News item | 21-04-2022 | 17:16
The National Cyber Security Center (NCSC) is working hard to make the Netherlands increasingly digitally safer. The NCSC informs and advises vital providers and parts of the national government with up-to-date threat and incident information about their network and information systems. At present, the NCSC does not always have the legal basis to provide threat and incident information to organizations other than vital organizations and the national government. As a result, the other organizations do not know that their systems are vulnerable, while the NCSC does have information about it. That is why a bill from Minister Yeşilgöz-Zegerius (Justice and Security) will be sent to the House of Representatives today, which will provide that the NCSC can provide this information to these other organizations in more cases.
Yesilgöz-Zegerius:
“Today we are taking the next and important step to make the Netherlands digitally safer. That is sorely needed. Many organizations are now missing crucial information to be able to protect themselves properly and in a timely manner against digital attacks. We are living our lives online more and more and criminals are aware of that. In addition, the current situation in the world makes this bill more topical than ever: our digital resilience must be increased. Sharing information by the NCSC plays a crucial role in this.”
Wbni . adjustment
The bill contains an amendment to the Network and Information Systems Security Act (Wbni). The Wbni regulates (among other things) the statutory tasks of the NCSC in the field of cybersecurity. The primary task of the NCSC is to inform and advise vital providers and organizations within the national government about digital threats and incidents, and to conduct analyzes and technical investigations for this purpose. As a result, the NCSC also regularly has information about digital threats or incidents that is relevant to other providers. This concerns, for example, distributors of food products, political parties or container transhipment companies. However, that information cannot always be provided to those other providers or their linking organizations at the moment, because the law does not yet provide the basis for this.
That is why Minister Yeşilgöz-Zegerius proposes to adjust the Wbni so that this information can be shared. This provides the NCSC with the basis for sharing threat and incident information in a broader sense with so-called OKTTs (organizations whose objective is to inform organizations or the public about threats and incidents), which act as linking organizations for other providers. These linking organizations can then provide organizations in their rank and file with that information and advice. In addition, the bill provides a basis for the NCSC to share threat or incident information with other providers itself in special cases. This is a special case if there is no linking organization (such as an OKTT) that can provide the provider with the information and the information relates to a threat or incident with significant consequences for the continuity of the provider’s services.