At long last, the Dutch Ministry of Defense has published a crucial piece of Cyber Doctrine by publishing its Cyber Strategy [PDF Alert – Dutch]. It was given quite a nice introduction by the Dutch Minister of Defense Hans Hillen, who introduced it during the MoD’s Cyber Symposium in Breda on the 27th of june. During this introduction it was also asserted that over 90% of all attacks to Dutch military systems and networks was of Chinese origin, which made me wonder why we haven’t heard any political outcry yet, but I digress as this is not the topic I had in mind of treating today. Let’s get to the document in question: It’s a total of 18 pages long and the introduction of the Dutch Cyber Defense Strategy is, as is often the case in such documents, very telling. The language used should be looked at as defining terms by which the rest of the document can be interpreted.
In the introduction the Dutch MoD acknowledges that they use the digital domain for (satellite-)communications, information-, sensor-, navigation-, logistical- and weapons systems, that are dependent on secure internal and external networks of digital technology and that this makes them vulnerable to cyber attacks.
They also acknowledge that other countries are developing offensive cyber capabilities and that non-state actors are also capable of forming a threat to Defense forces by attacking digital systems and networks. What’s interesting is that this strategy also acknowledges the blur of the lines between the combatant and the non-combatant, and also the blurring of the borders of any operational areas. Both are key components of the “Fourth Generation Warfare” principle and it seems that the Dutch MoD has at least partially accepted this principle. What makes this so interesting is that they are declaring that non-combatants may also be actively targeted. In essence, they are putting the world on notice that walking around without a uniform is no longer an automatic safe haven, and that if you’re involved with any kind of cyber attack, part of a militia or a terrorist, you have a bull’s-eye on your head. No matter where you are. Plain and simple.
The last paragraph of the introduction specifically mentions that the Military Industrial complex is already a major and consistent target of cyber attacks because they develop and produce high-grade military technology. The strategic and economic value of their digital assets is high and as such these need to be very well guarded, also in the Cyber aspect. This ties in nicely with my earlier articlebased on the MIVD’s yearly report.
For those interested in what official Dutch political documents and official questions this document ties into, here’s the official answer:
The Defense Cyber Strategy was created in answer to:
- The publication ‘Defensie na de kredietcrisis’ of April 8th, 2011 (“Kamerstuk 32 733, nr. 1”);
- The piece to be covered by the MoD in the National Cyber Security Strategy as I covered earlier (“Kamerstuk 26643, nr. 174”);
- The advice given on Digital Warfare by the Advisory Council on International Questions (AIV);
- The Advice Commission’s (CAVV) answer to the questions posed in “Kamerstuk 33 000-X, nr. 79”;
Right, so we have that covered. Now let’s get to the meat of the document. From the onset it looks pretty promising. The strategy has six driving points and they are very broad (but relevant):
- Creating an integral and integrated approach;
- Increasing digital resillience of the entire MoD (Cyber Defense);
- Developing the capability to carry out cyber operations (Cyber Offense);
- Reinforcing intelligence gathering in the digital domain (Cyber Intelligence);
- Increasing knowledge and innovative power of the MoD in the digital domain, including recruiting and keeping qualified personnel (“adaptive and innovative”);
- Intensifying collaboration nationally and internationally.