Bio:
Mr. Simon van Merkom works with the Ministry of Economic Affairs in The Netherlands. He is senior policy advisor in the section ICT Security since 2001 and coordinating the national policy regarding resilience of public telecommunications. He is involved in several projects covering national and international activities on critical infrastructure protection, crisis management structures and national security.
He received a MSc degree in electrical engineering at the Delft University of Technology in 1983. Then he joined the Ministry of Transport and worked on experiments and innovative projects related to the usage of IT in public transport systems. Followed by a few years of implementing ICT and office automation systems in several departments of the Ministry he moved to the telecommunications department of the Ministry to work on standardization and international relations. Keywords were telecommunications equipment, EU common market and enforcement. After implementing the EC R&TTE Directive in The Netherlands he joined the ICT Security section of the Ministry of Economic Affairs.
E-citizen services, databases and privacy impact assessments; To gather or not to gather, is that resilience?
Abstract:
Over the years electronic communications services and infrastructures and IT, to which we nowadays refer as ICT, have become critical to the functioning of society. If disrupted, impact can be huge. Prevention of disturbances is a major issue in the ICT sector as well as in the dependent sectors. In The Netherlands this issue was recognized towards the end of the 90's. Several projects were carried out to cover different aspects of the issue. Awareness raising at end-user level was taken up and implemented through e.g. media campaigns and certificates in primary school and via SME discussion fora. Resilience of services and infrastructures was covered in a PPP approach: government and providers started to cooperate on resilience issues like continuity planning and crisis management. Interesting detail of this approach is that it is situated on the borderline between public and private interest. With the upcoming Internet cyber security also became of importance. A few years ago an information exchange on cybercrime was installed. This was also a PPP based operation, which has grown towards a group of linked exchanges for several sectors.
Alongside these projects the Strategy on National Security was developed, which now covers in a structured way many sectoral and cross sector activities like analysis on risks, impact and dependencies, scenario development, capacity planning, crisis management, etc. The new challenge we are facing is, since ICT services are not bound to national borders, to connect the national approach to international activities. All these projects started at a low profile, but after some time all became a big success. Major factor for our success is the way PPP was implemented, with regulation regarded as only necessary as a last resort. Will this also be possible in an international environment?