“A sectoral approach is often the only effective option for cyber resilience”
Digitalisation allows us to innovate and stimulates economic growth. At the same time, it increases our dependence on digital systems. When developing new technologies, cybersecurity is often not considered, which leads to risks for the continuity of businesses and our economy. Security Delta (HSD) strengthens the cyber resilience level of the Netherlands on several levels. Innovation Liaison Bert Feskens explains how we do this in practice.
“Within the security cluster HSD, businesses, knowledge institutions and governments collaborate on developing security solutions for our increasingly digitising world. They also share knowledge and expertise”, explains Feskens. “As a cluster, we contribute to the strengthening of the cyber resilience level of the Netherlands in close collaboration with organisations such as Digital Trust Centre, NCSC and Connect2Trust.”
“We advance cyber resilience on three different levels. First, by raising cybersecurity awareness and the cyber resilience level of small and medium enterprises (SMEs), to reduce the risks there. This is especially important because SMEs comprise the largest group of businesses in the Netherlands. Cybersecurity is not exactly at the top of the list of their priorities, even though 1 in 5 entrepreneurs falls victim to cybercrime. This lack of urgency leads to increased risk, which these business owners don’t always realise. Because of this, we share advice and best practices from the security sector with important economic sectors, as well as through our Cyber Kracht platform aimed at businesses in The Hague. When these businesses become more aware of the cybersecurity risk they face, they will pay increased attention to cybersecurity within their organisation and ultimately become more resilient. This sectoral approach is the most effective option, which I will elaborate further on.”
“The second level where we’re focusing our cyber resilience efforts on is with IT professionals, who often still don’t incorporate cybersecurity enough within their daily practice”, Feskens continues. “We for example connect this to our Human Capital programming. Through education and training on cybersecurity, these professionals can better support SMEs with implementing the necessary cybersecurity measures.”
“Thirdly, when awareness for cybersecurity grows, so too will demand for cybersecurity services and products, since SMEs and IT professionals with limited knowledge of cybersecurity won’t be developing their own cybersecurity products and solutions. HSD ensures that the cybersecurity professionals from our HSD-partners can learn from and with each another. This leads to new insights and innovative solutions. The products and services developed within the security sector are crucial to make the Netherlands and the world more secure. That is why we focus on scaling up security solutions developed in the Netherlands both nationally and internationally. We’ve for example set up multi-year economic development programmes to multiple focus countries. With this combination of three levels, we can make a true difference”, Feskens summarises.
Sectoral approach as the solution
“Considering the large number of SMEs, and the limited availability of resources, a sectoral approach seems to be the most effective option to truly raise cyber resilience on a larger scale”, Feskens states. "This approach also allows us to reach the end user of these solutions, which can be challenging without collaboration." Feskens sees scaling as an important opportunity to create societal impact. HSD brings together and connects initiatives to prevent fragmentation and compiles best practices.
“We often see that businesses don’t take into account the cybersecurity vulnerabilities within their supply chains”, Feskens says. “Even if your business has everything under control within your own organisation, there’s always the risk that your suppliers suddenly fall away because of a cyberattack. This way, your business will still get negatively impacted because of a lack of cyber resilience within the supply chain.
"This shows that collaboration and a shared responsibility for cybersecurity in the supply chain are crucial. We want to reach the demand-side of the market by working together with imporant strategic partners, such as InnovationQuarter, Greenport West-Holland, Leiden Bio Science Park, ZIE Hi Delta, and other sectoral organisations. As a best practice, we’ve founded the Cyber Resilience Centre Greenport together with ten key organisations from the horticulture sector, a large economic sector in the Netherlands,” Feskens sums up.
"On a regional level we closely collaborate with the municipality of the Hague, Metropolitan Region Rotterdam the Hague (MRDH), the province of South-Holland, and the Economic Board of South-Holland. On a national level we find opportunities to scale by collaborating with the Digital Trust Center (DTC), NCSC and Connect2Trust. Our collaboration in this is crucial," he concludes.
Cyber Resilience Centre Greenport
The Cyber Resilience Centre Greenport (‘Cyberweerbaarheidscentrum Greenport’) is an initiative that helps companies within the horticulture sector to raise their cyber resilience. This includes an extensive programming of direct support to implement cybersecurity measures, pratical workshops, a helpdesk, an ISAC, a toolbox, an online portal and threat intel. Access to timely and relevant threat intelligence is important to be well prepared against cyber threats. However, to this day, organisations that are not part of the critical infrastructures have limited access to top-level threat intelligence.
Feskens explains how this has been made possible: “Cyber Resilience Centre Greenport works in close collaboration with Connect2Trust, a recognized organisation by the Minisstry of Justice and Security to share this intelligence. The threat information that Connect2Trust shares from, among others, the National Cyber Security Centre and the Dutch Security Reporting Point, has therefore become an integral part of the Cyber Resilience Centre Greenport's services. Through this connection, the horticulture cluster has gained access to threat intel that usually is only available for sectors assigned as critical infrastructures. This is a large step for the sector and shows that, as Cyber Resilience Centre Greenport, we play an important role in reaching solutions at sectoral level”.
“The cyber resilience centre is set up in such a way that the concept can be used for other sectors besides the horticulture sector”, Feskens explains. “In time, our goal is to help set up cyber resilience centres for other sectors as well. We’ve made a template for all the individual parts, which means that a large part of the preparation work won’t have to be done again. This year we will be looking at a first application of this concept in the Life Sciences & Health sector and the manufacturing sector.”
Cyber Kracht: Cybersecurity for small businesses in the Hague
“A sectoral approach would be effective in many cases, but, with that, a large part of SMEs outside of these sectors obviously still wouldn’t be reached”, Feskens says. “That is why we launched Cyber Kracht. This is a platform for entrepreneurs in the Hague that want to increase the cybersecurity of their businesses, but don’t have a large budget to do so or simply don’t know where to start. For most SMEs, cybersecurity is far from a primary process, which makes it difficult to reach this group. They also don’t tend to look for information themselves because they see the subject as intimidating. Also, they believe that they won’t fall victim because they’re not of interest to cyber criminals.”
Cyber Kracht is a platform where practical tips and tools for digital security are shared in the form of short videos. With this, entrepreneurs are encouraged to implement the basic measures to protect themselves against cybercrime and to act in case they are hit by a cyberattack. Cyber Kracht’s goal is also to make sure that this information reaches the target audience, Feskens explains. “We proactively approach business owners ourselves, for example by taking part in business events and SME meetings in collaboration with the police or a victim of cybercrime that wants to tell their story.”