For Caribbean and international professionals working on government digitalisation

Logo Rijksoverheid, to the homepage
Two guards standing in front of a safe to protect the online data kept inside.

Priority 2.5 Actions

In the following table, you will find a description of priority 2.5 “Improve Cybersecurity” with the desired results for 2024 and the organisations responsible for implementation:

Results and implementors
Description Result for 2024 Implementor – By whom, with whom
1. Introduce a government-wide statutory duty of care for information security, a duty to report and a regulatory regime.
  • Update the implementation of the BIO support programme.
  • The accountability system contained in the Uniform Single Information Audit Standard (ENSIA)10 is further developed. Steps have been taken on the horizontal and vertical organisation of regulation based on the BIO.
  • There is a revised BIO (BIO prelude was delivered in 2023) that is legally embedded in NIS2.
  • Pilots provide insight into the added value of an IT report and IT audit statement within the government.
  • Indicators that measure ambition regarding actual security are monitored and displayed on the open- source website basisbeveiliging.nl. Government organisations can mirror and draw from this.
 BZK, JenV, various ministries, local and regional authorities, CIP
2. Coordination of Government-wide strategy for international cyber policy.
  • Activities are in line with international Cyber Strategy, looking at international security, human rights and rule of law online.
 BZ, EZK, JenV, BZK, DEF, local and regional authorities, and government services (AIVD, MIVD, NCSC, NCTV, OM and the National Police)
3. The government only purchases secure ICT products and services.
  • The government cybersecurity procurement requirements tool has been further developed, broadened and implemented.
 BZK, EZK, local and regional authorities, CIP
4. Offer own domain11 to make trustworthy websites easier for citizens to recognise.
  • Offer government-wide extension for governments, starting with the central government.
  • Create a government domain extensions transition plan with all government entities. Implement in phases, starting with the central government.
  • The first use of the extension.
 BZK, AZ
5. Establish a contact point.
  • A point of contact was established where citizens and businesses can ask questions about the security of government websites.
 BZK, AZ/DPC, Netherlands Publication Office (KOOP)
6. Facilitating annual government-wide exercises (from Government I-strategy).
  • Annual government-wide cyber drill using simulated hack attacks.
  • Delivery of red-teaming toolkit.
  • Start implementation of red-team testing by ministries.
  • Interdepartmental knowledge sharing regarding red-team testing is organised.
 BZK, JenV
7. Provide a help function for information security and privacy for authorities and government agencies.
  • Further steps to extend and update the expansion and continued development of the Information Security & Privacy service. The first authorities or government agencies receive customised recommendations from professionals within the government about digital security and privacy.
 BZK, CIP
8. Increase detection and response capabilities of central government organisations.
  • All relevant central government organisations are connected to the National Detection Network.
  • First Security Operations Center (SOC) products relating to monitoring & detection, vulnerability management and collaboration & information sharing are available.
 BZK, JenV
9. Improve proactive information security measures focused on the central government’s Protectable Interests.
  • A national policy for mandatory basic digital resilience training is established.
  • The annual ADR demand-driven information security survey is conducted.
  • Tools ready for protection against ransomware.
  • The first step in the quantum awareness programme for primary audiences is implemented.
  • Quantum-safe crypto policy established.
  • Establish a process that provides crypto resources for long-term protection of state secrets at the State Department.
  • Digital resilience risk management policy and implementation framework is established.
 BZK
10. Ensure that mobile devices issued to civil servants employed by the central government are set up so that only authorised apps, software and/or functionalities can be installed and used.
  • Allowlisting: apps authorised for use by government officials are determined.
  • Procedure established for introduction of managed devices.
  • App policy framework drafted and implementation started.
  • The “Central Government Digital Working Environment” code of conduct is updated.
 BZK In coordination and cooperation with ministries and “facilitating organisations”

To go straight to the next priority, see 2.6 Implementation of National and EU Regulations, Compliance and Monitoring.

To go back to the Track 2 overview page, see 2. Everyone Must Be Able to Trust in the Digital World.

Got a query, thought, comment, or suggestion?

If you're working on digitalising the government and got something on your mind, please share your thoughts with us.