The government is working on a bill to improve cybersecurity in the Netherlands. It may also apply to higher education institutions. This would make education administrators co-responsible for the resilience of their institutions.
Server park. (Photo: Imgix via Unsplash)
“Today it’s Eindhoven University of Technology that’s affected, but tomorrow it will be our energy supply or our operating rooms”, said Barbara Kathmann (GroenLinks-PvdA) during question time in the House of Representatives on Tuesday.
Kathmann wants all vital sectors (such as ports, hospitals and education institutions) to make a 48-hour plan to quickly get their ICT systems up and running again or to continue on an ‘analogue’ basis otherwise.
State Secretary of Justice Teun Struycken (NSC) answered her questions. A bill will be sent to the House of Representatives to enhance cyber resilience. It will become mandatory for the health care and public sectors, but also other sectors like the food industry, to take security measures. Those measures will also cover the response in the first 48 hours, he expected.
Cutbacks
That law may also apply to higher education institutions. Kathmann saw this coming and she also knew that more money has been earmarked for cybersecurity. But if the government is making drastic cutbacks at higher education institutions at the same time, how will this impact their cybersecurity?
Cybersecurity is a key priority, Struycken responded, not an afterthought. “This prioritisation will have to be reflected in the deployment of people and resources.” In other words, institutions also need to have their security affairs in order on a tight budget.
Others also got involved in the debate. That new law is to make higher education more resilient, but does the government know how things currently stand when it comes to the ‘cyber resilience’ of higher education as a whole, Jesse Six Dijkstra (NSC) wondered. Struycken didn’t know. Stock is currently being taken of this, he said, for one thing to determine whether or not the law will apply to education.
Co-responsible
Don Ceder (ChristenUnie) wanted to know more about supervision of cybersecurity. He referred to the headline-making attack on Maastricht University five years ago. How do we know if Eindhoven learnt anything from this?
The investigation in Eindhoven is ongoing , Struycken responded, so it’s not clear what the matter is exactly. This investigation will surely reveal if anyone dropped the ball.
The new law will make administrators co-responsible for the security measures, he added. So this may also apply to administrators at higher education institutions. “This means they’ll have to take a course to adequately carry out the supervision.”
HOP, Bas Belleman
Translation: Taalcentrum-VU

Do you have a question or comment about this article?
redactie@hogeronderwijspersbureau.nl
Comments are closed.