A State-of-The-Art Review

Published in: Research and Documentation Centre, Ministry of Justice and Security (2019)

Posted on on September 04, 2019

by Erik Silfversten, Erik J. Frinking, Nathan Ryan, Marina Favaro

Read More

Access further information on this document at

This article was published outside of RAND. The full text of the article can be found at the link above.

The NCTV (Nationaal Coordinator Terrorismebestrijding en Veiligheid — 'National Coordinator for Security and Counterterrorism') partners with government, science and business in order to both protect the Netherlands against threats that can disrupt society, and ensure that Dutch vital infrastructure is — and remains — safe.

Digital transformation has reshaped our world and will continue to disrupt the status quo. While technology is a key driver for realising societal and economic benefits, it also brings about new security challenges. The government of the Netherlands, Dutch businesses, civil society and individuals currently face a range of prominent, emerging and resurgent cybersecurity risks and threats. As concluded in the Cyber Security Assessment Netherlands (CSAN) from the NCTV the country's digital resilience continues to lag behind the growing cyber threat.

RAND Europe examined the current state-of-the-art in cybersecurity. In this context, state-of-the-art refers to a snapshot overview of prominent risks, threats or policy issues in the field of cybersecurity, as well as issue areas that are perceived to be overlooked by the NCTV or the scientific community. The cybersecurity state-of-the-art review is divided into two phases:

  1. Phase 1 aims to perform an initial scan of the cybersecurity field in order to highlight prominent or underexposed issues that are perceived to warrant further attention from the NCTV;
  2. Phase 2 aims to investigate the research questions identified in Phase 1, and will be carried out through a separate study. The study only covers Phase 1 of this process.

The overarching aim of this study is therefore to explore which current cybersecurity topics are relevant to be explored further through additional research in Phase 2.

Research conducted by

This report is part of the RAND Corporation External publication series. Many RAND studies are published in peer-reviewed scholarly journals, as chapters in commercial books, or as documents published by other organizations.

Our mission to help improve policy and decisionmaking through research and analysis is enabled through our core values of quality and objectivity and our unwavering commitment to the highest level of integrity and ethical behavior. To help ensure our research and analysis are rigorous, objective, and nonpartisan, we subject our research publications to a robust and exacting quality-assurance process; avoid both the appearance and reality of financial and other conflicts of interest through staff training, project screening, and a policy of mandatory disclosure; and pursue transparency in our research engagements through our commitment to the open publication of our research findings and recommendations, disclosure of the source of funding of published research, and policies to ensure intellectual independence. For more information, visit

The RAND Corporation is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.