In their report “Preparation for digital disruption”, the WRR states that preparation for digital disruption needs to become part of the security policies aimed at the continuation of societal processes. Cybersecurity alone, however important, is not enough. Resilience to digital disruption requires action from all actors and stakeholders in a network or chain.
Digital disruption, whether caused by cyberattacks such as WannaCry or NotPetya or other factors such as human factors or broken servers, increasingly impact vital infrastructures in our society. Additionally, they bring high economic and societal cost with them which can run into hundreds of millions of euros, and as digitization develops a growing risk of potential damage or victims. Lastly, attacks on critical infrastructures are used in geopolitical conflicts, with a blurring concept of borders and growing influences on processes and strategic positions of other countries. In order to better prepare for these increasing threats, the WRR suggests the following:
- Create a clearly outlined lawful authority for digital crisis/emergency response teams;
- Establish a Cyberdependency overview, which clarifies which parties, processes and services are crucial for the vital processes that our society depends on;
- More attention to be directed at chains and networks that support vital processes, and whether digitization of these processes call for a change in prioritizing;
- Stimulate research into the feasibility of a Dutch or European cyberpool for insurance of damage caused by digital disruption;
- Use national and international incidentdata to learn from previous cases and improve prevention for future disruptions.
In several studies, activities and programmes the above mentioned (digital) resilience is or should be an important element. The Smart Secure Resilient Cities programme for example suggests topics like data ownership, cybersecurity, public-private partnerships and chain-dependencies in projects to improve resilience in Smart Cities. The Smart Society Declaration signed in 2019 aims at multi-party cooperation and innovation to help develop the Dutch 'smart society'. The DRIVER+ programme stimulates the uptake of innovative solutions by practitioners to improve Europe’s resilience to crises and disasters. The recently published CBS Cybersecurity Monitor 2019 notes an increase in companies taking several technical measures to protect themselves against cyber-attacks and looks at behaviour of individuals at the same time. However, there is no measure yet for chain dependencies and propagation effects. Turning to the importance of cooperation between chains and networks, the e-book Social Innovation Techniques explained in 2017 how different chains and networks can work together to improve security.
The official release can be found on the WRR-website.