On Tuesday June 5, the third edition of the National Cyber Security Research Agenda (NCSRA-III) was presented in press center Nieuwspoort in The Hague. Earlier that day, Mark Bressers had already received the first copy on behalf of secretary of state Mona Keijzer from the Ministry of Economic Affairs and Climate.
The NCSRA has been written as a guideline for public-private partnerships within the national research into cybersecurity. The research is divided over five pillars: design, defence, attacks, governance, and privacy. Each pillar requires contributions from computer science, technology, social sciences and the humanities. The NCSRA-III is an initiative of dcypher, the Dutch platform for higher education and research in the field of cybersecurity.
While in other countries the research on digital security has been divided in separate fields with little interaction, the Netherlands has deliberately opted in the NCSRA-III to make connections between the separate disciplines of cybersecurity research, says Michel van Eeten, professor of Governance of Cyber Security, in his introduction on the new research agenda. This integration is also the big difference with the previous agenda, which appeared in 2013. Van Eeten shows in a graph how investments in cybersecurity research have declined in recent years. “We hope that this agenda contributes to reverse that trend”, he concludes.
Jan Piet Barthel, director of dcypher, next handed over a copy of the agenda to Patricia Zorko, cybersecurity director at the Ministry of Justice and Security, to Stan Gielen, chairman of the NWO Executive Board and also to Henk-Jan Vink, director of TNO-ICT.
“I am proud of the progress that has been made with this new research agenda,” Zorko responds. “We need this to provide the Netherlands with a solid knowledge position in cybersecurity research. We want to reverse the downward trend in research funding by taking a first step forward already in 2018. Five ministries − Defense, Economic Affairs & Climate Policy, Justice & Security, Interior & Kingdom Relations and Foreign Affairs − have already agreed to invest one and a half million euros in cybersecurity research. But we are not satisfied yet. More needs to be done.”
Speaking on behalf of research funding agency NWO, Stan Gielen comments: “I am pleased that this agenda brings together various components of the cybersecurity research and also includes the behavioral component. As far as funding is concerned, I can announce a new call for cybersecurity research proposals with a total budget of five million euros, within the framework of the national Top Sector policy.”
“The multidisciplinarity of this agenda really appeals to me”, continues Henk-Jan Vink of TNO. “The NCSRA is leading in what we do at TNO. It is important to us that we close the chain that leads from fundamental research to concrete applications. That is why it is good to see that NWO, TNO and the ministries have started to cooperate more closely in recent years. I also see the NCSRA not only as an opportunity for research, but also for education. Good people are scarce and it would be good to have more of them.”
The launch of the new research agenda was concluded with a panel discussion involving, in addition to Patricia Zorko and Stan Gielen, D’66 member of parliament Kees Verhoeven, CEO of Riscure Marc Witteman and professor of systems security Herbert Bos.
Kees Verhoeven is co-submitter of a parliamentary motion that demands a more ambitious approach to cybersecurity research. Although the motion has been adopted by the House of Representatives, no response has yet been received from the government. “If the answer takes a long time, you have usually asked a good question”, says Verhoeven. “But there must be a reaction soon, because we really have to start accelerating forward.”
Marc Witteman, on behalf of the business partners, emphasizes that the task of business is not so much to put money directly into academic research, but to develop new products and services in collaboration with universities. “Moreover, companies can be an important sounding board for the universities. We have a good view of what the pressing questions are.”
Professor Herbert Bos examines the number of PhD students required: “Every year about 2500 new jobs are created for cybersecurity professionals. If you assume that about one per cent of this must have been trained at the highest level, so with a PhD-degree, we would have to deliver 25 PhD students per year. But the actual numbers are that we have delivered 25 PhD students in five years, between 2013 and 2018. That is actually five times too little. However, the good thing is that the level of scientific research has increased and that we are better organized as a research community.”
Stan Gielen concludes the panel discussion with the comment that the NCSRA-III will form the basis for the cybersecurity research program of the coming years. “We can go forward for another four or five years.”
Special thanks to sessionchair Peter Zinn
Text: Bennie Mols
Photo's: Sjoerd van der Hucht