One peculiarity of Dutch cyber policy is that the Netherlands Armed Forces are not responsible for protection of private (commercial) networks, nor even for other public networks. Instead, the Armed Forces appear to be responsible for their own military networks. There also is no role in fighting cyber crime.
Figure 1 – The Netherlands Armed Forces have a Defence Cyber Command responsible for deployment of both defense and offensive cyber weapons.
In general, the information technology infrastructure of the Netherlands is the responsibility of its owners.
Nevertheless, the Netherlands Armed Forces have three priorities in cyber:
- Increasing defensive capabilities;
- Making better use of cyber for intelligence, and collecting intelligence information on cyber threats;
- Developing offensive capabilities.
If “offensive capabilities” were going to be used, it appears it would be only in response to attacks against the Netherlands military itself. Again this is a peculiar notion because if there were a cyber attack against civilian facilities, then this would presumably merit no counter-response from the Netherlands military.
Cyber Warfare Scenarios
In the Dutch view, a purely cyber war is not likely. Instead, cyber will be used in conjunction with a “kinetic” war. Cyber is thought of as a “force multiplier” for kinetic force. Much effort appears to be focused on coordination within the broader landscape of NATO.
Paul Ducheine, Frans Osinga, Joseph Soeters (Eds.), Cyber Warfare: Critical Perspectives, Ministerie van Defensie, NL Arms, Netherlands Annual Review of Military Studies 2012,