Dutch Government to design Cyber Defence doctrine

In the past I’ve always said that the Dutch government needs to do more in the area of Cyber Warfare / Cyber Security because there didn’t seem to be too much going on. Our Defence department didn’t post anything about starting up a Cyber Command, nor was there any government activity to be seen. However, though it wasn’t easy to find, there does finally appear to be some movement on the horizon.

During a meeting about the 2010 Defence budget, members Knops (CDA), Voordewind (CU) and Eijsink (PVDA) established that there was no mention of Cyber Warfare in the budget. They note that Cyber Warfare is an issue of great concern, and submitted motion 32 123x nr. 66 (in Dutch) to start interdepartemental development of a Cyber Security Strategy and urges The Netherlands to start actively participating in NATO initiatives on the subject.

In a letter by the Minister of Defence (again in Dutch), Eimert van Middelkoop acknowledges that rapid developments in technology have also led to certain threats such as cyber crime and cyber warfare. He describes what is understood by the term Cyber Warfare and how it relates to his department, along with how various other ministries also have responsibilities regarding cyber security issues.

A brief overview:

  • Interdepartmental coordination of Cyber Security in general is handled by the Ministry of the Interior through the National Security Program;
  • Cyber Crime is handled by the Ministry of Justice;
  • Cyber Terrorism falls under the National Coordinator of Counter-Terrorism (NCTb);
  • Cyber Defence is a shared responsibility between the Ministry of Defence and the Ministry of the Interior;
  • National Critical Infrastructure is handled by the Ministry of Economics

Minister van Middelkoop asserts that commercial parties also have a role to fulfill in the development and implementation of a cyber security strategy, to which I can only wholeheartedly agree. The next paragraph of this most clarifying letter confirms the existance of the Defence departments’ own CERT (DEFCERT), and its responsibilities towards defending its networks. In a separate letter he mentions that DEFCERT is growing and is expected to be fully operational in 2012.

Probably the most important information that can be obtained from this letter is in the final paragraph. It contains The Netherlands’ intentions in this area, which resemble those of Great Britain:

  • Creation of a Cyber Defence doctrine and implementation of a strategy;
  • Development of a Cyber Incident Responce strategy;
  • Investigation of Cyber Intelligence Gathering and the legal ramifications thereof;
  • Establishment of bilateral communications and best practiceswith NATO and the CCDCOE in Tallinn, Estonia

Compared to what has been released by the Dutch government on this topic, its a lot of information that suddenly became available. As a concerned Dutch citizen, I am very happy to see that this threat is finally addressed. With the dependency on technology growing every day, cyber security will continue to grow in importance along with it. If we do not work towards creating a safer cyberspace now, the consequences could be dire.