Belgium approves new cyber strategy with emphasis on essential institutions
Roughly two weeks after Belgium’s parliament, universities, and scientific institutions were hit by a cyberattack, the country’s National Security Council approved a new cybersecurity strategy that aims to shore up its digital defenses.
In a 45-page report written in Dutch that was published on Thursday, the Centre for Cyber Security Belgium, which acts as the country’s central authority on cybersecurity, spelled out six strategic areas that it will focus on over the next five years.
These are: investing in secure network infrastructure; raising awareness of cybersecurity threats; protecting vital institutions; deterring cyberattacks; improving public, private, and academic partnerships; and articulating a clear international commitment to the issue.
As the seat of several key international institutions, including the North Atlantic Treaty Organization, the Council of the European Union, and the European Commission, Belgium is particularly vulnerable to nation state hacks, cyber terrorism, and hacktivism, in addition to cybercrime, the report said. Part of the country’s new cybersecurity strategy is to strengthen the security and support that it provides to these and other essential institutions, in order to prevent incidents that could have a national or global impact.
Although the timing of the new cybersecurity strategy appears to be unrelated to the attack the country experienced earlier this month, that incident highlighted how vulnerable some of the country’s most important institutions are to cyber threats. Most of the Belgium government’s IT network was down on May 5 after Belnet, a government-funded internet service provider, was targeted by a massive distributed denial of service attack. The incident is believed to have impacted about 200 government organizations, shutting down vaccine reservation portals and virtually-held parliament meetings.
Belnet said in a statement that it was unclear who was responsible for the attack.
Belgium launched its first cybersecurity strategy in 2012, mainly to improve defenses and conduct better incident response. The “Cyber Strategy 2.0,” as the new initiative is called, was motivated by “continuous change in the cybersecurity landscape,” both in terms of threats and defense posture—new agencies with cybersecurity responsibilities have sprung up in Belgium and the European Union in recent years.
For example, a significant section of the report is dedicated to listing and mapping out the more than one-dozen stakeholders that will have some responsibility in the new strategy. These include federal police, military, and prosecutors.
“Cybersecurity is not only a priority for Belgium, but also represents a huge opportunity for our companies and small and medium enterprises, which have a lot of expertise in this field,” Belgium’s prime minister Alexander De Croo said in a statement. “We will continue to invest in the protection of our citizens and our systems against cyber criminals and at the same time we will do everything in our power to develop an ecosystem that promotes innovation in cybersecurity in Belgium.”