News item | 02-12-2022 | 13:27
Today, Ministers Hanke Bruins Slot (BZK) and Kajsa Ollongren (Defense) sent the proposal for the temporary cyber operations act to the House of Representatives. With this temporary law, the AIVD and MIVD can use their powers faster and more effectively against the increased cyber threat from countries that commit cyber attacks against the Netherlands.
The Netherlands and its allies are increasingly faced with digital attacks from countries with an offensive cyber strategy, such as Russia and China. This concerns, for example, attempts to steal sensitive information or sabotage vital infrastructure. Disruption or failure of this can lead to serious social disruption and economic damage.
The cyber threat is increasing and these actors can act faster and more advanced and are increasingly able to hide. The aim is to give the services a better view of this increasing cyber threat by ensuring that existing powers can be used more quickly and effectively against this threat. For example, dynamic monitoring makes it possible to monitor an ongoing investigation where an attacker moves to a new server or device without having to stop the operation to resubmit a consent request. Because attackers switch servers or devices constantly in the cyber domain, which means that it is very difficult to track attackers properly under current regulations.
The bill ensures a better connection of testing and supervision to the current dynamics of cyber attacks in practice. For a number of powers, the time of review shifts from prior to the operation by the Review Committee on Deployment Powers (TIB), to during and afterwards by the Supervisory Committee of the Intelligence and Security Services (CTIVD). The CTIVD is hereby given the authority to immediately stop an operation and to decide that the data acquired in this way will be destroyed. This keeps supervision up to standard. In this way, there is a better connection with the dynamic nature of this ever-increasing (unprecedented) cyber threat.
Note of change
A memorandum of amendment to the temporary law will also soon be consulted, in which, at the request of the TIB and CTIVD, an appropriate legal framework is provided, among other things, for the processing of bulk datasets based on special powers. In addition, in response to case law of the Court of Justice (EU), this memorandum of amendment introduces a binding test beforehand (via the TIB) if the services want to keep track of traffic and location data of a person during a threat. The memorandum of amendment will shortly go into consultation and will subsequently be submitted to the Council of State for advice. After this, it will be shared with the House. This is expected to take place in the first quarter of 2023.
Revision Wiv 2017
Following the findings of the WIV Evaluation Committee (2021), an extensive review of the Intelligence and Security Services Act will take place. A letter of outline on this is expected to be shared with the Houses within a few weeks. In view of the urgency of the subjects included in the memorandum of amendment, the government has opted to settle these matters earlier with the temporary law.