Artikel op Computerweekly.com: Dutch government ‘unambitious’ in digital

Directeur Petra Oldengarm heeft een bijdrage geleverd aan Computerweekly.com over de digitale ambities van de overheid.

The Netherlands has been working at home as much as possible since the outbreak of Covid-19, but its dependence on technology and connectivity does not seem to be reflected by the government’s approach to digitisation.

If there is one thing that the Covid-19 crisis has made clear, it is that the Netherlands must focus on strengthening its digital economy. Where the country’s physical infrastructure is a task for the government, the responsibility for facilitating digital ambitions and a future-proof economy rests on the shoulders of a few hundred predominantly Dutch small and medium-sized enterprises (SMEs).

Due to the country’s strong digital infrastructure, the economic damage caused by the coronavirus in the Netherlands remained relatively limited compared with other European countries. However, the government policy presented on Budget Day (Prinsjesdag) does not reflect a digital ambition with much coherence.

Petra Oldengarm is director of Cyberveilig Nederland, the organisation that represents security companies in the Netherlands. A few months before the government presented its plans, Cyberveilig Nederland wrote a vision document that it shared with the political parties. But too little of the advice from the vision document was reflected in government policy, said Oldengarm.

“Digitisation has become an inseparable part of our lives, but that is not sufficiently recognised by the government,” she added.

A positive step forward was the establishment of a permanent Parliamentary Committee on Digital Affairs, with effect from the next parliamentary term. “It is important that there is more coherence in the area of digitisation in politics,” said Oldengarm. “There are now just a small number of people within political parties who are looking into this subject, and some of them will be gone after the elections, so the question is whether the knowledge they have acquired will also leave with them.”

Digital policy is a necessity

An important element of digitisation in the Netherlands is cyber security. The millions of Dutch people who work from home pose considerable risks to the IT security of companies and organisations. This is evident from Veilig2020, the annual study of cyber security conducted by the Ministry of Economic Affairs. Attention to this subject is therefore not a luxury, but a vital necessity.

Reducing the Netherlands’ digital vulnerability is a common challenge that requires an active and stimulating role to be played by government and politics, said Oldengarm. “This is where we can draw a parallel with the pandemic,” she added.

“Virologists and immunologists have been warning of a pandemic for years, but apart from swine flu, as well as SARS and MERS, nothing really shook us up, until Covid-19 appeared at the beginning of this year. Even then, we first thought ‘oh, that’s only happening in China’ and then ‘that’s only happening in Italy’, but suddenly the virus was on the Netherlands’ doorstep too. And now we are struggling to keep it down.”

According to Oldengarm, this shows that there might be incidents, but meaningful action is only taken when there is a crisis.

Although the Dutch government has published various security reports, strategies and roadmaps in recent years, these only address part of the problem. Improved cooperation between different departments is essential to seize the opportunities offered by digitisation, said Oldengarm.

“We are missing central direction,” she said. “In fact, we would like to see a cyber commissioner appointed by the government. Similar to the Delta Commisioner who, as government commissioner, is responsible for the national Delta programme, including budget and power of perseverance.”

Oldengarm added that technological developments are moving so quickly that, in addition to a central management position, it is necessary to set up an independent cyber outbreak management teams for cyber security crises. “This team could advise the government in the event of a major incident with a high impact on society,” she said.

The Netherlands has the NCSC (National Cyber Security Centre), which focuses primarily on the vital sectors, said Oldengarm, “but many aspects also concern organisations that do not belong to the vital sectors”.

She added: “We wonder whether, in the event of an incident, a government body should only share its knowledge with a select section of Dutch organisations, namely the approximately 150 vital institutions, or whether it should also communicate more widely and jointly decide what is wise for the Netherlands’ resilience.”

Security in education

In fact, this resilience should start in primary education, said Oldengarm. In the Netherlands, primary schoolchildren hardly receive any lessons in cyber security or digital resilience. Not only is it important to train enough cyber security professionals, but it is also necessary to prepare Dutch youth for the digital future, she said.

“This requires a long-term approach,” said Oldengarm. “It’s not just about digital skills, but also about how you deal with security and privacy. It has to be a basic [IT] hygiene that children can take with them.”

She believes that the current lack of this is not a problem that can be solved quickly. “This, too, starts with government and politics,” she said “That’s where the plans are made and the policy for the Netherlands is drawn up.”

Oldengarm also foresees a danger that the current health crisis poses. “A lot of money is currently being spent on saving the economy,” she said. “Very understandable, but that money has to come from somewhere. We are going to have a lot of discussion over the next few years about what we are going to spend and save money on. At a time when the importance of digitisation is not being given a prominent place in the discussions on how money will be spent, that is worrisome.”  

That is one of the reasons why Cyberveilig Nederland has joined the coalition of (sector) organisations that want to raise digital awareness within the government. “We want to make it clear that the Netherlands is fully dependent on digital systems and that technology and connectivity are at the heart of almost all sectors,” said Oldengarm. “The government has to act accordingly.”

Lack of knowledge

Although a number of years ago, digitisation and cyber security did not feature at all in the Dutch government’s plans, this has now improved. But there is still a lack of coherence, central control and, above all, knowledge. “It must be about how we make the Netherlands digitally resilient,” said Oldengarm. “We have been working on that for years and the government has already taken a number of steps, but it is important to examine whether current strategy still applies.”

A number of years ago, said Oldengarm, it was determined which organisations and institutions belonged to the Netherlands’ vital sector. “But the world is changing, so we need to look at whether more organisations should now be addressed,” she said. “Take the current corona crisis. Healthcare and retail are not part of today’s vital sector, but when we started hoarding en masse in March, the shelves in the supermarkets were empty. I think many now agree with me that in certain situations, organisations of this kind are considered to be vital.”

Oldengarm argued that it is better to have the Dutch NCSC not only sharing information with the vital sector, but also with other organisations that are mature enough in their security to be able to handle this information.

Digitisation has increased enormously in recent years, but political knowledge on the subject is lagging behind. The most important appeal that Oldengarm, on behalf of the entire sector, wants to make is: “Bring central control and coherence to this subject. Every political party must provide someone who is a heavy dossier holder in this area and is committed to it.

“Moreover, politicians could and should make much more use of the knowledge and expertise from the market. As security organisation s, we would very much like to contribute to the suppression of incidents and the prevention of crises and increase the resilience of the Netherlands as a result.”

Lees het artikel hier.

Artikel op Computerweekly.com: Dutch government ‘unambitious’ in digital