In 2012, Netherlands Will Establish Mandatory Breach Notification for Vital Sectors

On July 6th the Dutch government stated that legislation will be established later this year that will require organizations in the following six vital sectors to notify the Dutch government about security breaches:

  • electricity
  • gas
  • telecom
  • transport (Schiphol airport, mainports Rotterdam)
  • drinking water
  • surface water management

The requirement will also apply to the financial sector and to the government itself. It is stated that the impact of disruption of service is large in each of these sectors, and that cascade-effects to other sectors can easily occur, making large-scale societal disruption a real risk.

The security breach notification requirement will be tuned to legislation and regulations at national and European levels. Helping prevent societal disruption will the primary concern. The National Cyber Security Center (NCSC) will offer help and advice to the organization or to the sector, intending to end the breach and limit effects of the breach that could also occur elsewhere. In case the crisis structure is scaled up,  the NCSC can account for operational response within that structure. By publishing security advisories, the impact at third parties can be limited.

In order to act quickly and prevent possible societal disruption, the government seeks public-private partnership. In case of a threat of societal disruption, the government must be able to intervene. Therefore, the government gets increasing sectoral intervention possibilities at its disposal. This includes the authority to obtain information, the authority of administrative enforcement of designations and the authority to appoint an officer on behalf of the government.

With this legislation, the Dutch cabinet implements the motion Hennis-Plasschaert  (VVD party) that emerged in the aftermath of the DigiNotar incident and asks for mandatory security breach notification for organizations involved in vital information systems.

Sources:

Leave a Reply

Your email address will not be published. Required fields are marked *