The Challenge
Government implementing agencies are becoming increasingly digital and dependent on technology. If that technology malfunctions or critical systems fail, there are immediate and particularly adverse consequences for citizens. The risk of this grows even more as geopolitical tensions and cyber threats increase. This has serious consequences not only for service delivery, but also for the reputation of the organization and administrators. Digital resilience is therefore a top priority.
The organization in question wanted to structurally increase the level of cyber maturity, provide additional protection for critical information systems and comply with the new cybersecurity directive NIS2 as of 2025.
Within the organization specifically, there were also a number of tough security issues that needed to be addressed regarding network segmentation, improving Identity & Access Management (IAM) and extending technology to more quickly identify security threats to critical information systems.
The Approach
Eraneos assisted the organization in the approach and design of a multi-year program to structurally increase digital resilience. This is divided into projects in the areas of network zoning, improved Identity & Access Management, increasing resilience against cyber-attacks, security by design (DevSecOps), continued development of security monitoring and implementation of the new NIS2 cyber security directive. Program governance is set up across the board. In a monthly program board, directors of the various business units participate. This creates a significant increase and increased awareness at the board level. Discussing the content of the objectives with the directors and applying learning on the job has created support and commitment to the important themes.
Thanks to increased awareness, new technology and improved collaboration, cyber maturity has increased
Eraneos also provided specific substantive project support on the security-by-design project and the implementation of the NIS2 directive, among others.
The goals have been made concrete and measurable by setting clear and achievable outcomes each quarter. The project dashboards are set up in a very visual way based on Obeya, making progress and dilemmas very visible to all involved.
The challenge was to improve cooperation between the various stakeholders from Business, IT, Security, Risk & Compliance. This was realized by organizing content knowledge sessions. Stakeholders who in the past were not always used to working together towards one goal, now have more of that focus on common goals instead of pointing at each other for achieving the goals.
Employees gain more knowledge and project activities are well established in the organization. This allows the implementing agency to continue the work even after projects are completed.
The Results
Together with the implementing organization, Eraneos has taken concrete steps to increase digital resilience. Improved Identity & Access Management (IAM) ensures proper control of access to systems, while a new zoning architecture ensures that an attack does not immediately affect the entire IT landscape. Its implementation is in full swing.
Additional contingency measures ensure that critical functions and processes can remain operational in the event of a cyberattack, essential for service continuity. In addition, new monitoring-use cases make anomalies in critical systems immediately apparent, strengthening resilience to cyber threats.
To further embed security, a security community has been established in which development teams embrace security by design. This is supported with clear rules and controls. Finally, a strategic approach ensures the organization is fully NIS2-compliant by 2025, with concrete quarterly goals and visual project dashboards to keep progress clear.
These improvements lay a solid foundation with which the organization can continue to develop its digital resilience independently.