What steps do we need to take to improve cyber security in the Netherlands? What cyber threats lie ahead of us? TNO works with organisations to address not just today’s cyber security challenges, but maybe more importantly, the challenges we face in the (near) future and innovations in response. So what are some of the challenges do we face?

What is cyber security and why is it so important?

The Netherlands National Cyber Security Centre (NCSC) defines cyber security as ‘all measures taken to prevent the consequences of disruption, malfunction and misuse of computers and information systems’. This includes all measures taken to limit and repair damage.

Stories of ransomware attacks that cripple entire organisations and cyber attacks that disrupt our daily lives are frequently reported in the media. The growing complexity of these attacks and the massive impact they have on businesses and society make cyber security a necessity to keep the Netherlands running.

But how do you equip your organisation with the knowledge and resources needed to ensure digital resilience? How do you keep your cyber security policy clear and closely aligned with your business goals? And what can The Netherlands do to address the shortage of cyber security experts? At TNO we work with organisations to find solutions to these kinds of cyber security challenges. Here are 10 key challenges we face.

1. Advanced cyber attacks such as ransomware are on the rise

As digital systems become more complex and volumes of data increase, early detection of malicious software becomes more and more important. One of the solutions being developed by TNO is security monitoring and detection technology, which quickly identifies suspicious patterns. A typical example would be a laptop which very frequently connects to the outside world. This can be a sign of a malware infection.

Security Monitoring Detection

Read more

2. Attacks on industrial it systems are increasing

A growing number of attacks are specifically designed to disrupt industrial control systems (ICS). These systems are essential to the operation of factories, utility companies and other organisations that make extensive use of industrial processes and IT and OT networks.

If these systems are infected with malicious software, it can cripple a company for days. Sensitive data, such as designs and programs, may be lost and end up on the Dark Web. TNO works to protect industrial organisations and their industrial control systems from cyber attacks.

3. Cyber criminals now operate internationally

Cyber crime does not stop at national borders. This makes it difficult to track down cyber criminals. The fact that criminals can hide behind the anonymity of the Dark Web makes things even more complex. TNO is developing technologies that are able to detect the use of phishing kits, identify trends in the Dark Web and expose the identity of criminals hiding behind anonymity.

The right tools for effective detection and prevention of cyber crime

Read more

4. Supply chain attacks are increasing

Since many large organisations have strong cyber security protocols in place, attackers increasingly target their supply chains. These attacks through suppliers require sophisticated planning and can have dire consequences, such as the SolarWinds hack in 2020. TNO is developing technologies to prevent these supply chain attacks.

3 priorities for cyber security in the supply chain

Download the paper "When the chain itself is the weakest link cybersecurity in the supply chain"


5. Cyber attack techniques are constantly evolving

While existing techniques still succeed, more advanced cyber attack technologies with high levels of automation and technical sophistication are being developed every day. Since cyber criminals are increasingly using artificial intelligence (AI), TNO works closely with academics and companies to more quickly identify cyber security risks also with the aid of AI.

AI and machine learning (ML) can instantly analyse millions of situations to identify threats ranging from malware to phishing attacks and downloads of malicious code. TNO is developing self-learning systems that monitor behavioural patterns and profiles in order to detect discrepancies and attacks.

Cyber Security

Read more

6. There is a serious shortage of cyber security experts

For some years now, there has been a shortage of qualified cyber security experts. And there is a general shortage of specialist knowledge in many organisations. This can be addressed in different ways. One is to provide better and more advanced training for more people.

Another part of the solution is to automate routine procedures and decision-making support systems for cyber capabilities such as detection and response in a Security Operations Centre (SOC). Find out how automated security can support scarce cyber security experts.

Automated Security

Read more

7. How do you build a professional cyber workforce?

Cyber security is now essential for every organisation. Employees play an important role in this. Cyber security experts are in great demand and the shortage will simply increase in years to come. While cybersecurity needs differ from one organisation to another, all face the major challenge of having to build a professional cyber workforce, from basic knowledge to top-level expertise.

How do you find the right people? What requirements do they need to meet? And how do you train them? TNO offers an integrated approach to building a uniquely capable professional cyber workforce.

Developing a cyber workforce

Read more

8. The time to start preparing for a quantum-safe future is now

As we embrace the many new possibilities offered by quantum computing, we also need to start addressing the cyber threats it poses. Quantum computers will be able to decode widely used forms of cryptography. This is already a challenge since all of the encrypted information currently being communicated and stored can be kept so it can later be decoded by a quantum computer.

This is particularly relevant when it comes to sensitive information. Another factor is that the transition to quantum-safe cryptography will take time. Working out how to prepare your organisation to meet these cyber security threats is a major challenge, so at TNO we have developed resources to help and are researching migration paths.

Quantum Safe Crypto

Read more

9. Secure data sharing with multi-party computation

The sharing of data from different sources could potentially be extremely helpful. In healthcare for example, combining patient data held by healthcare institutions could lead to valuable insights and new treatment methods. But how do we ensure that there is no breach of privacy?

TNO is currently working on a secure data sharing method known as multi-party computation (MPC). This is a clever way of generating a common database without having to reveal privacy-sensitive data. Data is protected by encryption techniques so it can be shared without disclosing personal data.

Secure multi-party computation

Read more

10. Undiscovered vulnerabilities pose a major risk

The risks resulting from unknown software vulnerabilities are a major blind spot in IT security. TNO is looking into how organisations can use automated vulnerability research (AVR) to identify software vulnerabilities as early as possible and automatically increase their cyber resilience.

Advancing organisations through cyber innovation

TNO is constantly pursuing innovation in the field of cyber security. We engage in new collaborations that allow us to share and broaden our specialist knowledge. This way we help create innovations that make the Netherlands more secure and Dutch businesses more competitive. To find out more about opportunities to work with us, contact Patrick de Graaf.

To learn more about our cyber security activities

Contact Patrick de Graaf


Our work

Cybersecurity for complex networks

Self-driving cars can no longer be viewed as a single system. These are cars with complex computer systems that independently make countless connections with the driver, with other vehicles, with the... Read more


Patrick de Graaf LL.M.

  • Cyber Operations
  • Hybrid Strategies