs and digitization. This certainly doesn't look like a coordinated approach to digitization!
In addition to the fragmentation of responsibilities, we also see a lack of standardization, certification, transparency, and information sharing. To find evidence of this, look no further than the many Cyber Security Council’s reports, the Dutch Safety Board’s advice in response to the Citrix investigation, the Digital Affairs Committee’s political debates, and cyber security companies’ contributions to discussions.
Yes, it’s great to have so many organisations involved but what’s really needed to make the Netherlands digitally secure is continuous collaboration.
… to collaboration
When the potentially catastrophic impact of the log4j vulnerability became clear, countless cybersecurity companies and government organizations selflessly deployed free-of-charge tools, information, knowledge and in some cases even capacity. As the Dutch NCSC’s statement that it has observed little abuse of the vulnerability in the Netherlands shows, this coming together in a crisis meant that we were able to prevent a digital disaster. Another great example are the country’s large banks which have explicitly stated that maintaining a high level of confidence in our payment systems is a cherished public good that means they will collaborate, not compete, on issues of cyber security.
We must build on this and ensure that the partnership between public and private sectors that is feasible during a crisis becomes the norm in our day-to-day lives as we work together to make the Netherlands digitally secure.
That means that the Dutch government should embrace public-private partnership working and create the right structures to facilitate this. Government organisations and cyber security companies should be able to openly discuss the cyber security challenges, threats and risks of today and tomorrow, and take shared responsibility for tackling and solving those challenges, and improving the status quo. To do this successfully, all those involved need to work together to find the best solution, sharing information willingly and letting go of the direct competition that usually rules their relationships. These collaborative structures also need to be supported by a different kind of public procurement that supports flexibility and trust.
And in the end, we all benefit, because working together for a digitally secure Netherlands also means a more effective use of taxpayers’ money, reduced dependencies on specific suppliers and progress towards digital sovereignty.
The original post, in Dutch, by Willemijn Rodenburg can be found on her LinkedIn profile