Guarantee that essential information is available under all circumstances: Timely, accurate, complete, and accessible only to authorised individuals. Should any issue arise, it is quickly identified and immediately rectified.
Current situation
As of 2021, the situation is critical. Advisories to the government on information security are alarming and demand urgent attention. The government is lagging in digital resilience with privacy also remaining a concern. Incidents often have severe consequences, both financially and in terms of public trust in the government. Information security is of strategic importance and requires ongoing vigilance.
Risks
- Influence from state actors threatens our digital autonomy.
- Distribution across service providers is inadequate, partly due to a limited Dutch offering.
- Vulnerabilities in a single product can impact large segments of the government and private sector (digital monoculture).
- Remote work and cloud computing impose additional information security requirements.
- Existing frameworks for information security and decision-making are not always compatible with agile development processes.
Collaboration between the CIO of the Central Government and the NCSC
I focus areas
I focus area 1: Governance
Managing risks, leveraging departmental expertise, and determining what is best organised centrally. Transparency and openness towards Parliament.
- Strengthening the CIO and CISO systems and resources.
- Enabling the secretaries-general to effectively manage digital resilience.
- Mandatory reporting under the Security of Network and Information Systems Act (Dutch abbreviation: Wbni) for government organisations.
- Crisis management is operational and practiced.
- Joint standard facilities and knowledge sharing.
I focus area 2: Enhancing actual security
Continuously improving and adapting to new technical capabilities and threats.
- Updating the government-wide cloud strategy and frameworks.
- Developing workplace provisions at the level of state secrets.
- Preventative measures and provisions in the administrative environment.
- Current and robust architecture as a foundation for lifecycle management.
- Collaboration on knowledge and innovation with the industry and academia.
I focus area 3: Resilient employees
People as an indispensable link in defence. Leadership and exemplary behaviour by management. User-friendly and secure tools for employees.
- Government-wide approach to fostering a culture of digital resilience.
- Training offerings and user-friendly tools.