During the opening day of the Dutch Parliament (Prinsjesdag) the government announced significant investments for the Ministry of Defense to be spend on cybersecurity. These investments consist of tangible resources as well as more strategic initiatives. To mention a few:
- An additional annual budget of €26 million to be invested in cybersecurity. This budget will benefit all organisations involved in cybersecurity such as the AIVD and MIVD. The NSCS will coordinate all activities.
- Off this budget €2.5 million is reserved to set up a Digital Trust Centre to support Dutch companies with cybersecurity issues.
- The National Detection Network will receive €12.9 million annually.
To put these numbers in context let’s take a look at some other countries. For example the UK plans to invest €2.1 billion in cybersecurity over the next 5 years as outlined in its National Cyber Security Strategy. In Israel an amount of €580million (VC money) was invested in cybersecurity startups in 2016, an increase of 23% compared to 2015.
So how much security will €26million buy us? It is difficult to quantify the need for security in euro’s. The economic impact of cyber-crime has been estimated to have risen five-fold between 2013 and 2017. The fact that security risks and potential impact are difficult to assess makes any amount of security investment questionable; how much do you really need to be fully protected against cybercrime? Maybe the question should not be how much is necessary, but how it will be invested.
National Cyber Security Centers
The initiative for a local Digital Trust Centre (Netherlands) is in line with other local initiatives (Cyber Security Innovation Centre UK) and pan-European initiatives for a European Cybersecurity Agency. Clear guidelines, pan-European cybersecurity exercises, a certification framework are just a few of the issues that could be tackled by local and pan-European institutions.
In addition, there is a need to expand existing ecosystems. The UK for example has stated that one of the main areas of attention is to innovate and develop its ecosystem. “The government has a clear leadership role, but we will also foster a wider commercial ecosystem, recognising where industry can innovate faster than us. This includes a drive to get the best young minds into cyber security.”
The Dutch Ministry of Defense (MoD) recently announced FRONT (Future Relevant Operations in Next Generation Technology), an initiative where the MoD will look at partners outside its natural habitat.
Where the MoD used to work with knowledge institutions, defense related companies and other governmental institutions it now also aims for partnerships outside its traditional ecosystem. To achieve this, it will work with innovators and incubators such as Yes!Delft.
During the most recent Future Force Conference, MoD already acknowledged the need to partner with their tag line: “FutureForceConference2017: combining our efforts for a more secure world.”.
One of the key takeaways from the conference was to further develop the defense organisation as a platform for practical innovation for other players in the ecosystem. This will be done by creating easier points of contacts within the organisations, as well as enabling informal relationships and connecting networks.
So strategic innovation goals have been set and the partner ecosystem to execute on it is being built as we speak. Not only is the traditional partner landscape addressed, partners outside the existing ecosystem are also recruited, addressing for example IoT, smart cities, intelligence and simulation technologies.
Startups & Technical Talent
Crucial for technology innovation in the Defense industry remains the ability to attract talented security professionals. Israel leads the way in this respect. Israel has a strong reputation with regard to training and educating young defense professionals to the highest standard. It is no coincidence that many of Israel’s cyber security CEO’s are former members of the Israel Defense Forces. Next to the high level cyber-defense training provided by the IDF, there’s also the Talpiot program. Graduates of the Talpiot program pursue double higher education while serving in the army, and then utilize their expertise to further IDF research and development in technological leadership positions. The program was inaugurated in 1979 (Wikipedia). In Israel, when people leave the army at 21, they are cyber trained at the highest level, resulting in a thriving cybersecurity startup landscape.
In the Netherlands the Defense Cyber Command (part of the Royal Dutch Army) is responsible for the cyber security of the Netherlands. This command is operational as of 2017, but it does not have the elite kind of training that matches the likes of Israel. Startups with military roots are rare if not non-existent in the Netherlands. There are however some interesting cybersecurity start-ups such as RedSocks, Robot Robots Company, Zivver, EclecticIQ, Cybersprint and SecurityMatters that are among the ones that recently received significant funding.
Cybersecurity becomes more relevant once security threats increase. In 2016 Europe had to deal with more than 4000 cyberattacks on a daily basis. 80% of the European companies had to deal with cyber security attacks in 2016. Once the threats increase the perceived need for security prevails.
Talk the Talk
A budget of €26 million is peanuts compared to other countries or to industry standards. Even as a proportion of the overall defense budget it is marginal (< 0.3%). With the communicated initiatives and budgets reserved it seems like the Netherlands talks the talk with respect to Cyber Security. The question is: when will it really walk the walk?