In the Netherlands, a new report titled “Cybersecurity Assessment 2024” has been published by the National Coordinator to combat terrorism and security (NCTV). The report highlights the increasing threats to digital security and the rise in cyber attacks targeting the Netherlands by various states. These threats not only involve targeted attacks but also large-scale malfunctions that could potentially disrupt critical infrastructures like wind generators and transport systems.
The NCTV report points out that unfriendly states are using hacker groups to carry out attacks while also enhancing their capabilities in digital espionage and sabotage. Cyber attacks are often part of broader strategies that involve misinformation and other tactics. The report also mentions the overlapping roles of individuals who work in scientific institutions while also collaborating with intelligence services.
A significant focus of the report is on large-scale malfunctions, with an example being the Crowdstrike incident in July 2024. A technical failure during this incident resulted in over 8.5 million computers worldwide failing to boot up. This case highlighted the vulnerabilities of global networks, showing that such malfunctions could have severe consequences on public transport, air travel, and medical services.
The report also addresses the ongoing challenges of a lack of cybersecurity specialists and resources, as well as the active trade in personal data on an international scale. It emphasizes the importance of a comprehensive risk management approach that goes beyond traditional protective measures.
In 2022, the Dutch government introduced the National Cybersecurity Strategy (NLCS) aimed at establishing a secure digital infrastructure. Alongside the release of the CSAN 2024 report, a progress report on the implementation of this strategy was presented to parliament, outlining a collaborative plan between the government and businesses.
The NLCS framework involves the integration of three key entities: the National Cybersecurity Center (NCSC), the Digital Trust Center (DTC), and the Computer Security Incident Response Team – Digital Service Provider (CSIRT-DSP). This consolidation is expected to improve the efficiency of communicating digital threats and preventive measures to all organizations.
Furthermore, the Dutch government is preparing to incorporate the updated European directive on network and information security (NIS2) into national legislation. Regular exercises such as ISIDOOR IV are also being conducted to refine crisis response strategies.