Campus
Cybersecurity Act

Free coffee and a fun phishing quiz: TU launches cybersecurity campaign

TU Delft is running a campaign this week to raise awareness among staff and students about cybersecurity and to draw attention to its newly revamped website on the topic.

The stands will be located in Freezone B and E from Tuesday 16 June to Thursday 18 June, between 10:00 and 16:00 (Photo: Annebelle de Bruijn)

A brightly coloured square pillar at the entrance to the Library catches the eye of many passers-by. “Innovation moves fast. So do hackers,” reads one green side in white lettering. Another side features a computer screen where TU staff and students can take a quiz about phishing emails. On the screen appears an email containing a parking ticket for the campus: real or fake? With a firm press of the large yes or no buttons, participants can give their answer.

The pillar has been placed at the Library today to make staff and students more aware of the importance of cybersecurity and to promote TU Delft’s updated cybersecurity website. Free coffee and pens serve the same purpose. “The website went live this month,” explains TU staff member Merel Smits, awareness and communications consultant in the cybersecurity team. “It is now easier to find and it includes tips, such as how to store your data securely.”

Free coffee

Another pillar with a quiz and free coffee can also be found at Freezone B. Several TU staff members are present at the Library stand today to answer questions. One of them is Huib van der Zon. As a member of the cybersecurity team, his usual role is to advise staff from the faculties of Civil Engineering and Geosciences, Industrial Design Engineering, and Architecture and the Built Environment on cybersecurity.
“For example, they come to me with questions about servers or password managers.”

Huib van der Zon (in a purple shirt, centre of the photo) informs TU staff and students. (Photo: Merel Smits)

The timing of the TU campaign, which runs until Thursday 18 June, could not have been better. This month, the Cybersecurity Act (CBW), adopted in April, has been published online for public consultation. The CBW is the national implementation of a European directive, and the Dutch government aims to gain greater control over cybersecurity across the country.

For universities and universities of applied sciences, an important question beforehand was: how strict will this law be for higher education? Institutions had expressed concerns in advance, fearing that the proposed legislation might have unintended negative effects.

‘Important’ or ‘essential’

In practice, the situation appears less severe. The law distinguishes between ‘important’ and ‘essential’ entities to determine how strict supervision will be. For example, water companies are designated as essential entities and fall under a stricter regime. Publicly funded universities and universities of applied sciences are classified as ‘important’ entities, meaning they fall under a lighter supervisory regime.

TU staff member Merel Smits (in a red shirt) organised the cyber-awareness campaign. (Photo: Merel Smits)

According to the explanatory notes, supervision will take place only after the fact. This is considered sufficient, as educational institutions have already significantly strengthened their cyber resilience in recent years, following agreements with the Ministry of Education.

This situation is reminiscent of proposed legislation concerning the screening of Master’s students and researchers in ‘sensitive’ fields, which Minister Rianne Letschert postponed once again last week. The minister praised educational institutions for their existing efforts, stating that a broad screening would therefore not be proportionate.

‘Sensible’

Last week, universities described the minister’s decision as a “sensible reorientation”. They welcomed the emphasis on their own responsibility in matters of knowledge security. They also expressed appreciation for the additional funding allocated by the minister for knowledge security and cyber resilience (€80 million over the next five years).

The Inspectorate of Education will be responsible for supervision. This adds to its existing duties, such as financial oversight and monitoring social safety.

Educational institutions will also have a duty to report incidents. It is estimated that there will be around two incidents per institution, amounting to more than one hundred per year. The costs of this reporting obligation are expected to total approximately one million euros nationwide, according to government estimates.

Delta, Annebelle de Bruijn / HOP, Bas Belleman

Editor Redactie

Do you have a question or comment about this article?

[email protected]

Comments are closed.