With new legislation, the European Commission and the Netherlands aim to increase the digital resilience of European businesses and consumers. Earlier this year, for instance, the Network & Information Systems Directive (NIS2) already came into force across the EU and hard work is being done on the new Cyber Resilience Act (CRA). But what do these European directives mean for member states' cybersecurity? At the two-day international cybersecurity conference ONE Conference in The Hague, several leading speakers will discuss the new legislation in detail.
Cybersecurity is one of the most relevant topics on the global agenda. Now and in the future. At the ONE Conference, we will take an in-depth look at the most important developments. What is going on now, what can we expect in the coming years and perhaps the most important question: how can we arm ourselves and make ourselves resilient against cyber threats, from criminal or state actors? During the ONE Conference, some 1,500 cybersecurity professionals from around the world will gather to enrich their knowledge, exchange experiences and establish new collaborative relationships. One of the topics discussed extensively at this year's ONE is new cybersecurity legislation.
For instance, on 16 January 2023, the new EU directive NIS2 officially entered into force. This means that EU member states have until October 2024 to transpose this successor to the first NIS - Network & Information Systems Directive - into national legislation. What exactly NIS2 means for member states like the Netherlands and why the law is so important is explained by Lorena Boix-Alonso in her keynote speech at ONE. As director of Digital Society, Trust and Cybersecurity for the European Commission, she is closely involved in the development and implementation of the European cybersecurity law.
No room for non-commitment
"The NIS2 requires member states to more firmly enshrine in law the roles and responsibilities of organisations and companies around cybersecurity and to monitor compliance," Boix-Alonso said. She argues that the NIS2 is crucial to achieving a digitally resilient Europe. "The landscape of cyber threats is evolving rapidly in today's geopolitical environment. With the NIS2, the EU aims to build a robust European cybersecurity policy framework. It obliges European member states, companies and organisations to raise the level of their cybersecurity. There is no more room for non-commitment in the cyber domain; the potential consequences of a cyber attack are too serious for that. That means work to be done," Boix-Alonso argues. "All member states really need to get to work to ensure that they transpose NIS2 into their national laws and regulations quickly."
Pooling knowledge and skills
Minister Dilan Yeşilgöz-Zegerius (Justice and Security): "Cyber criminals and hostile states are becoming increasingly clever and effective in stealing money and information digitally or sabotaging organisations and processes that are important to our society. That threat will not diminish any time soon now that there is war on the EU's eastern borders. In the run-up to the NIS2, we are tackling all measures, which can strengthen our digital security. Therefore, we need to combine our knowledge and expertise from DTC, CSIRT-DSP and NCSC to ensure that we stay one step ahead of these malicious actors. The revamped organisation will be founded on the strengths of the current organisations. This will enable the new national cyber authority to provide appropriate information and knowledge to all organisations in the Netherlands, large or small, public or private, vital or non-vital, and provide assistance in the event of incidents. I am therefore pleased that the organisations are already working together as much as possible so that we can already better defend against cyber attacks even now."
Minister Micky Adriaansens (Economic Affairs and Climate) stressed that due to the increased and increasingly complex cyber threats, this integration of NCSC and DTC is crucial. "The importance of digital resilience for our society and economy is increasing all the time. For example, if the internet fails due to a cyber-attack, this leaves shops empty or even industrial production down. Digital devices and systems offer economic opportunities and consumer convenience, but also make us vulnerable. We therefore increase the legal cyber requirements on devices and services themselves. But also invest in knowledge sharing and expertise in large-scale incidents. That works best with a single government desk where organisations and businesses can get support."
More European cybersecurity legislation
NIS2 is not the only new European cybersecurity law that countries and companies will have to deal with. For instance, Europe is also working on the Cyber Resilience Act (CRA). This law requires manufacturers to provide all hardware and software products they market in Europe with adequate cyber security. "The CRA should ensure that companies take the security of products with digital elements seriously and develop products with fewer cyber vulnerabilities," said entrepreneur and software developer Bert Hubert. Hubert will discuss the CRA in detail at ONE, as well as other new European legislation such as the EU Digital Operational Resilience Act and Cyber Solidarity Act.
Organisation ONE Conference
The ONE Conference at the World Forum in The Hague is organised by the Ministry of Economic Affairs and Climate (EZK), the National Cyber Security Centre (NCSC), part of the Ministry of Justice and Security, and the municipality of The Hague. With the ONE Conference, they aim to encourage and facilitate cooperation and knowledge sharing in the field of cybersecurity.
Saskia Bruines, alderman of the municipality of The Hague: "Especially for The Hague as one of the four major cities in our country, as seat of government and as city of peace and justice, digital security is a major and growing theme. It is not for nothing that the ONE conference is taking place here. We are proud to facilitate this important exchange on digital security in our city once again. The NIS2 directive makes an important contribution to the digital resilience and cyber security of government organisations and businesses. And that is much needed, especially given the sharp increase in cyber attacks."
More information about the ONE Conference can be found on the website www.one-conference.nl