Intelligent CIO Europe Issue 56 | Page 53

COUNTRY FOCUS : NETHERLANDS need to take the next step towards raising the level of cybersecurity in the EU , to prevent that cyber incidents disrupt our society .”
Minister Micky Adriaansens of Economic Affairs and Climate Policy , also commented : “ We should remain alert to the risks of cyberattacks , which can have huge consequences , such as empty shelves in shops or production stoppages at industrial plants . It is the responsibility of businesses and consumers to take cybersecurity precautions . That having been said , this legislation will enable us to take a step forward in raising the level of cybersecurity among medium-sized and large entities in key sectors .”
Improving cybersecurity in supply chains and handling of incidents
Under the current Network and Information Security Directive , the Dutch government has already identified providers of essential services ( such as banks , drinking water suppliers and energy suppliers ) and digital service providers that must adopt cybersecurity measures and report serious cyber incidents . This is also supervised . The National Cyber Security Centre ( NCSC ), part of the Ministry of Justice and Security , offers support and advice to the providers of essential services , while the Computer Security Incident Response Team ( CSIRT-DSP ), part of the Ministry of Economic Affairs and Climate Policy , offers this to the relevant digital service providers .
The number of sectors covered by this legislation will be significantly increased from mid-2024 . Under the new NIS2 Directive , service providers will be classified into two categories : essential service providers and important service providers . The essential service providers , mainly consisting of entities operating in key sectors in the Netherlands , will be proactively supervised . The important service providers will be subject to a reactive supervisory regime , whereby supervision is triggered by indications of an incident . The latter are mostly medium-sized and large entities where a potential disruption of services would not have serious societal or economic consequences . In addition to the reporting obligation , all service providers in scope of the NIS2 Directive will be required to take security measures as part of their duty of care . This concerns , among other things , taking steps to increase the security of their supply chain and to ensure proper handling of cyber incidents . p
www . intelligentcio . com INTELLIGENTCIO EUROPE 53