For Caribbean and international professionals working on government digitalisation

Logo Rijksoverheid, to the homepage
Two guards standing in front of a safe to protect the online data kept inside.

2.5 Improve Cybersecurity

Social Challenges

Cybersecurity is an essential prerequisite for successful digitalisation. The absence of basic measures means that the government is lagging in terms of digital resilience, making it a promising target for malicious actors (state and criminal). It is the government’s social responsibility to safely capitalise on the economic and social opportunities provided by digitalisation and protect our security and public values at the same time. As part of this wide-ranging social responsibility, the government must set a good example and handle citizens’ data securely.

Results achieved by 2023

  • Work is already underway with local and regional authorities to prepare legislation and regulations, appropriate monitoring, and reduce the cybersecurity audit burden imposed on local and regional authorities by the government.
  • The new European Network and Information Security Directive (NIS2) imposes a statutory obligation for information security, reporting of high-impact incidents and a supervisory regime for essential and important providers. Government-wide sets of standards stimulate the secure procurement of ICT products and services. (The Ministry of Justice and Security (JenV) is responsible for the EU process and the implementation thereof in Dutch legislation. The Ministry of Interior and Kingdom Relations (BZK) is responsible for the government sector.)
  • Strengthening digital resilience is one of the road maps to be implemented in the Government I-Strategy 2022–2025 (in Dutch). The International Cyber Strategy (ICS) 2023–2028 has been presented to the House of Representatives.
  • Publication of the proposed Cyber Resilience Act, containing security requirements for the entire life cycle and ICT supply chain.

Goals & indicators

Goals and indicators
Goals Indicators
1. The Netherlands can safely capitalise on the opportunities presented by digitalisation while protecting our security and public values.
  • The new European Network and Information Security Directive (NIS2) transposed into Dutch legislation (implementation)
2. Authorities and government agencies meet the prescribed security requirements applicable to them.
  • A central regulator is designated for the Government sector.
3. Authorities and government agencies only use and purchase secure ICT products and services from the market.
  • 100% of government organisations have implemented standards sets such as the Government Information Security Baseline (BIO). This is encouraged through enforcement with the establishment of independent oversight (NIS2 coming into force).
  • 100% of tendering procedures and procurement of ICT products and services meet the government’s cybersecurity procurement requirements. This will also be encouraged as NIS2 partly relates to the Government sector.
4. Governments use a uniform domain name extension. Citizens have a point of contact for questions about the authenticity of a government site/email/app.
  • 100% of government organisations have completed the Government Internet Domain Registry with their own websites.
  • The Registry was filled with the Government domain names in 2023. Local and regional authorities’ domain names will be added in 2024.
5. Governments are practised in fending off cyber incidents and receive support.
  • Increase in public sector organisations that regularly carry out drills using simulated hack attacks.
  • Key figures Government-wide Cyber exercise: 310 in 2023 and 395 in 2024 (live participants), 100 in 2023 and 113 in 2024 (organisations that participated simultaneously), 2,800 in 2023 and 4,100 in 2024 (unique participants in the Government-wide Cyber Programme platform).

What are our forthcoming actions?

To find out the goals we are setting for the upcoming year to strengthen cybersecurity, see priority 2.5 actions.

 

Got a query, thought, comment, or suggestion?

If you're working on digitalising the government and got something on your mind, please share your thoughts with us.