Coordination and cooperation in online threats

In his recent blog post Jan Jaap Oerlemans of Leiden University’s Law school reacted in-depth on the recent cyber security analyses of the Dutch National Cyber Security Centre and the accompanying letter of minister I. Opstelten of Security and Justice. Having read his blog post, I want to make two main points in reaction, addressed to all governments, not just the Dutch. (My apologies, as all links are to texts in Dutch.)

The more regulators the merrier?

As more sectors are obliged by law to notify on security breaches in the near future, more regulators seem to come in play. From my point of view this seems just a call for havoc and disorder if the true crisis, so many discuss and prepare for, should ever come around.

Why not give this topic to one regulator? One that has experience with the topic and already has people that are trained to do the job? This allows for:

  • less cost, more efficiency;
  • a better overview;
  • one centre of knowledge and true expertise;
  • one priority setting;
  • one regulator to coordinate with.

There most likely are more points to consider, but you get my drift. How many entities do you want to coordinate with and get to do what you want it to do in a time of crisis? In my opinion as little as possible. So why not look at which entity is the best equipped (or can be best equipped) to take on the task of regulating cyber security breaches and related topics?


My second comment sees on coordination and the (lack of) powers to coordinate. If you need to coordinate, the entity having that task needs the powers to do so. A common complaint around the EU is, that no one involved in the cyber realm has experience with coordination, i.e. telling other (enforcement) entities what to do, when, in a time of crisis, because of the simple reason that no one has the powers to do so. This is a topic that needs serious attention and deliberation from a government, no matter how, politically and practically, sensitive it is. In a time of crisis or a major online threat case it is important to truly depend on one another.


A government may want to rethink how many regulatory agencies it wants to involve in the same topic. Efficiency may be worth more than political correctness towards an x number of regulators where one would do nicely. And while at it, those involved can seriously contemplate what powers and/or tools a coordinator needs to be able to truly coordinate in a time of crisis or when involved in a major case that involves several and very different entities to investigate and enforce.

Without the proper answers to these challenges, solutions are all sub-uptimal where cyber crime, online threats and cyber security are concerned. While the challenged are huge already.

Wout de Natris, De Natris Consult

Leiderdorp, 17 July 2012


About Wout de Natris

As a consultant I specialise in establishing new and different relationships between industry, governments and law enforcement where internet safety and the fight against cyber crime are concerned. This makes me a bridge builder. Hence the blogs name. In this blog I intend to stress the need for interaction, cooperation and exchange of information in order to change the mentioned relationships. On offer: a comprehensive training on all non-technical aspects of spam enforcement and a cyber awareness presentation for companies and institutions
This entry was posted in Cyber awareness, Cyber crime, Cyber espionage, Cyber security, Cyber warfare, Malware enforcement, Spam enforcement and tagged , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s