News item | 6/26/2023 | 2:30 pm
The resilience against cybercrime, digital espionage or sabotage via digital means starts with individual organizations. Due to increased and increasingly complex cyber threats from the Netherlands and abroad, private or public organizations and companies must also receive appropriate support from the government. That is why the government has decided to merge the existing cybersecurity national government organizations into one central, visible and effective national cybersecurity organisation. This organization includes the National Cyber Security Center (NCSC) of the Ministry of Justice and Security (JenV) and the Digital Trust Center (DTC) and the Computer Security Incident Response Team for digital service providers (CSIRT-DSP), both of the Ministry of Economic Affairs and Climate Policy (EZK).
Minister Yesilgoz-Zegerius (JenV):
“Cybercriminals and hostile states are becoming smarter and more effective in digitally stealing money and information or sabotaging organizations and processes that are important to our society. That is why we must combine our knowledge and skills to ensure that we stay one step ahead of this malicious person. The renewed organization is based on the strong characteristics of the current organizations. This enables the new organization to provide all organizations in the Netherlands, large or small, public or private, vital or non-vital, with appropriate information and knowledge and to offer assistance in the event of incidents. I am therefore pleased that the organizations are already working together as much as possible so that we can already better defend ourselves against cyber attacks.”
Minister Adriaansens (EZK):
“The importance of digital resilience for our society and economy is increasing. For example, if the internet does not work due to a cyber attack, the shops are empty or even industrial production fails. Digital devices and systems provide economic opportunities and consumer convenience, but also make us vulnerable. We are therefore increasing the legal cyber requirements for devices and services themselves. But also invest in knowledge sharing and expertise in the event of large-scale incidents. This works best with a single government desk where organizations and companies can receive support.”
Recognizable counter
After the integration, all organizations in the Netherlands can turn to a single, recognizable counter for cybersecurity advice and assistance with digital incidents, and the new cybersecurity organization can respond quickly and adequately to information about threats and incidents at national and sectoral level. The first important steps have been taken. The organizations already work together as much as possible. For example, by jointly organizing the warning of victims and targets of a cyber attack and providing action perspectives to all organizations in the Netherlands so that they can better defend themselves against attackers.
The Minister of Justice and Security will become the owner of the renewed organisation. The Ministry of JenV and EZK jointly fulfill the role of client.
The transition will take place in two phases so that as much account as possible is taken of upcoming legislation and current processes from the Dutch Cyber Security Strategy (NLCS).
In the first phase until October 1, 2024, the organizations are already working together as much as possible. For example, by warning about concrete cyber threats and vulnerabilities and by jointly providing action perspectives to all organizations in the Netherlands so that they can better defend themselves against attackers.
In the second phase until January 1, 2026, tasks and processes will be integrated and optimized. It must also in any case be possible to implement the Security and Information Systems Act (Wbni), including the European Network and Information Security (NIS2) directive, sectoral legislation within which CSIRT tasks are performed and the Business Digital Resilience Act (Wbdwb). currently in the House of Representatives. After the first phase, the current organizations no longer follow an independent course and only exist in a formal sense in their current form.