Go to content

Cyber crisis drills boost the Netherlands’ resilience

News item | 23-08-2024 | 16:00

The Cabinet has approved Justice and Security Minister Van Weel’s proposal to send the ISIDOOR IV evaluation report to the House of Representatives. In this report, the COT (Institute for Security and Crisis Management) shares findings and recommendations from the fourth edition of ISIDOOR, a nationwide cyber drill that the National Cyber Security Centre (NCSC) and the National Coordinator for Counterterrorism and Security (NCTV) organised last November. ISIDOOR brings together public and private organisations to rehearse their response to a cyber attack. The fourth edition saw 120 organisations and over 3,000 individuals take part.

Findings and recommendations

The COT noted clear improvements compared to previous ISIDOOR drills. While ISIDOOR III highlighted ‘delayed information sharing’ as a stumbling block, ISIDOOR IV saw affected parties exchanging information clearly and directly. Of course, recommendations were also made, including:

  1. As escalation to the national crisis structure is still new and unfamiliar for some participants, questions about how national escalation affects roles and responsibilities need to be addressed.
  2. Due to a wide disparity in organisational cyber crisis preparedness, lagging organisations should prioritise their own preparation for the sake of national resilience.
  3. Awareness needs to be raised of the criteria and incident reporting procedure under the Security of Network and Information Systems Act (Wbni).

Minister van Weel, Justice and Security: ‘Practising and learning how to handle cyber crises together strengthens our nation’s resilience. We’ll apply ISIDOOR’s lessons in practice and future drills. It’s crucial for all businesses and organisations to be prepared for cyber and other crises. Don’t delay in making your organisation resilient – start today!’

About ISIDOOR

During ISIDOOR, there are drills of the arrangements, structures and processes outlined in the National Digital Crisis Plan (LCP-Digital). The NCSC plays an operational coordination role in this regard. Participants are organisations that have a role during or are involved in a digital crisis, whether occurring or imminent. The focus is on practising information exchange, national escalation procedures, and enhancing cooperation between vital and central government bodies. These joint drills help all involved parties to better understand each other, clarify roles and responsibilities, and ultimately improve cooperation. Participating organisations also conduct drills of their own crisis structures.