Netherlands not prepared for large scale cyber attacks

The Netherlands is not well prepared for large-scale cyber attacks, the scientific council for government policy WRR said in a report on Monday. This applies to the Dutch government, but also companies and society as a whole, according to the council, reports.

At the moment there is too much "improvisation and gambling" in dealing with cyber attacks themselves and the consequences they entail, according to WRR. "With the increasing interaction between physical and digital, our economy, national security, and normal social life are endangered in unforeseen ways. There can be huge damage and real casualties", the council said. 

Over the past years, the Netherlands did a lot to prevent attacks, but attacks can never be ruled out completely, the WRR said. And not enough thought is given to what can be done to limit the damage of a large-scale attack. "The preparation for a digital disruption hardly gets any attention."

One major problem is that governments, organizations and companies have no clear picture of the parties they are dependent on. The 112 outage earlier this year is a clear example of that, a WRR spokesperson said to newspaper AD. "It illustrates the enormous interdependence, in this case between provider KPN, software companies that deliver to KPN and the emergency number, but it also shows how poorly prepared we were." The outage left emergency number 112 unavailable for hours. 

According to the WRR, it is vital that networks and suppliers are properly mapped. The council also calls for the establishment of a damages fund for victims of cyber attacks, because insurers often do not cover such attacks. 

The WRR is not the first institution to warn that the Netherlands is not taking cyber security seriously enough. This year alone the police, the national coordinator for counter-terrorism NCTV, the Court of Audit, and general intelligence service AIVD raised similar concerns.