Many Dutch organizations cannot even fend off the most basic digital attacks, because they do not have their security in order. The resulting large number of hacking attacks also means that the police are overburdened. This warning is issued by the Cyber Security Council, an advisory body to the cabinet.
For years, the security services, such as the AIVD and the NCTV, have pointed out the danger of cyber attacks and the vulnerability of the Netherlands. The council agrees and says that the government should devote much more attention and money to this.
Security is also not in order at vital companies, such as payment traffic, the electricity grid and the water supply. For this reason, drinking water organization Waternet was placed under stricter supervision on Friday.
There is by no means always effective supervision of whether organizations have their security in order. According to the council, this is necessary and there should also be a fund for extra security measures.
Many companies and organizations mistakenly believe that they will not be victims, the Cyber Security Council has concluded. What they forget is that there is a great risk of falling victim to criminals who do not necessarily target them, but simply look for a random victim.
The consequence of poor security is that the police are inundated with cyber cases and cannot handle this flow. Moreover, one case can quickly have many victims, sometimes even tens of thousands. And although the number of investigators involved in internet crime has expanded considerably in recent years, the knowledge and capacity in this area is still limited at the police and the Public Prosecution Service.
It is also unclear exactly how many victims there are; According to the council, reporting a crime should become easier. Moreover, companies and institutions do not have the right information to defend themselves against threats.
In practice, the many agencies that deal with digital security work alongside each other. The council calls for a single body to deal with consultations about ‘digital matters’. Legal obstacles also need to be resolved to make it easier to share information about threats.
Companies and citizens cannot always rely on the safety of the products they buy, such as a thermostat that is connected to the internet or the software with which a company does the accounting. “By introducing a legal duty of care, suppliers become liable for the consequences of unsafe digital products and services,” the advice states.
Substantial investments should also be made in education and knowledge. Promising ICT talent is now moving abroad, causing a shortage of specialists here.
The Cyber Security Council, with members from the government, industry and academia, believes that more than 800 million euros will be needed in the coming years for the most important interventions, such as protecting the vital infrastructure and tackling internet crime by the investigative services.