Government decides on one organization for cybersecurity

the editorial team

27 June 2023

The Cabinet has decided to merge the existing cybersecurity organizations of the central government. The National Cyber Security Center (NCSC) of the Ministry of JenV, the Digital Trust Center (DTC), and the Computer Security Incident Response Team for Digital Service Providers (CSIRT-DSP), both of the Ministry of EZK, will merge into a new organization.

The Minister of JenV will be the owner of the revamped organization. Together, the Ministries of JenV and EZK will fulfill the role of the client.

“The renewed organization will be founded on the strengths of the current organizations,” said Minister Yeşilgöz-Zegerius (Justice and Security). “This will enable the new organization to provide all organizations in the Netherlands, large or small, public or private, vital or non-vital, with appropriate information and knowledge and to offer assistance in the event of incidents. I am therefore pleased that the organizations are already working together as much as possible so that even now, we can better defend ourselves against cyber attacks.”

“The importance of digital resilience for our society and economy continues to grow,” said Minister Micky Adriaansens (Economic Affairs and Climate). “We are increasing the legal cyber requirements on devices and services themselves. But also invest in knowledge sharing and expertise in large-scale incidents. That works best with a single government desk where organizations and businesses can get support.”

The transition is taking place in two phases so that upcoming legislation and ongoing trajectories from the Netherlands Cybersecurity Strategy (NLCS) can be taken into account as much as possible.

In the first phase, until Oct. 1, 2024, the organizations will work together as much as possible. This is already happening, for example, by jointly organizing warnings of victims and targets of a cyberattack and by jointly providing action perspectives to all organizations in the Netherlands to defend themselves against attackers better.

In the second phase, until January 1, 2026, tasks and processes will be integrated and optimized. It will also implement the Security and Information Systems Act (Wbni), including the European Network and Information Security (NIS2) directive, sectoral legislation within which CSIRT tasks are performed, and the Promoting Digital Resilience for Business Act (Wbdwb).

After the first phase, the current organizations no longer pursue an independent course and exist only in a formal sense in their current form.

Picture: Daan Mooij via Unsplash