As of September 2024, Matthijs van Amelsfort has served as Director of the National Cyber Security Centre (NCSC). After a career in cybercrime detection with the police, his focus has now shifted to prevention and crisis management. His leadership style is characterised by allowing freedom for professionals. “Keep your eye on the ball and especially on the team,” he says.
Van Amelsfort witnessed the development of cybersecurity from the very beginning. He handled his first hacking case back in 2001 when he was a digital forensic investigator with the police. “A vastly different time, as hackers’ awareness was not yet high. For instance, they hardly shielded their own identity.” The cyber world has changed significantly since then. “Digitalisation has skyrocketed, and hackers are becoming more resourceful; with that, cyber threats are increasing. I have witnessed that increase closely while working for the police.”
Blue heart
After a while, Van Amelsfort opted for managerial positions in the field of cyber because he felt that cyber knowledge was equally important. “As an expert in the field, I often thought: how is anyone I have to explain what an IP address is, going to defend my interests?” His background helps him better understand what cyber experts need to be able to do their jobs successfully. “I suppose that recognition is nice,” he says. Upon his departure from the police, he was awarded a ‘Blue Heart’ (article in Dutch) by his colleagues as a token of appreciation for his affable leadership style and the space he allows for development.
Fixing the tap
Cybercrime differs from other crimes in several ways. Van Amels explains, “It doesn’t simply stop by making arrests; you have to work on building resilience against it. In this context, I often use a saying by ‘Loesje’: ‘Mopping the floor works better when someone is fixing the tap.’ It is great to be able to work on strengthening resilience at the NCSC with the knowledge and experience I bring from my time working with the police. It gives me lots of energy.”
That energy is needed as the NCSC is on the verge of some significant changes. The EU guidelines for the implementation of NIS2 -known as the NIS2 Directive– is on its way, which will greatly increase the number of organisations the NCSC caters to. Therefore, the NCSC will become the one-stop shop for cybersecurity within the government. For this purpose, it will be merging with the Digital Trust Centre (DTC), among others. With the DTC Act (Dutch), the new NCSC will also inform and advise the non-vital business community about digital vulnerabilities, cyber threats and incidents.
Acting fast is critical
To serve this rapidly growing target group in a timely and effective manner, Van Amelsfort is committed to further developing data-driven work at the NCSC. “Acting fast is critical in the cyber world. The enormous task we face requires more data-driven operations so that we can act. On top of that, the NCSC is receiving more and more intelligence as a result of, for instance, the obligation to report as stipulated in the Cybersecurity Act (currently only available in Dutch). As a result, our information position is further increasing.”
Cyber resilience is something of a puzzle, he says. “Everyone has their piece of information about digital incidents and threats; you have to put that together for the overall picture. Data-driven collaboration ties all that information together. Only then will we be able to understand what is going on and determine how we can best protect the Netherlands in a joint effort. The NCSC cannot do this by itself, but the same goes for the police and intelligence services and even the government as a whole. This is why cross-sector partnerships are very important.”
Understand, connect, prevent
Van Amelsfort explains the NCSC’s role in a crisis using an example: “Imagine a hospital being the victim of a cyber-attack. Our role in that case is to work with Z-CERT (Digital security for Dutch healthcare institutions, ed.) to understand what is going on in terms of cyber as soon as possible: what vulnerability caused the incident? Who and what should we be connecting to ensure that the hospital’s systems will be up and running again as soon as possible? What can we do to prevent other organisations from falling victim? What is the course of action? Who should we be briefing? Who should be notified? Perhaps this vulnerability also plays out in the energy sector, which means that information should also start to flow between sectors.” That NCSC job should be broken down into three pillars at all times, he argues: “Understanding, connecting, preventing. For the NCSC, it is important in this respect that we can share intelligence across sectors. To this end, cross-sector partnerships within the Cyber Resilience Network Netherlands (Dutch) are vital.
Sleeping comfortably
The Cybersecurity Assessment Netherlands 2024 shows a vast and diverse range of threats. As a result, awareness of cyber risks is increasing, Van Amelsfort observes. “The geopolitical tension and the threats that come with it are forcing us to be more realistic. It is up to administrators to take the next step and apply that awareness to the organisation. What are your crown jewels; what have you got to protect? And how is that covered? As a manager, what will make you sleep comfortably, knowing it’s ok?”
That administrative responsibility for cyber security policy is, therefore, stipulated in the Cyber Security Act. Van Amelsfort sees the NCSC’s role in this as more remote. “The NCSC offers a lot of pointers and recommendations and is happy to contribute ideas, but the responsibility lies with the organisation itself.”
Giving professionals space to act
How can administrators be put in the cybersecurity saddle properly? This should be orchestrated, according to Van Amelsfoort. “Look at what you need for your operations. For instance, solid, unbiased information is key, as you need to understand what is going on to make the right decisions. Therefore, ensure you have the right people beside you to help interpret that information.”
This is especially true in a cyber crisis, something that can happen to any organisation. Van Amelsfort recommends that crisis team leaders maintain focus on the human aspect as well: “Keep your eye on the ball, but also on the team.” He explains, ‘’During a crisis, you often find that leadership style becomes more directive, as decisions have to be taken fast. But you have to maintain a balance on that to ensure you stay well-informed about the impact of your decisions. This requires you to allow professionals enough space for their judgments. In doing so, the question is: Are you taking a sprint or running a marathon? This calls for a difference in the set-up and how you deploy your people.”
Aftercare is crucial
Once the crisis is settled, the aftercare phase is crucial for key learnings. ‘’At NCSC, we too draw lessons from every incident. It is important to review what happened in retrospect. And what does that mean for our organisation? How can we do our work even better? Aftercare is relevant to employees as well, as the impact of a cyberattack at targeted organisations can affect them too.”
Save the date: government-wide cyber exercise
The impact of a cyber incident is often huge. The trick is to make the right decisions under pressure. Practice, practice, practice is the motto. That is why the Ministry of the Interior and Kingdom Relations is organising the 6th Government-Wide Cyber Exercise on 3 November 2025. Make sure to save this date in your calendar!
Just as in previous years, you will be able to practise simultaneously this year. Mobilise your team and block the agenda to watch the central exercise together.
Tip: follow Resilient Digital Government on LinkedIn (Dutch) to stay up to date.
Teaming up with the Caribbean Netherlands
The Government-Wide Cyber Programme also wants to involve the Caribbean part of the Kingdom. Van Amelsfort worked for the police in Curaçao for a while. “It is good to join forces in the Cyber Resilience Network and make sure we exchange as much information with each other as possible because cyber resilience does not stop at national or local borders.” Still, there are some significant differences. ‘’When we give our recommendations, we need to primarily look at the things that work for their local context,‘’ he says.
This is how all collaborations entered with the NCSC are approached. ‘Every request for partnership starts with the question: what exactly is needed? And what are the legal possibilities in such a collaboration? Ultimately, you also want to make sure, in a data-driven way, that the information can be shared as quickly and adequately as possible. So that they too can act in a timely and appropriate manner and resilience goes up.” That takes time. Meanwhile, much can be done. “All our recommendations are available to colleagues in the Caribbean part of the Kingdom on NCSC.nl as well.”
Series of cyber interviews
This cyber interview is brought to you by the Government-wide cyber programme organised on behalf of the Ministry of the Interior and Kingdom Relations. In this series also appeared:
- Interview Art de Blauw (BZK: ‘“Raising Digital Resilience to a Higher Level Together”
- Interview with Simon Sibma (SVB): “Digital Resilience of our Organisation is a Top Priority”
- Interview with Chantal Bennink (BZK) and Bill Kuipers (ICTU): Preparing for Digital Threat With Cyber Excercise
