Offensive cyber ops continue to increase, MIVD calls for adequate mandate, legal revisions

Daphne Frik

23 April 2024

The Netherlands remains an important target for Russian and other offensive cyberoperations, the Dutch Military Intelligence and Security Service (MIVD) stated in its yearly report this week. In order to protect the democratic constitutional state and effectively carry out investigations against offensive cyber programs, the MIVD calls for a broad revision of the legal framework on which it operates.

Due to its important military hub, as well as its proximity to the data nodes in the North Sea, the Netherlands is increasingly being targeted by Russian hackers. Throughout 2023, the MIVD has seen several Russian cyberoperations aimed at gaining access to vital infrastructure – with the aim to sabotage it at a later time. At the same time, the MIVD also found Russian espionage to have increased since the Russian invasion of Ukraine, which is partly due to the fact that the Netherlands is a part of the supply route of military assets to Ukraine.

Other targets for Russian hackers are international organizations located in the Netherlands that investigate possible Russian war crimes, such as the International Criminal Court and the Organization for the Prohibition of Chemical Weapons, the report reads.

Over the last year, the MIVD has shared intelligence with Ukraine about several Russian cyberoperations, the report stated. The MIVD has also shared intelligence and insights about Russian cyber operations with other partners and others, such as government services and the private sector, and has disrupted Russian cyber operations itself.


The threats do not merely come from Russia – China also stepped up its cyber operations last year. Due to the unique and high-quality knowledge position, the Dutch semiconductor, aerospace and maritime industries, and universities are increasingly becoming espionage targets for China, the report states. Defense equipment projects, operational units and (former) defense personnel are of special interest, as China aims to use knowledge of modern military resources and deployment to further build up its own armed forces.

The Dutch intelligence services’ focus on China does not come as a surprise. Last year, the Dutch General Intelligence and Security Service (AIVD) highlighted in its yearly report that China’s strategy focuses on “legitimate investments, company takeovers and academic cooperation, as well as illegal (digital) espionage, insiders, clandestine investments and illegal exports. Dutch companies, knowledge institutions and scientists are regular victims of this.”

China lashed out following the report, accusing the Dutch authorities of a Cold War mentality, stating that the Netherlands must stop hyping the false narrative that China is a threat.

Wiv 2017 and temporary deviation

“Where necessary, the MIVD will take action, within the possibilities offered by the Dutch law,” MIVD Director Peter Reesink notes. However, “the MIVD needs an adequate mandate, consistent with the democratic constitutional state that it protects,” he points out, referring to the Wiv 2017 (Wet op de inlichtingen- en veiligheidsdiensten 2017).

In 2022, a law was proposed that temporarily deviates from the Wiv 2017 concerning investigations into countries with an offensive cyber program. Offensive cyber programs are aimed at secretly gaining digital access to confidential information, economic and technological knowledge or other information from citizens or organizations from which these countries can benefit. The aim of the proposal is to provide more operational speed and agility to the AIVD and the MIVD, as the current regime in the Wiv 2017 is deemed too restrictive to effectively carry out such investigations.

In October 2023, the law passed the Second Chamber and on March 12 of this year, the First Chamber agreed to accept the proposal.

In the MIVD report, Reesink points out that the temporary law “should enable the MIVD to act more quickly to counter threats from countries with an offensive cyber program. The temporary law must also give the services the space to use their authority to intercept relevant messaging and malware on cable-bound networks, which is essential for national security and cybersecurity. The amendment regulates the handling of bulk datasets obtained with special powers in a better way.”

However, “the broad revision of the Wiv 2017 for the coming cabinet period is still urgent and necessary,” Reesink notes.