What’s up in the Netherlands? – Opening 2019

From EuroDIG Wiki
Jump to navigation Jump to search

19 June 2019 | 9:15-10:15 | KING WILLEM-ALEXANDER AUDITORIUM | Video recording | Transcription
Consolidated programme 2019 overview

What’s up in the Netherlands? – Showcase of Dutch Best Practices in the Digital Domain

Transcript

Provided by: Caption First, Inc., P.O. Box 3066, Monument, CO 80132, Phone: +001-800-825-5234, www.captionfirst.com


This text, document, or file is based on live transcription. Communication Access Realtime Translation (CART), captioning, and/or live transcription are provided in order to facilitate communication accessibility and may not be a totally verbatim record of the proceedings. This text, document, or file is not to be distributed or used in any way that may violate copyright law.


>> MARJOLIJN BONTHUIS: As Netherlands, we have a small time slot at the beginning of those two days to present ourselves, to present our polderen, to present our best practices and I would really like to start with a small film, a small movie, with a few of our stakeholders in it, just to get you to warm up, to warm up and be awake for the next slots.

(Captioned video)

(Applause)

>> Welcome in The Netherlands. I'm very happy to hand over the microphone to my boss, my director, Arie van Bellen who has multi-stakeholder cooperation into his veins. From the very beginning of digital society, he works together with everybody, creating every day. And so I'm very, very happy that you are here and moderating the next session.

>> ARIE VAN BELLEN: Thank you, very much, Marjolijn.

Let me get up here and get this. Well, good morning, everybody. More and more people getting through the rain. I will try to make you a little bit warm, giving you a short insight in this polderen, how do we do that? How does it work? And not to have an example that you all have to follow, but because it is a little bit peculiar. It is Dutch, but it works. And maybe elements in method of public/private partnership can be useful for you in your work.

What we are doing now in a little block is two good examples in practice how we work together, business, government and civil society. But first of all, let me explain a little bit shortly this picture, and also my organization.

ECP is established already 20 years ago and it is really also only in function to be an oilman between the different stakeholders to get The Netherlands further in a successful and trusted digital society and economy. And the first learning point for us was that we needed six stakeholders to be together. And we achieved to bring them together. That is, business community on the tech side, but also business community at the user side; government, but in two capacities. A huge user of technology, and the government to safeguard the guidelines, the rules, the values.

Then you need intermediary organizations like the consumer organization, the employer organization. This development is not only a revolution. It's an evolution. So existing, powerful stakeholders have to be taken along, and we put them into our processes. And, of course, science. Science is a very important partner in developing Digital Netherlands and our digital world.

Last but not least and in the film, you saw Auke, the chair of you are youth society. It's not PPS, public/private partnership. It's PPPS, public, private, and public partnership. How can you make such processes successful? First of all, you have to make a set of rules about the processes. The openness, but also the trust that you put there in those processes.

We work closely with government and there's real leadership, you will hear later, in our cabinet, in our government, on the Digital Agenda, but our processes are not in the government but together with the government. To be open in how we make solutions for partnerships, like we did on child pornography, on detecting botnets and all other topics. We have a peculiar process management.

Of course the Dutch way, when we have a meeting and we want to make a building, an agreement on a topic on the age it, always starts with sandwiches, the Dutch way. That's only a little bread with cheese and milk. We had some Belgian. And you get kruidnoten or cookies in the afternoon. And you have a good meeting, maybe water, a little beer with bitterbals. And then you hope you have achieved something that sticks. And our strategy in that, is that sometimes we look at particular technologies. How can The Netherlands be still evolved in the big artificial intelligence development? Do we have a position as The Netherlands? What part of that development are we good in or not. So the technology is the focus points but only together with domains, in which part of our lives do the disrupting technologies really make changes like healthcare. Like climate. Like retail. Finance.

So sometimes we have activities that look into a domain but always with the disruptive technology input.

And the third and last, what guidelines and rules do we have and which ones are not capable to cope with this development? That's not only the legal framework. It's also the security framework, the ethical framework, the political framework. And with this vision, we are working -- working very hard. I have 130 members. And we have huge programs and we are paid by all the stakeholders together. So we are not depending on one of them. We are not part of government. We are not part of business. We are not consultancy. We are not a branch organization. It's a meeting of the minds, and it works.

We have a lot of alliances in place. I won't get into those. I want now to introduce two examples of partners of ours, influential people, influential projects, that really work along with this public/private partnership. I go to the first one, and two people will now come forward. A lady and a gentleman. First of all, you are nearest to the stairs. This is the chairman of our forum of standardization and Gerben Klein Baltink and he's the chairman of the Internet standards platform in The Netherlands. Give them a warm hand.

(Applause)

I will hand over to you, and their topping and their program is Internet.nl. Go ahead.

>> GERBEN KLEIN BALTINK: Thank you. Well, Larissa and I will talk about something really boring. So I hope you are still awake at the end of our presentation. We will talk about standards. That's the tiny lines of code between you and the basics of Internet.

And what we found almost five years ago was that we saw a lack in the adoption of those standards. It was not going fast enough. So what we tried to do is promote those modern, secure, Internet standards. And it does relate to governance, to control of the Internet, to the usability, and how do we do that? That's what I will explain and later on, Larissa will focus on the way the government deals with standards in The Netherlands.

Behind me, you see the partners in what we call the Internet standards platform. It is in PPS, or PPPS construction where we try to bring together Dutch government and the most important players in the field of the Internet infrastructure, the basic things. But we try to keep the end user, either government, an organization, a business or an individual person in mind. Because what we think, what we believe, is that in the end, everybody should have access. And therefore, we have this typical Dutch tile. We call it tile wisdom. You find them in many houses Netherlands with very intriguing text, but this is our motto. The open, free, and secure Internet. That is really the reason why we work together in the Internet standards platform.

We do that, as I showed we have a lot of parties that focus currently on these modern standards. I'm not going to explain them all to you, but I hope that many of you, at least, have heard about these standards. We try to select those standards that are already there. So you can implement them, that have effective use to keep the Internet open, free and secure. So it's all about connectivity, protecting your data, your privacy, making sure that you go to the right website, that there's not a man in the middle, but that you actually go to the website you want to visit, and that when you send an email, that you can really trust the emails you receive and the emails you send out.

Those standards may seem a little bit complicated and sometimes they are. We have to be very honest about it. So I'm not going to say that it's a piece of cake to introduce these modern standards in your own organization. But from the beginning, we have tried to help you. We want to share knowledge. We want to enable you to have a platform where you can talk to. So people are invited to join us and discuss with us the reasoning behind these standards but you can also easily see yourself when you look at Internet.nl, a website devised almost four years ago.

At that website you can see if your own organization, web-based email sending and the local connection you use is up to speed with those modern Internet standards. And I will show you some results, because the Internet test is something, but we did it for you. At least for around 200 of you that were sharing their data with us, and said, it's okay to test it, anonymously, of course initially. And here you see the aggregate results.

The results of around 200 participants in this conference. If we look at the standards, you see that IPv6 adoption, it's a little bit low. I'm a bit disappointed. The same goes -- and that might be even worse from a security point of view DNSSEC, the security extension to what we do in the Domain Name System.

HTTPS, that sounds promising, 92%. That's great! But then if you look at the policy, how do you configure your settings, then it's not that good. But luckily enough, there are some organizations present today that do it better than average, much better than average and we even have what we call a winner.

So I will come back to that in a few seconds, but be prepared that I will ask one of you to come forward.

If we look at the modern email security standards, the other ones were the web standards, then you see the following results. Many of you already implement DKIM and SPF and even with a strong policy on SPF which is good. For DMARC, the 36% is promising as well, but a DMARC policy is falling behind with only 13%.

STARTTLS is there, that's 97%. The configuration is starting to pick up with 56 but DNSSEC over your mail server and DANE are low. So what I would like to invite all of you to do is check your own organization versus these standards. It's a simple test. It will take you a few seconds. And you have a lot of explanation behind it. If we have time, we will even do a live test in a few minutes.

But the winner, the winner is the Swedish Post and Telecom Authority, PTS.se.

And this is somebody present.

(Applause)

>> ARIE VAN BELLEN: Are they in the room?

>> GERBEN KLEIN BALTINK: We have a small present for you. If somebody from pts.se is in the room.

>> ARIE VAN BELLEN: Or too shy? We will keep the present.

>> GERBEN KLEIN BALTINK: Their web security score was 97% and their email security score was 100%. That's a big applause for the Swedish Post and telecom. And now I hand over to Larissa.

>> LARISSA ZEGVELD: Thank you, Gerben. The results show that we have work to do allow me to introduce myself. I'm Larissa Zegveld. I stand here on behalf of the Dutch standardization forum. I also lead the Dutch corporation, we go for it. We go for it provides IT services in the social domain, to the people of the four large Dutch municipalities.

And what we see is that public services nowadays are often profiled digitally. People use the Internet to search for and manage services they need, like Social Security payments, and therefore, it's very important the government provide secured traffic on the Internet, while also ensuring high levels of accessibility. So enable people with different skill sets from different backgrounds to make use of the services they are entitled to. And this is where the Dutch standardization Forum comes in. In supporting the government in the use of open standards for electronic information exchange with citizens.

The second goal of the Standardization Forum is present vendor locking and reduce governments in the public spending on ICT. For those who are not familiar with the term "vendor locking." Vendor locking makes a customer dependent on a vendor for products and services. Enabled to use another vendor without substantial switching costs.

To provide public services to civilians, organizations are required to work together, because their individual services are part of a larger chain. Therefore, it's very important that everybody in the chain keeps up the same standards. The Standardization Forum advises the Dutch government on such matters. The open standards that Gerben showed us all apply to the public institution and enable good flow of information between these institutions. At the same time, the IT services are kept secure. We keep a list of all these standards and monitor how public organizations comply.

Our policy is to promote working with open standards, to make it a norm. This is because we know the open standards contribute to a better information exchange between the institutions and decrease the chance of vendor locking. Together we select the standards we need to comply with. If an organization does not comply, it needs to explain why it doesn't. The forum of standardization monitors their compliance. In short, we call this policy comply or explain.

So how does that work in practice? First, an organization might call for tender. In the tender request, it includes our list of open standards. If the chosen vendor doesn't deliver these open standards, the organization will have to explain why it still does choose to work with that vendor.

So our list of standards acts as a tool for public institutions to do better tenders with IT companies. The institution can trust that if they are compliant with the open standards, they deliver safe services and it's insured. By working with open standards, we also decrease the chance of vendor locking and this is very important because vendor locking makes that public organizations can switch very easily to a new supplier. The transition would hurt their services for too much for too long. It helps us to avoid this problem while ensuring safe services.

So apply the standards or explain why you don't. People sometimes ask me, why don't we advocate for law that allows to find noncompliant organizations? Well, I don't believe in adding search a bureaucratic layer. The fact is, I have never met a single colleague in my entire career who desired to provide unsafe services. Nobody wants to provide unsafe services. And in the rare instance this will be the case, such a person would simply need to be fired and replaced. That's a joke.

It's much more, in my opinion, about helping everyone to comply with standards in a good way or fashion. There's no general way for every organization applying for open standards. While the forum of standardization distributes and manages the list of open standards next to monitoring for compliance, we also promote sharing knowledge and experience between organizations.

For example, when test results shows one organization scores much higher on their compliance than another organization, we advise them to have a look at a well-performing institution to see how they have managed to achieve such a high score and substantially try to apply the lessons learned.

So sum up. By using the policy, comply or explain, managing an up-to-date list of open standards, pushing for interorganizational exchange of knowledge, while also monitoring and measuring digital services for people becomes safe and better accessible.

Important to note is that we make use of Internet.nl that Gerben just presented. The tool is for free, and it's very easy to use and I would like to invite you all to use it for benefit of your organization security, and the customers you provide services for.

And now, our vote -- results, I mean. These are the results of The Netherlands, of the Dutch public organizations in The Netherlands. You are looking at how compliant the 500 biggest public organizations in The Netherlands are. They are complying quite well, but we know the smaller organizations, which are not included in this particular data set are not that compliant. They would be helped by having agreements on a national or perhaps even an international level, and one of the future plans of the standardization forum is to play a constructive role here as well.

Already, we are discussing making arrangements with the larger private vendors to get them to always comply with the list of open standards. In this way, both the large and the smaller organizations don't have to make their own arrangements with the vendors. Using the right standards will become the norm for these vendors.

Regarding these results, all in all, latest level of compliance is encouraging, and certainly not bad. But at the same time, we are aware our job is never done. New security threats emerge on a regular basis. We simply can never achieve 100% safety.

On a final note, I would like to address to you directly, dear audience. In inviting to work together as public -- oops, sorry. As public/private and other organizations, make use of a tool like Gerben just presented. This discuss with fellow organizations that are outperforming you how they manage to reach their level of use of open standards. By doing this, we create better and more safe services for your customers, our customers and civilians.

I wish you the best in this endeavor, and hope you enjoy your time at EuroDIG.

Thank you.

(Applause)

>> GERBEN KLEIN BALTINK: We still have room, I guess for one or two tests.

>> LARISSA ZEGVELD: One or two.

>> GERBEN KLEIN BALTINK: And anybody would is daring to enter their website.

>> ARIE VAN BELLEN: Otherwise, we just pick one.

>> LARISSA ZEGVELD: We have a hand?

>> ARIE VAN BELLEN: This gentleman?

>> LARISSA ZEGVELD: Over there we have a gentleman. Please come forward, please.

>> ARIE VAN BELLEN: I'm now addressing this gentleman. Who is first? We can only take one. I will take this gentleman. Yes, you should. Hi, who are you?

>> AUDIENCE MEMBER: Nigel.

>> ARIE VAN BELLEN: Nice to meet you.

>> AUDIENCE MEMBER: ICANN.

>> ARIE VAN BELLEN: Oh, ICANN! They have their standards in place. I'm very anxious to know.

>> AUDIENCE MEMBER: This could be career limiting.

>> LARISSA ZEGVELD: Tough choice.

Oh, let's see. Yeah, an applause.

(Applause)

>> GERBEN KLEIN BALTINK: Good to see and congratulations. I mean, 94% is not a really bad score. There's something wrong with your HTTPS.

>> AUDIENCE MEMBER: Oh, no, something wrong with the HTTPS.

>> GERBEN KLEIN BALTINK: Ah. Your redirection settings are perhaps not quite okay. But that seems to be the only thing right here in the web thing, but I will check your email as well. Let's have a look.

Hey, 84%. It's not too bad at all.

>> AUDIENCE MEMBER: And we should have DNSSEC.

>> GERBEN KLEIN BALTINK: But I see that you have DMARC. So you have DMARC on your email, but there's not a strict policy in force. So it's a like sticker on the front door saying there is a lock but there is no lock.

Anyway, I think you are brave enough to come forward. ICANN is a really important organization in our Internet infrastructure, and the scores are more than average. So I will give you a small present for ICANN.

>> AUDIENCE MEMBER: Thank you.

(Applause)

>> GERBEN KLEIN BALTINK: Enjoy!

>> LARISSA ZEGVELD: Thank you.

>> ARIE VAN BELLEN: All right, guys thank you very much and other people can all try, it use it. I see there is a little table upstairs if you have questions you are available?

>> GERBEN KLEIN BALTINK: We will be there.

>> ARIE VAN BELLEN: You will be there the entire conference. Give them a big hand, Larissa and Gerben.

>> GERBEN KLEIN BALTINK: Thank you.

>> ARIE VAN BELLEN: We go to a second keynote on public/private partnership and now we are looking into The Netherlands as gateway to Europe. If you are look at our infrastructure, who will be the guy that's explaining that position of The Netherlands? It is Michiel Steltman of the Dutch Digital Infrastructure Association.

Go ahead.

>> MICHIEL STELTMAN: Welcome and good morning. It's an honor and a pleasure to represent the Dutch digital infrastructure sector consisting of data centers, Internet exchanges, domain registers, and a rich spectrum of companies that built the foundation of The Netherlands Internet.

And why did we create this association and why do we exist? Well, The Netherlands is very proud to be currently the number one data hub in Europe. We surpass the major other hubs, Frankfurt, Paris and London yesterday because of a consistent growth of 18 to 20% annually in megawatts in square meters but also in the growth of hyperscalers, network capacities and many other factors that create a very strong Dutch position for the Internet.

And it attracts a lot of economic activity, and this is why The Netherlands has a strong position, in many technologies that are delivered to The Netherlands and many European countries and other places in the world. But as a small country, it becomes great responsibility in keeping that stable and making sure that the freedom of the Internet and the services are preserved and managed well.

So what we see is also cloud adoption, which is very remarkable, because in many countries, the term "cloud" is still confined to, let's say the hyperscalers, the big companies, the Googles of these worlds, but in The Netherlands, cloud means literally thousands, to tens of thousands of companies who put their services online, keep the data of their businesses that they serve and consumers online and deliver those services. So cloud adoption is very high and that's a very strong indicator of how economic ecosystems work and what the issues around data, preserving data, protecting data, using data, are meaning. And because of that, we have a multitude, a richness of stakeholders debating, discussing those issues in a relatively small country.

If you look at that, we studied that phenomena, how do -- how do these ecosystems really work already in 2013, with the help of Deloitte, who published our first report and it was called "The Third Main Board." We use the term main board which is not an English word. We only use it exclusively in The Netherlands to indicate major economic hubs but we found that contrary to, let's say, beliefs that the Internet is a technical facility, to deliver data, it is also an economic engine. It creates more or less, let's say, a same-city kind of world but also a phenomenon that goes around the digital infrastructure.

We found very strong correlation, statistically, but also a very strong relation between three dominant factors, being one hand, digital infrastructure, the neutral generic facilities that are used to deliver data and technology and that use to bring technology to consumers and businesses, on one hand, and on the other hand, it stimulates economic growth, and also it impacts society, because the fact that The Netherland Society is well connected and all of our citizens have easy access to mobile, fixed Internet and different forms, indoor, WiFi, in all places and that's very rich and well-structured and facilitated phenomena.

So that means that citizens and companies can access the Internet, the digital infrastructure makes that happen. The digital use is stimulated and that stimulates, let's say, a snowball effect of a digital economy in many services.

And that created -- those reports draw some attention also in our parliament, because traditionally, you know the complaints about ten years ago, while the politicians and governments do not really understand the Internet. They look at Internet as a form of IT. We use the term convergence that media and IT were converging into something new, but we found really the idea of an economic ecosystem, so that mainport got some attention of politics and in 2015, 2014, was the motion of one of our parties nominated the mainport. They are battling over that, but never mind, we had -- we had the mainport and it's been officially recognized as an economic engine, an economic motor for future economic growth in Netherlands.

And also because of that, we decided to work together and also to work together with different governments. In 2015, the central bureau of statistics investigated this mainport phenomena and looked at the Internet from a different perspective, which was at that time technology, media and telecom, and we said, well, look at that from a different perspective, a layered, structured world of infrastructure, services, and societal use. And they found that the digital mainport in economic value already surpassed that of the airport and harbor, which are major economic hubs for Europe.

In terms of growth, in terms of number of employees, but also in terms of contribution to the economy, and that's still, of course, a very difficult topic to understand, and we understand the struggle of society and government very much how to deal with that, because virtually -- how can a virtual economy have such a strong position if you compared it to a physical economy of something you can touch, a railways, harbors. Still another report of the Dutch Institute that monitors the investment and the progress of the physical infrastructure came to the same conclusions that investments in digital infrastructure have far better return on investment in economic sense than investments now in some of the physical infrastructures which is odd if you think about it, and it's still something that all of us needs to come to grips with.

And the Center of Bureau Statistics made a model for how to measure this. It's very good that they had -- that they were brave enough to use that, compared to the traditional way, in which economic values of technology are measured. And they said, well, you have what we call the core of the Internet economy and they defined it as companies who exclusively make their money and earnings of digital activities, not just ICT, but because of the Internet, meaning digital shops, digital business models, e-commerce, and many others where companies exclusively earn their money, because the Internet exists. That's a new way of looking at that economic value.

They found the core internet economy is good for 6 to 9% of our national product, and if you look at that, it places that sector, if you look at that, there's a sector in the middle tier. It's even bigger than agriculture. It's bigger than finance and construction. It's a sector in its own right, and it has a major contribution to the Dutch economy.

Well, with those conclusions, we found that slightly also the way we look at the Internet, not just technology, and let's say externalities, the effects of what we do with that technology, such as cybercrime or threats to our society, or geopolitics, and many other factors that we're discussing in IGF and EuroDIG and discussing, but also a very important economic value, not just the freedom and the openness but the fact that there's a nation or a country, you can actually earn a decent living and create a lot of economic value for yourselves and for an economy based on this way of thinking.

And that gives some extra ground on the freedom of the openness of the Internet, not just, of course, the crucially importance of human rights, the freedom of speech, the openness to develop, and the freedom to place your content online but also the economic value for our future generations, our children will make -- you know, will have a living not because the Internet disrupts what we have always done, but because the Internet is a new factor that gives you your future wealth, which is a key factor also to take into account.

And this is why we join forces. And the traditional, those of you who have been in the Internet community, know how difficult it is to join forces in some of these communities and we found ourselves on these teams, in the mainport team and the economic cooperation and keeping and protecting the Internet. The Netherlands ICT organization, and a very close cooperation with SSDN, as the Internet.nl domain and the with some other organizations that are so elementary and crucial for this economic function and growth, such as the Dutch start-up association.

And we found basically, there's a couple of things -- I'm going to dive a little bit more in detail, we found eight key factors for the growth. What are those factors? What substitutes the digital function of the main board and what factors are crucial for the success and what factors do we need to keep healthy?

I won't explain them all to you, but I will pick out a few details to illustrate what we are talking about. And very often, people ask me, oh, eight. That's a long list. If you have to pick one or two that are the most important and which one do we really need to focus on to make it happen, and which one are less important, then my answer is, basically, to refer to Liebig's law and those of you would have a background in biology, maybe some of you have or have some association with that, Liebig's law says that the total yield is determined by the smallest growth factor. It's by saying you have a plant which needs soil and fertilizer and water and sun light. You say which is the most important? Well, let's focus on the sun light and water we do later on. You understand that the plant will not survive. Which means that all of these eight factors have to be addressed and that's a big task. It's a big job and it's also our common responsibility to deal with all of these factors. The skills that we need to talk about, keeping the permission, the openness of the Internet to innovate, to make sure that not just big parties but also the small companies can start new ideas and can start to invent something that can potentially change the world.

Strengthen our position. Make sure the hub function of the Internet stays intact, to have the mainport. But also very, very elementary, room for growth for data centers. Data centers are the buildings where everything happens. This is where all the servers are. This is where the data is stored. If you can't grow that, you can't grow the ecosystem. So if you run out of electricity, you run out of space, or you get to the other problems, then suddenly this whole mainport can stall out very rapidly. So all of these factors have to be taken into account.

I will address a few. One is that very, very often you will probably recognize, is the common concept of what the Internet is. This relates to digital skills. What is the Internet? How do we explain that? We see the Internet often by its effects, by the data that is delivered by AI that's coming up, by eCommerce that's changing the world, by technologies that disrupt the classical things. So we look very much on the servers on the societal impact. But if you look at what the Internet is, if you ask your typical neighbor, someone who is not technical, I connect to the Internet. How do I do that? I have a mobile phone or a fixed connector to connect me to the Internet.

And then there's the Internet. So magic happens somewhere, and if you ask people where, it's the Internet, and some people will explain, it's in Finland or Ireland, because I have seen there's big data centers. There's a lot of, let's say, a lack of knowledge about what the Internet really is. We started to educate very widely the general public, but also the politics and the policymakers, what we think the Internet really, is which is more layered, structured approach. Digital infrastructures sitting, there the neutral, invisible, almost, facilities, the cables, the wires, the data centers, the storage clouds, the hosting facilities, the domain functions, and the whole structures that go along with that, such as the ICANN, and the organizations that monitor that basic infrastructure that stays neutral.

And then we have digital services, the companies who make their money out of the fact that they can now deliver the technology and data using that infrastructure to their constituents, to society, to consumers and to businesses. In The Netherlands alone, there are 60,000 of those companies. Because very often if we think about digital services, we immediately jump to the big guys, to the Googles and Facebook, a lot of attention and focus is on -- on the hyperscalers and on the large brands but the effect and a good and healthy economic ecosystem comprises of many, many small companies, thousands, tens of thousands of companies that make their living out of the fact that they can use the internet to deliver.

And then we have the digital society what we call digital society. Basically refers to the society as we know it that as now to deal with the Internet because it changes their business. It changed their way of working, but also as the Internet services, a factor that helped them to stay relevant, to innovate, and become more efficient and to use AI, to use new technologies and do what they always did but then better, stronger, stay relevant and -- and deliver their failure. And one of them is government, very strong.

Then we have, of course, the threats that we talk about. We see new developments, back doors. We have threats. There was a report a week ago, of the government saying we are looking at risk of disruption in society. This is not small things. So something we need to address.

And then there's still the misconceptions, I don't know about security and I like to keep it that way. It's also something that -- that we address with our stakeholders.

I come to some of the programs that we work together. Many programs as we closely cooperate with the government, and that's something that is really good for The Netherlands. We have close lines, as we mentioned several times, different programs, Netherlands Digital and we feel as a private sector a responsibility to participate, to cooperate, to strengthen these programs and to use our knowledge to create a common goal of a safe place to do business in the mainport.

Three programs that I want to mention. One is a private initiative called the National Scrubbing Center. Just a small initiative based on companies that decided, well, we can't do it alone and so we should work together on protecting ourselves against DDOS. Because if you don't, you are a small company, it's expensive. The scrubbing center protects 42% of the total Dutch digital company, dense DDOS. It's just a bunch of people who created a backbone on the Internet exchange and put together a lot of technology and now protecting already for three years, many, many DDOS attacks daily. Nobody notices. The sites continue to grow and DDOS is becoming more an exception than the rule and we effectively ended that.

And we manage vulnerabilities and taking bonnets from hosting networks. A code of conduct, a reporting facility, a research done by TU Delft, with ECP to get that done. A very successful program that's rapidly gaining ground.

The third one is called partnering Trust, and that's an initiative to secure, to make security and very closely related to the cybersecurity act in Europe to make sure that complex value chain of different actors in the digital economy can trust each other's data without difficult contracts and complaints and something that makes compliance in the GDPR more understandable. If an entire service, including awful these components is secure.

This is some of the examples and I want to round this off by our wisdom, it's basically an African proverb. If you want to go fast, you go alone and that's how you have big companies, that's how they operate. But if you want to go further, you go together. There's no single problem that can solve the problem around security, and mitigating the risks alone. It's not just the government, and the cooperation of sticks and carrots and facilities, it will help us create and old our digital main hub as the number one board and sets examples for cooperating on externalities and things we don't want in the Internet.

So this is where I round it off, and I will hand it back over to Arie.

>> ARIE VAN BELLEN: Okay. Give him a big hand. Stay there.

(Applause)

Our next keynote speaker will be here shortly and we have some time to maybe take questions or otherwise I have questions. You have a huge amount of information. I know you are really doing this work and bringing parties together. The Netherlands, way up there. My first question would be, if you look at others -- you mentioned three, but we have a lot of projects with different stakeholders. How come it works? I would imagine there's also some characteristics of working together in The Netherlands. How do you get the results.

>> MICHIEL STELTMAN: The classic way, of public/private partnerships didn't really work in the digital age. Let's say we replicate a multi-stakeholder. We worked together with ECP and Arie and we found the only hub in The Netherlands is where they have the neutral ground. If you have large companies they hold it. If you have the government, you end up with discussions and government is tied by legal. The government has to be tied to the law and to find the neutral ground to find this common ground, you need a neutral place. That's one thing.

And the other thing is you don't just want to talk. You need to act. So all of these programs also need concrete money. They need goals and these are not just projects. Security is not something that is done when the project is done. Now we are safe. We can all go home. This is something that continues -- will continuously need to be enforced and amplified and improved by organizations --

>> ARIE VAN BELLEN: You mentioned money, but the one who pays, does he nominate? How do we do it?

>> MICHIEL STELTMAN: No, no. This is a maturity step that I see in other countries. Who will contribute to, let's say, the functions and the things that you need to keep the Internet safe and improve these cooperative initiatives. All of these parties need to contribute, companies, larger companies, government. Nobody needs to dominate those discussions. So this is a challenge, I think, and also a very interesting topic, how to finance CERTS and how to finance reporting points and how to finance hotlines and how to finance the functions that we all need to keep the Internet better and safe.

>> ARIE VAN BELLEN: Thank you. Is there somebody in the room who wants to make questions to Michiel about the Dutch infrastructure and all the arrangements surrounding it? Who will dare? Or who has a comment? I can give somebody -- yeah, please.

I will come to you.

There's a mic in the audience. Please, who are you?

>> AUDIENCE MEMBER: Hi, I'm from In Hope, a network of Internet hotlines where people can report child sexual abuse material, and I fully agree with you, because we work with governments and nonprofits and industry. My question to you will be: How do you deal with information sharing? Data exchange is something that we find quite challenging because governments collect one type of data, and end users another and industry a third, and with we come together, it's very difficult to combine all of it, whereas the combination is the success.

So that's my comment.

>> ARIE VAN BELLEN: Good question!

>> MICHIEL STELTMAN: Absolutely. We feel that sharing of information around threats, vulnerabilities is crucial to keep the Internet safe. On the one hand, we see different pools of information, from hotlines and shadow surfers and all sorts of points that have crucial bits of information. On the other hand, we see that networks to connect that and to make sure that the information is being directed to the right actor such as a hosting company who needs the information of what is going on on the network, and ISP, so find out what cybercrime activities on the network exist. And that's a crucial thing and still being developed. I see that struggle in many countries, in Germany and France, to put together networks where that information can be shared. That's one thing.

The other thing is that as we see some new legislation coming up that makes it increasingly difficult. So GDPR sometimes prevents information sharing because there are IP addresses and eprivacy will make that potentially more difficult. So I share that concern. I share the need to share information, but also share the concern that we need to deal with -- act together as governments and industry to make sure that with all good intention of new legislation, we don't throw away capabilities that we also need to keep the Internet secure.

>> ARIE VAN BELLEN: Thank you very much. Give a big hand to. I have to stop now here this part.

(Applause)

Michiel is available for questions or working together. I want to go to our next keynote speaker. Thank you very much. Michiel.


This text, document, or file is based on live transcription. Communication Access Realtime Translation (CART), captioning, and/or live transcription are provided in order to facilitate communication accessibility and may not be a totally verbatim record of the proceedings. This text, document, or file is not to be distributed or used in any way that may violate copyright law.

Report

Find an independent report of the session from the Geneva Internet Platform Digital Watch Observatory at https://dig.watch/sessions/whats-netherlands-showcase-dutch-best-practices-digital-domain.