Netherlands: Defense Cyber ​​Strategy 2018

(To Alessandro Rugolo)
04/01/19

In the introduction of the new Cyber ​​Strategy Strategy of the Defense of the Netherlands we read: "The Cyber ​​Security Assessment Netherlands 2018 [..] makes clear that the greatest cyber threat to our national security is state-based".
On the basis of the recent assessment, it was therefore necessary to rewrite the Cyber ​​Defense strategy of the 2012 in order to take into account the new conditions, a strategy issued through the strategic document published last November.

Let's see quickly what it is.
The document is lean and easily readable, clear for the decision-making level, absolutely non-technical.
It is divided into an introduction and three chapters:
- the contribution of the Defense to the Cyber ​​Security of the Netherlands and NATO;
- cyber victory in operations;
- preconditions: personal, development of knowledge and innovation, cryptography.

In the introduction, the objectives identified through the new cyber strategy are listed right away:
- be able to maintain control of their IT systems and weapon systems and to safeguard their cyber resilience;
- further improve intelligence capabilities in the cyber domain;
- acquire greater deterrence capabilities to cyber attacks;
- safeguard the security of the Netherlands and of the vital infrastructures and processes in the event of a conflict in which cyber tools are employed;
employ cyber assets to gain and maintain superiority in military operations.

Finally, very clearly, the Netherlands declare that the ambitious but necessary objective is to become a "Cyber ​​striking power".

In the first chapter (defense contribution to the Cyber ​​security of the Netherlands and NATO) risks are identified, mainly at the state level, which tend to undermine the country's economy and vital infrastructure. Reference is also made to the practices of some unidentified countries which they knowingly enter malware inside Industrial Control Systems vital for the country, in preparation for a possible conflict. The strengthening and creation of new cyber capabilities is framed within the maximum cooperation with NATO and the Defense is called to invest in the following capacities:
- intelligence;
- contribute to military deterrence in the cyber field;
- cyber defense and protection of their networks and systems;
- research in the field of survival of national critical systems;
- military aid and support for civil authorities;
- collaboration with law enforcement agencies.

The document emphasizes the development of intelligence in the cyber sector, also in order to identify with the greatest certainty possible attackers to allow the technical, but above all political and legal, to take any countermeasures.

Regarding the contribution to military deterrence through cyber capabilities, the cyber ability to influence different domains and to be influenced by other domains is clearly recognized. Possessing a credible offensive capacity in the cyber domain is likewise recognized as a necessity as it acts as an effective deterrent.

The second chapter (cyber victory in operations) highlights the important role of cyber in the coming conflicts and the need to create interforce teams to be used on missions, including by integrating Defense Intelligence and Security Service (DISS) personnel. Recognized the importance of the cyber domain in military operations the step towards planning is short: in fact it is said that "the cyber point of view will have to be taken into consideration from the initial planning stage of each potential mission".

To conclude, in the third chapter (preconditions: personal, development of knowledge and innovation, cryptography), we highlight the impossibility of pursuing the objectives indicated above without considering certain preconditions:
- personnel: the need for in-depth knowledge and the lack of specialized personnel represents a risk. The Defense, consequently, will have to investigate the possibilities of recruitment and retention of cyber, civil and military personnel. Furthermore, the development of knowledge and innovation in the sector will have to be pursued. One of the tools to employ is the "Dutch Security Platform for Higher Educational and Research" (DCYPHER), which the Defense has joined. The chapter also refers to the need to work closely with the national industry that deals with systems or technologies that deal with state secrets.
Finally, the importance of cryptography and the need to continue the development of capacity in the sector are recognized.
Here is a summary of what is expected in the new Defense Cyber ​​Strategy of the Netherlands.

Naturally all this will have to be verified in light of the investments of the future years of the sector, since it certainly can not be achieved at no cost.

To learn more:
- https://blog.cyberwar.nl/2018/11/dutch-defense-cyber-strategy-2018-inves...
- https://english.nctv.nl/binaries/CSBN2018_EN_web_tcm32-346655.pdf
- https://www.thehaguesecuritydelta.com/news/newsitem/1167-ministry-of-def...