The Dutch Critical Infrastructure under NIS2 Directive: A Cybersecurity Risk-management Approach.
Summary
Digitalisation is currently a hot topic in the EU and the Netherlands specifically, as EU- level NIS and NIS2 Directives have arisen to achieve a high level of cybersecurity. However, these directives and the speed at which they must be met are a double-edged sword. Though it allows for better connections and eases in monitoring the daily online activity of Member States that share a common interest in cybersecurity, the regulations are rather slow to adapt to the quickly changing nature of ICT systems. Further, every Member State has different levels of digitalisation and different resources at its disposal to reach and maintain a high common level of digitalisation.
To ensure the uninterrupted provision of vital services such as transportation and digital infrastructure, it is imperative that the critical infrastructure of EU Member States is prepared to confront cyber-attacks, system vulnerabilities, and risks in the digital domain. The implementation of a robust and actively enforced risk-management framework plays a crucial role in this regard. When essential processes like electricity or water supply, management of shipping traffic, or payment transactions become targets, society can be brought to a standstill for an unknown period of time.
In light of this, the EU legislative framework tries to be updated to present times after different digital proposals such as NIS (1&2), CER, CRA, or DORA, but there is often a misunderstanding of what these laws mean in practice and what extent national entities are responsible for implementing them.
This research work explores the extent to which cybersecurity risk-management measures in light of the NIS2 Directive are effectively monitored, developed, and practiced by Dutch governmental entities, as well as private organisations’ effect on the public enforcement of the measures, and the extent to which these measures are complied with in practice. Lastly, this research work comes up with policy recommendations to address the challenges encountered in practice.