The processes and services that together make up the critical infrastructure form the foundation on which Dutch society operates. Examples include electricity, internet access, drinking water, and payment systems. The failure, disruption, or manipulation of these processes and services can have major consequences for the functioning of both the Dutch and European economies and societies. In extreme cases, such disruptions can even pose a threat to national security. That is why governments, organisations, and intelligence and security services work continuously together to protect our critical infrastructure.
(An animation.)
VOICE-OVER: The critical infrastructure is essential for the functioning of our society. We depend on it more and more. Because an insignificant incident can have significant repercussions and disrupt the country. What can we do to prevent this? Or at least minimise the impact. Let us start with the cause. A group of extremists hack into the electricity network control system. They deactivate several switching stations, which knocks out the power supply. Triggering a power outage that spreads to large parts of the country, with disastrous consequences. Payment traffic almost breaks down completely, so that companies can't operate and lose a great deal of business. Most of the mobile network is down. In higher buildings the water supply is disrupted. Transportation is disrupted, leaving many travellers stranded. Hospitals can temporarily fall back on emergency generators. But other health facilities don't have them. Chemical plants gradually shut down to prevent environmental disasters. Within six hours, power returns to the first critical processes, but it takes two days for the entire country to be back up and running. The economy has suffered enormous consequences. People have died, and hundreds are seriously injured. This situation is all too real. And such a disruption could also be caused by flooding or extreme weather. Many critical processes and other areas of society depend on electricity. But also the failure of our satellite communications, aviation, shipping, gas or water supply could have far-reaching consequences. More than ever processes, companies and organisations are tied to each other and our society. That's why we are constantly monitoring what our society needs to function properly, so we know what is critical, what can happen and what we can do in the case of a disruption. Together, we work on a more resilient system. Will you join us?
(The Dutch coat of arms next to the text: National Coordinator for Security and Counterterrorism. Ministry of Security and Justice. The screen turns orange and white. On-screen text: A production by the Government of the Netherlands.)
Protecting critical processes
It is crucial to protect critical infrastructure against all types of threats. This task is becoming increasingly complex due to a changing and diverse threat landscape. Examples include terrorist attacks or cyberattacks, but also natural disasters, espionage, or foreign takeovers of Dutch critical providers.
In addition, the potential impact of threats is growing because critical processes are becoming more interconnected. A disruption in one critical process can quickly have major effects on other critical processes, on an entire sector, or even on national security. For instance, in the event of flooding, the failure of the power supply could impact parts of the internet, hospitals, and households.
The interconnectedness of critical infrastructure offers great advantages, such as opportunities for cooperation and information sharing. However, the interdependence of critical processes can also carry risks. That is why it is important to keep strengthening the resilience of the critical infrastructure as a whole. In doing so, we can turn our interconnectedness into a strength.
The assessment of whether a process or service is considered critical is made by the responsible ministry (policy department). This involves analysing whether a disruption, outage, or manipulation of a process or service could have consequences so severe that they may harm national security. Examples include causing significant economic damage, creating long-term environmental impacts, or severely affecting other vital processes.
Within these processes, one or more organisations – such as (private) companies, independent administrative bodies, and parts of the central government – play an important role in ensuring the continuity and resilience of the process. These organisations are referred to as critical providers. Vital providers are informed of this status by the policy department.
The current critical processes are:
|
Sector |
Critical Processes |
Responsible Ministry |
|
Energy |
Transport, distribution, production, regasification of gas onshore and offshore |
Ministry of Economic Affairs and Climate Policy |
|
Storage, transport, refining, and processing of crude oil and petroleum products |
||
|
Transport, distribution, and production of electricity onshore and offshore |
||
|
Telecommunications |
Internet and data services |
Ministry of Economic Affairs and Climate Policy |
| Internet access and data traffic | ||
| Voice service and SMS | ||
| Positioning and timing |
Ministry of Infrastructure and Water Management |
|
|
Transport |
Flight and aircraft handling |
Ministry of Infrastructure and Water Management |
| Shipping traffic handling | ||
|
Passenger and freight transport via (main) railway infrastructure |
||
|
Transport via the (main) road network |
||
|
Drinking water |
Drinking water supply |
|
|
Water |
Water quantity control and management |
|
|
Chemicals |
Large-scale production, processing, and/or storage of (petro)chemicals substances |
|
|
Nuclear |
Storage, production, and processing of nuclear material |
|
|
Finance |
Point-of-sale payment transactions |
Ministry of Finance |
|
Mass electronic payment transactions |
||
|
High-value interbank payment transactions |
||
|
Securities transactions |
||
|
Government |
Basic registrations of persons and organisations |
Ministry of the Interior and Kingdom Relations |
|
Interconnectivity (transactions infrastructure for information from basic registrations) |
||
|
Electronic messaging and information provision to citizens |
||
|
Public Order and Safety |
Communication with and between emergency services via 112 and C2000 |
Ministry of Justice and Security |
|
Inzet politie |
||
|
Defence |
Defence deployment |
Ministry of Defence |
European Critical Entities Resilience & Network and Information Security Directive
Governments, organisations (both public and private), and intelligence and security services work continuously to protect our vital infrastructure and strengthen resilience. The Aanpak Vitaal (“Vital Approach”) focuses on enhancing the resilience of critical infrastructure by maintaining continuous insight into potential threats, taking appropriate and proportionate measures, and fostering close cooperation among all relevant parties.
This approach will be formally established in law through the implementation of the European Critical Entities Resilience (CER) Directive into national legislation: the Critical Entities Resilience Act (Wet weerbaarheid kritieke entiteiten, Wwke). Organisations that will fall under the scope of the Wwke will first be formally designated as critical entities by the responsible ministry and informed accordingly.
In parallel, for digital resilience, the implementation of the Network and Information Security Directive (NIS2 Directive) is underway, which will be transposed into national law as the Cybersecurity Act (Cyberbeveiligingswet, Cbw). The Dutch government calls on organisations to prepare for the entry into force of these laws and their underlying regulations.