The third Dutch national cybersecurity strategy, Cyber Security Agenda - A Cyber Secure Netherlands, was implemented in 2018, following on from the first strategy in 2011 and the second in 2014.
The overarching objective of the new strategy is ensuring the Netherlands plays a leadership role in cyberseurity with knowledge development at the forefront.
The strategy came into force through a coalition agreement and €95 million structural funds with resources allocated for improving staff capacity and expanding IT facilities with the involvement of mutliple government departments: Justice and Security (NCTV), Defence (MIVD), Interior and Kingdom (AIVD), Foreign Affairs, Infrastructure and Environment, Economic Affairs. NCTV, the Minstery of Education, Culture and Science, and the Netherlands Organisation for Scientific Research are tasked with overseeing cybersecurity education through Dcypher (Dutch cybersecurity platform higher education and research), which is now part of the Dutch Security Cluster.
Overall, the strategy covers the following strategic goals in the ENISA classification: Cybercrime, Critical Information Infrastructure Protection, international cooperation, public-private partnership, incident response capability, baseline security requirements, training and educational programmes.
EDUCATION AND TRAINING IN NATIONAL CYBER SECURITY STRATEGY
|Knowledge Development: Measures||
The 2018 Cyber Security Agenda stresses the urgent need to maintain and deepen high-quality cybersecurity knowledge development of both fundamental and applied cybersecurity research as crucual for implementing measures to avoid existing and new digital threats from increased digitisation. In this respect, the Agenda calls for standards for IoT devices, software liability measures and the strengthening of the National Cyber Security Centre (English).
The key target for boosting national expertise in cybersecurity spans:
|Education and Research||
Higher education: NCTV, the Minstery of Education, Culture and Science, and the NWO are tasked with tracking higher education in the Netherlands, comparing degree programmes and assessing the skills of recent graduates entering the labour market. The National Cyber Security Agenda calls upon these policymakers to analyse the differences between the curricula (supply) and requirements for well-trained personnel (demand). It also highlights the need to pay greater attention to ensuring there is sufficient teaching capacity in all relevant disciplines.
Schoolchildren: Digital literacy for primary and secondary education is part of the national curriculum with an educational review becoming law in 2019. However, the risks facing young children in the digital world means that the educational sector needs to continuously renew and anticipate developments in an evolving landscape. Therefore the Agenda pushes forward such revisions through cooperation between teachers, pupils, parents, educational institutions and the professional field.
The Dutch Agenda for Cyber Security implements three measures with the overarching goal of ensuring that the Netherlands conducts high-quality cybersecurity research, building on its long-term knowledge development programme with the involvement of the academic community while making sure there are enough academics available to acquire an independent knowledge position in cybersecurity. A complementary goal is ensuring that citizens and businesses understand the importance of tackling cyber threats and building resilience to cybercrime.
The three measures are:
The Dutch National Cyber Security Centre has published a Research Agenda 2019-2022 with a focus on crisis management, risk management, strategic and social aspects of cybersecurity and new technologies with the aim of implementing related measures in the national cybersecurity strategy.
NCSRA-II implements the objective on ensuring there is sufficient cybersecurity knowledge and expertise alongside a boost to investments in IT innovations.
NCSRA-III (2018) is focused on the research callenges in cybersecurity and privacy based on five pillars: Design, Defence, Attacks, Governance and Privacy.
|Higher Education Courses on Cybersecurity||
Study findings have made the catch-up of current generations a key prirority (National Cybersecurity Awareness Study 2017; National Cybersecurity Awareness Study 2019; in Dutch). This research reveals that citizens and businesses are not sufficiently aware of the dangers of the digital world, calling for measures to safguard them from the inherent risks.
The business community and the government have already invested heavily in the awareness of citizens and small businesses on cyber threats through several campaigns such as:
Alert online (Dutch).
However, greater public-private cooperation can further boost these efforts by prioritising more cohesion into communications campaigns in the public domain. This also applies to the efforts of employers to make staff more digitally skilled and keep them up to date on cyber risks. Such approaches should be underpinned by digital guides on basic security measures for both businesses and citizens as a starting point for a stronger security posture and as a lever for further measures to be put in place.
A key target of the Dutch 2018 cybersecurity strategy is having an integrated and strong public-private approach to cybersecurity with the NCTV taking the lead in promoting and ensuring the improvement of cybsecurity through a concerted effort by public authorities, the business community, science and civil society. Close public-private cooperation is the key to successfully designing, developing and assessing the approach taken, closely following the evolving threat landscape and linking effective market initiatives to the wider picture of the national strategy, such as including cybersecurity into the Corporate Governance Code, thereby making it subject to audit and review.
The Agenda stipulates the following:
Specific objectives are aimed at ensuring:
The Dutch security cluster The Hague Security Delta is a network of businesses, governments and knowledge institutions, that work together on knowledge development and innovation in security. Their common goal is making the world more secure with more business activity and more jobs. The cluster is supported by the HSD Office with the goals of:
In June 2016, the HSD took the first steps in connecting to security regions in France, Denmark, Finland and Germany, where the aim is to also create cross-sector co-operation. The other cyber security clusters joining HDS are: France: Aix-en-Provence, SAFE Cluster | Denmark: Karup, CenSec | Finland: Tampere Region, Safety and Security Cluster | Germany: Karlsruhe, KIT | Germany: Munich, Security Cluster.
The ECP (Dutch) is a public-private platform for promoting the use of information and communications technology in the Netherlands.
The Netherlands has also signed a memorandum of understanding on cyber security with Luxembourg and Belgium, including co-operation and expertise-sharing on the development of public-private partnerships.
|EU Cyber Professional Register for national stakeholders||
The CYBERWISER.eu CyPR is all about boosting opportunities in the cybersecurity marketplace.
This European Cybersecurity Professional Register is the place where professionals, juniors or seniors, age can promote their specific skill sets and experiences in cybersecurity, courses taken and qualifications.
Organisations of any size or sector from SMEs to large companies and public institutions can find and contact the right skills and experiences they need to improve their IT security posture.
|Latest Update & Disclaimer||
The information contained here is based on desk research carried out by CYBERWISER.eu, including the ENISA interactive maps on national strategies and educational courses.
Cysersecurity Response Teams: GDPR and NIS Directive Compliance and Notification
|Role of National Centre||
The National Cyber Security Centre (NCSC) is the central information hub and centre of expertise for cyber security in the Netherlands. NCSC's mission is to contribute to the enhancement of the resilience of Dutch society in the digital domain, and thus to create a secure, open and stable information society. On an international level the NCSC is the Dutch point of contact in the field of ICT threats and cyber security incidents. The NCSC is also a key figure in the operational coordination at a major ICT crisis and the Computer Emergency Response Team (CERT) for the Dutch central government.
The main activities of the NCSC are:
|Report a cyber incident to national CERT/CSIRT||
The NCSC NL has a National Cyber Security Operations Centre (NCSOC) which is available 24/7 as reporting centre. It detects new threats and vulnerabilities and provides its network of contacts with leads. By strengthening the NCSC, scaling up and realising a joint analysis and incident approach more quickly is possible in an emergency.
The NCSC supports the central government of the Netherlands and providers of vital processes (Dutch). These organisations wishing to report a cyber incident and similar problems can contact the NCSOC and CERT inside and outside office hours via firstname.lastname@example.org.
The Netherlands has a sophisticated and mature legal and policy framework for cyber security, which includes the National Cyber Security Strategy and renews its cyber security framework every two years.
The Netherlands National Cyber Security Centre works as an expanded CERT dealing with all cybersecurity related procedures and practices in a centralised manner. The centre also actively participates in the work of the Information Sharing and Analysis Centres (ISACs) for sectors involved with critical infrastructure.
|Languages||Dutch and English (most information is available in English)|
|Latest Update & Disclaimer||
The information contained here is the result of desk research carried out by CYBERWISER.eu.