Defence Cyber Strategy

1. Getting cyber professionals interested, getting them on board and further developing their skills

To be successful in the digital age, the Defence organisation needs people with in-depth knowledge. To be an attractive employer for these cyber professionals, the organisation has a flexible attitude regarding personnel policy and salary scales. By promoting the development of career patterns and the exchange of personnel between different elements within the organisation, the Defence organisation also wants a stronger focus on cyber as a field of expertise throughout the whole organisation. This requires cooperation with external parties such as universities and the commercial sector.

2. Effective innovation and acquisition

To keep up with the fast-paced developments in digital technology, the Defence organisation will change its procedures wherever required. The armed forces must be capable of rapidly developing cyber assets to answer the need for operational requirements that can be either defensive or offensive. In addition, the Defence organisation is implementing faster and easier procedures for acquisition and innovation.

3. Joining forces and working together

Cyber knowledge, assets, personnel and capabilities are bundled wherever possible. Cooperation with national and international partners is also important:

• Within the Defence organisation – joining the efforts of the organisational elements leads to an effective use of scarce assets and expertise.
• With other government bodies – to strengthen national digital resilience, the Defence organisation structurally cooperates and practices with organisations such as the National Cyber Security Centre (NCSC). The Royal Netherlands Marechaussee works closely together with the Ministry of Justice and Security and the Public Prosecution Service. This includes testing whether the use of cyber assets during military operations is permitted.
• With the commercial sector – joint research programmes, the development of capabilities and cooperation in education and training are key.
• With international partners – NATO can support the Netherlands in preparing security standards for Member States, in promoting a better exchange of information and knowledge and in making sure that countries can better operate together.

4. Knowledge and cyber awareness: broadening and widening

Education and training ensure cyber knowledge is embedded in all layers of the organisation, that also developed a digital course to make Defence personnel aware of the opportunities and dangers of the digital world. The Defence organisation invests in the education of all personnel in the areas of IT and Communications and Information Systems. This ensures that it can detect cyber attacks and incorporate protective measures even faster.

Further strengthening of digital assets

5. Strengthening digital resilience

The Defence organisation will set up a Security Operations Centre. This centre monitors and protects all Defence networks, IT services and systems in the Netherlands and areas of operations. The Defence organisation will also give priority to the development of assets that facilitate the exchange of highly classified information. The General Security Requirements for Defence Contracts will be updated. These describe how external service providers must deal with classified information from the Defence organisation.

6. Strengthening digital intelligence

To obtain and retain sufficient freedom of movement in the digital domain, modernisation of the 2002 Intelligence and Security Services Act is required. Access to telecommunications is a condition for identifying cyber attacks at an early stage. The Defence organisation aims to strengthen the Joint Sigint Cyber Unit (JSCU), the joint cyber unit that was established in 2014 by the Defence Intelligence & Security Service and the General Intelligence & Security Service.

7. Strengthening cyber assets during missions

To enable the use of digital assets in military operations, in the coming period the Defence organisation will specifically focus on:

• the further development of a Defence Cyber Doctrine;
• developing offensive cyber assets and preparing guidelines for the preparation of cyber units and assets with a flexible design;
• setting up defensive digital assets during missions;
• developing cyber assets and cyber intelligence assets for tactical use;
• integrating cyber aspects in the operational decision-making process, before and after operations.

The Defence Cyber Strategy was updated in February 2015. The previous version was published in 2012.