This year, the government published the Dutch Cybersecurity strategy 2022-2028. According to the Dutch Government Cyber Security Centrum, this strategy was drafted “with the help of public, private, and social organisations”. However, according to Bernold Nieuwesteeg, director of the Centre for the Law and Economics of Cybersecurity of Erasmus School of Law, and Parliament Member Marieke Koekkoek, this lacks a critical group: civilians. According to them, that is a shame because civilians also increasingly face cyber risks and cybercrime. Nieuwesteeg and Koekkoek argue this in an opinion piece in het Financieele Dagblad (FD).
Cybersecurity is not just an increasingly important topic in business but also for civilians. “Civilians are often victims of new cyberattacks, like ransomware and WhatsApp fraud. One can think of scammers that extort money through WhatsApp, or peepers that hack webcams of clueless users that are getting dressed and then sell the images”, explain Nieuwesteeg and Koekkoek.
The new Cybersecurity Strategy is supposed to improve overall cybersecurity in the Netherlands. Still, Koekkoek and Nieuwesteeg doubt the effectiveness of a strategy that does not include the voices of civilians or civilian interest groups: “how good can the answer be when civilians are not involved?”
“Is the money for cybersecurity well-spend? Is it preferable that foreign companies secure our national secrets? Only civilians can critically question this intimate collaboration between companies and the government. However, citizens are not currently involved”, state Nieuwesteeg and Koekkoek. According to the two, creating a civilian interest group – like those that already exist for privacy and other subjects – could be a solution.
Articulate and informed
According to Nieuwesteeg and Koekkoek, policymakers are not too eager to listen to civilians about this theme: “policymakers will claim that the theme cybersecurity is way too complex to involve the average joe. That assumption is wrong because civilians are increasingly articulate and better informed. More technologically conscious civilians are a great asset for digital surveillance thanks to their views and independent perspectives. (…) Civilians can also have a say in the price they want to pay for digital security. In terms of tax money, but also in terms of restriction of freedom.”
Civilians can also shed light on other relevant aspects that might not be as apparent for companies, conclude Koekkoek and Nieuwesteeg: “also less technologically conscious civilians can contribute. By sharing what problems they face. For example, about a hack's psychological and emotional consequences and how to handle that. The government should ditch the presumption that civilians can not and will not contribute ideas about complex topics.”