The government’s national and international cybersecurity policy has done a good job in recent years, but there are also the necessary challenges and points for attention. For example, the interdepartmental management is inadequate and there is a lack of an unambiguous strategy that is up-to-date. The next cabinet will work on the recommendations and insights of the International Research and Policy Evaluation Department (IOB).
This is what Ben Knapen, outgoing Minister of Foreign Affairs, the successor of Sigrid Kaag, writes in a letter to the House of Representatives. In it he responds to the conclusions and advice of the IOB, which is part of the Ministry of Foreign Affairs.
‘International cybersecurity policy more urgent than ever’
International cybersecurity policy is aimed at preventing and limiting the consequences of cyber threats and attacks by foreign powers, state hackers and other malicious actors. It is a relatively new policy area for the Dutch government. In order to assess the state of our country and how effective the policy is, the government has asked the IOB to evaluate the national and international cybersecurity policy that was pursued between 2015 and 2021. The result is the report ‘Improve the connection’
The authors of the report note that digital attacks that originate from abroad take place on a daily basis. Only part of it is actually publicized. The consequences for citizens, companies and governments, on the other hand, are tangible. The cyberattacks have caused a divide internationally. On the one hand, there are (mostly Western) countries that symbolize a “global open, free and secure internet”. On the other hand, there are countries such as Russia and China that want to restrict free access to the internet and information for citizens.
“All this makes the international cybersecurity policy of the Ministry of Foreign Affairs more urgent,” the researchers say. In their own words, good work has often been done in recent years and many things have been achieved. However, there are also challenges and areas for improvement.
‘Departmental compartmentalisation ensures that policy is not always coherent’
The Ministry of Foreign Affairs is not the only department involved in the implementation of international cybersecurity policy. According to IOB, cooperation between the ministries improved during the evaluation period. Nevertheless, the researchers found several coordination and collaboration problems. For example, the research report states that departments still too often work at cross-purposes, they are not always sufficiently aware of each other’s work, they do not always make sufficient use of the expertise of other departments, and they do not always cooperate sufficiently with each other. “As a result, threats and opportunities are missed, work is inefficient and policy is not always coherent,” the researchers write.
The main cause of this is what is known in The Hague as ‘departmental compartmentalisation’. This means that ministries set their own priorities and often do not take the objectives of other ministries into account when implementing policy. This is because there is no departmental-overarching cyber strategy and the international cyber security policy is not centrally managed.
In order to do something about these problems, the IOB advises the government to investigate how cross-departmental management can help to shape the interests of various ministries. By formulating a cross-department cybersecurity strategy, it is easier to determine the right course. In this way, the cabinet is connecting various policy themes and avoiding conflicting interests.
Clear division of labour should relieve TFC workload
In 2015, the Ministry of Foreign Affairs established the Cyber Taskforce (TFC). According to the researchers, the working group has ensured that our country has achieved a strong international position and has developed important instruments for implementing cybersecurity policy. However, there are things that need improvement. For example, there is no unambiguous up-to-date strategy and policy frameworks are not clearly defined. As a result, it is unclear which tasks do and do not fall within the scope of the FTC. This adds to the task force’s already high workload.
The first recommendation in this area is to develop a new strategy for the international cybersecurity policy of the Ministry of Foreign Affairs, in addition to a transcending cyber strategy. This should provide more clarity about the tasks that fall within the scope of the TFC. The researchers also argue for periodic ‘strategic reflection’. This forces policymakers to think about possible future developments and threats, and how politicians can respond to them. The IOB also recommends reducing the workload at the TFC, for example by assigning responsibility for certain activities or files to other departments.
The last recommendation of the IOB concerns the capacity, means of communication and expertise at the Ministry of Foreign Affairs. According to the researchers, the TFC needs extra manpower. The ministry should also consider ways in which knowledge and expertise about cybersecurity can be obtained and retained. Finally, the IOB recommends investing in secure and well-functioning means of communication for sharing confidential information.
New cabinet must get started with recommendations
In a reaction to the report, outgoing Minister of Foreign Affairs Ben Knapen said that the evaluation offers “good handles for substantive and practical reinforcement of Dutch policy with regard to international cybersecurity policy”. The minister says that the advisory report comes at a good time. “A lot is changing, economically and geopolitically: the world has become more complex and unpredictable, power relations are shifting and new superpowers such as China are gaining influence. That creates new opportunities and threats.” Knapen calls these developments “one of the major security issues of our time”.
There is no lack of urgency to act on the recommendations in the advisory report. Increasing threats such as ransomware, 5G, Internet of Things (IoT), artificial intelligence, smart algorithms and quantum computers offer ‘inexhaustible possibilities, but are also part of a ‘geopolitical struggle’. “Given these developments, the permanent digital threat and the increasing dependence on digital resources, a firm commitment to continuing to strengthen an assertive international cyber policy under a new cabinet will be necessary,” said Minister Knapen.
However, he says that it is up to his successor to make it work. “It will draw on the valuable insights and useful recommendations that the IOB has made.” Minister Knapen promises to keep the House of Representatives informed about the latest developments in the international digital domain.
Catch up on more articles here
Follow us on Twitter here