Dutch companies must prepare better for attacks from Russia, China

Dutch companies are not yet sufficiently prepared for cyber or hybrid attacks from countries like Russia and China, intelligence experts told NOS on Monday. Waterworks, airports, and telephone traffic are all interesting targets in the Netherlands, and these suppliers don’t always realize how vulnerable they are.

“Cyber and hybrid threats are commonplace in the Netherlands,” Rob Bayer, who was NATO’s highest-ranking military officer until January of this year and now works as a security advisor at Deloitte, told the broadcaster.

Recent examples include the hack that exposed private police data last year and the drones spotted over several European airports a few weeks ago. “That’s not necessarily the cusp of a major conflict, but it’s a real test,” Bauer said. “The goal of these drone operations could be to frighten people and sow division, for example, to reduce European support for Ukraine.”

Bauer called it important to raise awareness of security and resilience among companies. “You notice that they’re still very much focused on shareholders and much less on preparing for a potential conflict.”

Several experts agree that there is still significant progress to be made in securing our vital processes and companies. “We're suffering from an affluence disease in the Netherlands. We think things will turn out fine, but we don't realize that things are really different now,” said Eric Schouten, who used to liaise with the business community for the intelligence service AIVD regarding threats from Russia and China.

And the risks don’t solely lie with the vital companies, said Willemijn Aerdts, an expert at Leiden University in the field of intelligence services. “You see that vital companies like NS or ASML already know exactly what they’re doing. In that case, malicious actors also look at the suppliers of those companies,” she said. “It could be a company that supplies raw materials, but also a caterer. That sounds like a strange example, but it could be the route in an attack.”

Schouten agrees with that. Companies that don’t consider themselves “vital” are less concerned with their resilience, he told the broadcaster. “Many defense suppliers, for example, primarily manufacture their products for other sectors. These companies still have a lot of naivete about security.”

In Warsaw, Poland, parliamentarians from the NATO states will discuss these threats on Monday. Security advisor Bauer doubts whether they will come up with concrete solutions. These attacks can never be prevented completely, he said. “It's difficult to properly protect yourself against hybrid attacks. You can't prevent a ship from entering the North Sea, for example. At best, you can become faster or better at detecting them and, if necessary, attacking them,” he told the broadcaster.