Video interview about the CSR Advisory document ‘Digital Autonomy and Cybersecurity in the Netherlands'

Video interview with CSR councilors Lokke Moerel and Gerrit van der Burg about the CSR Advice 'Dutch Digital Autonomy and Cybersecurity'.

I'm Lokke Moerel, professor of Global ICT
law in Tilburg.
I'm an attorney with international law firm
Morrison & Foerster,
and I'm a Cyber Security Council
member representing the sciences.
I'm Gerrit van der Burg,
Chair of the Board of Public Prosecutors.
I'm a member of the Cyber Security Council
representing the public sector.
The Netherlands is one of the world’s most
digital countries.
That was very clear during the Covid-19 pandemic,
we all switched to working from home in no time.
And I think everyone can agree that it’s
created new dependencies and vulnerabilities.
And the CSC's advice is focused on the fact that
our digital dependencies have grown so much…
that our national digital
sovereignty is in jeopardy.
But for us, the real question is how,
in the digital world, can the Netherlands…
maintain control of essential ecosystems
and democratic processes.
Of course digital infrastructure is key,
for our economy, for us as citizens,
and even for the democratic
legal system.
That's why our digital infrastructure has
to be protected, we have to maintain control of it.
And have autonomy around the
safety of our digital infrastructure.
A few examples. If we don't keep innovating
our critical technologies,
it will continue to endanger
our sovereignty.
Take artificial intelligence. AI facilitates
cyber attacks.
Criminals can use AI to automatically identify
and exploit online vulnerabilities.
But AI also allows us to automatically trace
and repair vulnerabilities.
An example within our democratic process
is the election process.
If the state doesn't have control of it because
the election process has been infiltrated…
and manipulated by foreign powers,
that puts our digital sovereignty in jeopardy.
Professionally, as a public prosecutor,autonomy is crucial.
We have to act independentlyin cases.
That means that when it comes to dependencies,
dependencies on organisations and companies…
put the professionalism of\Nour occupation at risk.
We need protection.
The same issue comes up when it comes to
the control that countries can and must have…
over digital infrastructure.
So they're very comparable, and Public
Prosecutors experience that every day,
particularly when it comes
to online criminal activity.
A specific example from my work is that when
governmental institutions switch to the cloud,
they are very concerned with
transfer regulations under GDPR.
But we've seen that the issue is
much broader than access to data.
It's really about our
entire economic ecosystem.
One example is that you need a ton of
processing power for AI data analysis.
Which means you need the cloud.
So the cloud infrastructure is essential
to innovation and future earning potential.
Keeping control of that is a vital
part of our digital autonomy.
We're issuing these recommendations because...
digital sovereignty isn't
being sufficiently addressed…
on the political agenda
in the Netherlands.
We approach cyber security primarily
from the technical, reactive perspective,
and not from the perspective
of strategic autonomy.
Europe is at the forefront here. Europe feels the
pressure of what we call tech colonialism,
and regaining our digital sovereignty
has become a core ambition within Europe.
With our recommendations, the Council
hopes to make this a top priority.
The safety of our digital infrastructure has
to reach the boardroom.
It has to be the first question asked
around innovation developments.
It has to be part of legislation that can set
standards for things like party dependence.
We have to focus on cloud protection.
Essentially, we have to focus on
protecting our vital elements.
A better understanding that cyber security
isn't just about securing IT systems,
you have to see cyber security from
a broader perspective,
digital sovereignty.
And that doesn't mean we have to
do everything ourselves.
As a country, we can't, and that's
certainly not what we want.
As a country, we have to know what our
current and future critical technologies are,
what kind of infrastructure does it require,
and where are our unilateral dependencies?
And which elements are we
going to concentrate on?
The ones that complement what we're
doing well, fit into our major industries,
and above all, align with the Europeaninnovation agenda,
where we can take advantageof EU financing.
So our goal is to motivate the government to create a proactive national strategy…
for digital autonomy.
The Council has identified several priorities.
First of all, the cloud.
The cloud has to be secure.
We need to have control of it, so we need standards...
to be able to actually maintain
that control and security.
The second key point\Nis our digital communication.
Security needs to be continuously
optimised here, too.
And third, the cryptology issue. How are we
going to apply encryption in the future?
How can we continue to encrypt safely
while keeping others out.
Those are important key points.
And the Cyber Security Council
has developed a system of standards…
to develop behavioural standards that
give directors and leaders the opportunity…
to check whether innovations in development
meet and can continue to meet safety standards.