The Netherlands’ National Cyber Security Centre (NCSC), Digital Trust Centre (DTC) and Cyber Security Incident Response Team for Digital Service Providers (CSIRT-DSP) are to merge into a single central expertise centre and information hub.
Combining knowledge and information on cyber security, legal tasks and services in the event of major incidents increases the country’s digital resilience.
The new operation will provide all organisations in the Netherlands – big or small, public or private, vital or non-vital – with appropriate information and knowledge. Previously, the NCSC was, by law, only permitted to share threat information with the central government and vital sectors. Only in April did the Council of Ministers agree to a bill that would enable the Dutch government to share information about threats, vulnerabilities and incidents with non-vital organisations.
The NCSC, DTC and CSIRT-DSP have the same goals but focus on different audiences. The NCSC’s primary target groups are vital organisations such as banks, energy and telecoms providers, and the central government itself. The DTC focuses on business and the CSIRT-DSP on digital service providers.
In 2024, the central government’s cyber security incident response teams will merge. Then, in 2026, the information hubs will follow.
The Netherlands aims to use its cyber security capacity more efficiently and effectively within a new organisation that functions as a national expertise centre, information hub and national cyber security incident response team. It will also enable efficiency gains through joint operations, accommodation and ICT, as the Nethertlands’ current cyber security landscape is rather fragmented.
Dilan Yeşilgöz-Zegerius, minister of justice and security, said: “We increasingly live our lives online and criminals have noticed that too. In addition, the current situation in the world, with a war on the eastern flank of Europe, makes this more topical than ever. Our digital resilience to repel cyber attacks must increase.
“It is therefore important that we avoid fragmentation between organisations. That is why there will soon be one organisation, under the name of the NCSC, which will work on this. This way, we can combine forces in the area of knowledge, sharing of information and expertise if things do go wrong.”
Micky Adriaansens, minister of economic affairs and climate change, added: “We all notice how important digital resilience is – for example, to prevent leaving shops empty or causing industrial production to fail in the event of a cyber attack.
“There are digital devices and systems everywhere. This offers opportunities for our companies and convenience for consumers, but it means it is crucial to be digitally resilient. The national government also has a part to play in this, for example by sharing knowledge, modern legislation and expertise in the event of large-scale incidents. That is why it is good that we are creating clarity with a single organisation and so contributing to our digital strength.”
Read more about cyber security in the Netherlands
- Dutch businesses that suffer ransomware attacks need to be more open about it, if this growing problem is to be brought under control.
- Software could help IT systems develop immunity to some cyber attacks in a similar way to how the body fights infection.
- The Dutch Public Prosecution Service claims Britain has damaged confidence by disclosing details of an international investigation into the EncroChat encrypted phone network to the courts.