Importance of directing cybersecurity research in The Netherlands

August 31, 2020

written by dr Veelasha Moonsamy (Assistant Professor at Radboud University), on behalf of CyberSecurity Next Generation

Veelasha Moonsamy

The Dutch cybersecurity platform for higher education and research (dcypher) was founded in April 2016, with the goal of setting and coordinating scientific and applied cybersecurity research and higher education in The Netherlands. However, as of October 2020, dcypher, as we know it, will no longer exist and the future remains unknown as it is not clear what a post-dcypher era will look like. While this change brings along a lot of uncertainties, it also provides us with a chance to re-envision the future of the Dutch cybersecurity landscape. Such is the aim of this column, with a particular focus on the impact of young/junior cybersecurity researchers in The Netherlands.

For the past few years, dcypher has been working closely with a network of young cybersecurity scientists from various universities across The Netherlands. CyberSecurity Next Generation (CSng) is an interest group of young scientists, combining academic career development and growth ambitions with outreach to the broader community, and contributing to better the cybersecurity research policy development from a young scientists’ perspective. CSng believes that by joining forces with the main stakeholders it can contribute to the strengthening of the Dutch multidisciplinary cybersecurity research community of the future, which now more than ever, requires an increasing knowledge and expertise in this constantly-evolving field.

To that end, CSng organizes regular events, namely an annual workshop for young researchers (including PhDs, Master and Bachelor students), best Master thesis award, distinguished lecture series, and contributes to the national cybersecurity policy and strategy discussion. To achieve this, CSng collaborates with and receives support from several other institutions and organizations, such as 4TU.NIRICT and NWO. In particular, dcypher has had a significant impact on raising CSng's visibility and ensuring that the voice of young cybersecurity researchers gets heard, and has received its support in several forms, namely:

  1. dcypher actively supported the involvement of CSng in the national policy and strategy discussions (e.g., NCSRA III)
  2. dcypher significantly boosted the public attention on CSng, its activities, and events via their networks and dissemination channels (e.g., special session at dcypher symposium, and advertising CSng events through the dcypher mailing list and newsletter)
  3. dcypher facilitated the planning and organization of CSng events (e.g., hosting of the annual CSng workshop and best Master thesis award in The Netherlands)

While the collaboration between dcypher and CSng has undoubtedly helped to boost the visibility and provide a platform for young cybersecurity researchers, there have been other initiatives whose aim was to help strengthen the cybersecurity research landscape in The Netherlands. For example, an "emergency letter" penned by prof. dr. Herbert Bos (Vrije Universiteit Amsterdam), prof. dr. Michel van Eeten (TU Delft) and prof. dr. Bart Jacobs (Radboud University), in consultation with dcypher, was addressed to the Dutch government as a means to raise awareness of the lack of research funding made available for cybersecurity researchers in The Netherlands. The document was intended as a sign of warning for the local government and a clear plan was proposed on what the next steps should be in order to attempt to remedy the situation.

The letter was written in late 2017, and unfortunately, very little has changed since then. Instead, The Netherlands now finds itself in a weak bargaining position when it comes to attracting and retaining talented scientists in the field of cybersecurity as our neighboring countries, such as Germany, Belgium, France and Luxembourg, have all experienced an enormous influx in regional and state-level funding from their respective governments to strengthen their cybersecurity research portfolio for the next 10 years. For example, located in Saarbrücken (Germany), the newly-established CISPA Helmholtz Center for Information Security received a permanent base funding of more than 50 million Euros from the German government and plan to employ more than 800 scientists from all over the world [1]. Another example is the new Max Planck Institute for Security and Privacy, which was founded in May 2019 and will be located in Bochum (Germany) with an annual operating budget of around 20 million Euros, with plans to hire around 250 cybersecurity and privacy researchers [2]. That same year, the Flemish government announced that they will invest 20 million Euros per year for the next ten years in strengthening cybersecurity [3]. We have yet to see a similar strategic move from the Dutch government, and now with the dissolvement of dcypher, the future of cybersecurity research in The Netherlands remains gloomy.  

The recent introduction of "sector-plan" funding from NWO has provided some relief by allowing Dutch universities to hire young cybersecurity researchers, and provide them with some initial funding to start off their academic career. However, in the long-run, this model no longer becomes sustainable as researchers have to compete for the few NWO grants available for cybersecurity researchers in order to remain internationally competitive in their respective disciplines and potentially having to fulfill tenure-track requirements. This is further exacerbated by the ad-hoc funding calls available to cybersecurity researchers in The Netherlands, whereby any long-term research planning is made difficult. In contrast, our colleagues just across the border are gifted with annual research budgets which allow them the luxury of being able to focus on their research.

This raises the question of what The Netherlands should do in order to "stay in the game". While there is currently on-going discussion of what the next dcypher should look like, special attention should be paid when it comes to attracting young talents in the field of cybersecurity and ensuring that a similar level playing field is offered to them as in the other countries just across the Dutch border.