In May 2018, the new Dutch Intelligence and Security Services Act 2017 (Wet op de Inlichtingen- en veiligheidsdiensten, Wiv) will enter into force. It replaces the previous 2002 Act and incorporates many reforms to the information gathering powers of the two intelligence and security services as well as to the accountability and oversight mechanisms. Due to the technologyneutral approach, both the civil and the military intelligence services are now authorized to, for example, intercept communications in bulk, hack third parties, decrypt files, store DNA or use any other future innovative technology. Also, the national security legislation extends the possibilities for the indiscriminate collection of data, and for the processing, storage and analysis thereof. The process leading to the law includes substantial criticism from the various stakeholders involved. Upon publication of this report, an official consultative referendum is being organized on the new act. The aim of this policy brief is to provide an international audience with a comprehensive overview of the most relevant aspects of the act and its context. In addition, there is considerable focus on the checks and balances as well as the bottlenecks of the Dutch intelligence gathering reform. The selection of topics is based on the core issues addressed during the parliamentary debate and on the authors’ insights.
DOCUMENT
Het aantal banen neemt toe. Jaarlijks ontstaan er volgens CBS (2019) ongeveer 900 duizend vacatures. Deze keer is de verandering op de arbeidsmarkt niet het resultaat van één enkele factor, maar eerder een combinatie van vijf factoren: snelle technologische vooruitgang, diepgaande veranderingen in gezondheid en demografie, een groeiende economie, toenemende globalisering en belangrijke maatschappelijke veranderingen - die samen een groot deel van wat we als vanzelfsprekend beschouwen, fundamenteel transformeren (Gratton, 2011). Digitalisering en automatisering spelen een grote rol bij deze veranderingen. Er zijn optimistische voorspellingen dat nieuwe technologieën de arbeidsmarkt ten goede komen. Technologie verlaagt bijvoorbeeld de werkdruk. We zouden door technologie zelfs naar een kortere werkweek kunnen en nieuwe banen erbij krijgen, zodat niemand ongewild zonder werk komt te zitten (Ford, 2015; Giang, 2015; Mahdawi, 2017; MGI, 2017). Echter, de angst dat automatisering banen over gaat nemen en er een tekort aan werk gaat ontstaan, is ook een veelgehoorde zorg (Alexis, 2017; Ford, 2015; Giang, 2015; MGI, 2017; WRR. 2013).
DOCUMENT
Worldwide there is a lack of well-educated and experienced information security specialists. The first step to address this issue is arranging enough people with a well-known and acceptable basic level of information security competences. However, there might be a lot of information security education and training, but there is anything but a well-defined outflow level with a known and acceptable basic level of information security competences. There exists a chaotic situation in respect of the qualification of information security professionals, with the emergence of a large number of difficult to compare certificates and job titles. Apparently the information security field requires uniform qualifications that are internationally recognized. Such qualifications could be an excellent way of unambiguously clarifying the knowledge and skills of information security professionals. Furthermore it gives educational institutions a framework which facilitates the development of appropriate information security education and training.
DOCUMENT
The project aims to improve palliative care in China through the competence development of Chinese teachers, professionals, and students focusing on the horizontal priority of digital transformation.Palliative care (PC) has been recognised as a public health priority, and during recent years, has seen advances in several aspects. However, severe inequities in the access and availability of PC worldwide remain. Annually, approximately 56.8 million people need palliative care, where 25.7% of the care focuses on the last year of person’s life (Connor, 2020).China has set aims for reaching the health care standards of the developed countries by 2030 through the Healthy China Strategy 2030, where one of the improvement areas in health care includes palliative care, thus continuing the previous efforts.The project provides a constructive, holistic, and innovative set of actions aimed at resulting in lasting outcomes and continued development of palliative care education and services. Raising the awareness of all stakeholders on palliative care, including the public, is highly relevant and needed. Evidence based practice guidelines and education are urgently required for both general and specialised palliative care levels, to increase the competencies for health educators, professionals, and students. This is to improve the availability and quality of person-centered palliative care in China. Considering the aging population, increase in various chronic illnesses, the challenging care environment, and the moderate health care resources, competence development and the utilisation of digitalisation in palliative care are paramount in supporting the transition of experts into the palliative care practice environment.General objective of the project is to enhance the competences in palliative care in China through education and training to improve the quality of life for citizens. Project develops the competences of current and future health care professionals in China to transform the palliative care theory and practice to impact the target groups and the society in the long-term. As recognised by the European Association for Palliative Care (EAPC), palliative care competences need to be developed in collaboration. This includes shared willingness to learn from each other to improve the sought outcomes in palliative care (EAPC 2019). Since all individuals have a right to health care, project develops person-centered and culturally sensitive practices taking into consideration ethics and social norms. As concepts around palliative care can focus on physical, psychological, social, or spiritual related illnesses (WHO 2020), project develops innovative pedagogy focusing on evidence-based practice, communication, and competence development utilising digital methods and tools. Concepts of reflection, values and views are in the forefront to improve palliative care for the future. Important aspects in project development include health promotion, digital competences and digital health literacy skills of professionals, patients, and their caregivers. Project objective is tied to the principles of the European Commission’s (EU) Digital Decade that stresses the importance of placing people and their rights in the forefront of the digital transformation, while enhancing solidarity, inclusion, freedom of choice and participation. In addition, concepts of safety, security, empowerment, and the promotion of sustainable actions are valued. (European Commission: Digital targets for 2030).Through the existing collaboration, strategic focus areas of the partners, and the principles of the call, the PalcNet project consortium was formed by the following partners: JAMK University of Applied Sciences (JAMK ), Ramon Llull University (URL), Hanze University of Applied Sciences (HUAS), Beijing Union Medical College Hospital (PUMCH), Guangzhou Health Science College (GHSC), Beihua University (BHU), and Harbin Medical University (HMU). As project develops new knowledge, innovations and practice through capacity building, finalisation of the consortium considered partners development strategy regarding health care, (especially palliative care), ability to create long-term impact, including the focus on enhancing higher education according to the horizontal priority. In addition, partners’ expertise and geographical location was also considered important to facilitate long-term impact of the results.Primary target groups of the project include partner country’s (China) staff members, teachers, researchers, health care professionals and bachelor level students engaging in project implementation. Secondary target groups include those groups who will use the outputs and results and continue in further development in palliative care upon the lifetime of the project.
Het opslaan van gevoelige bedrijfsgegevens op niet-goedgekeurde hardware, software en services, zoals Dropbox of Google Drive, gebeurt vaak, ondanks de veiligheidsrisico’s. Dit fenomeen heet Shadow IT. Shadow IT-gedrag brengt grote veiligheidsrisico’s met zich mee, doordat gevoelige gegevens opgeslagen wordt op onveilige locaties. Tegelijkertijd beschikken organisaties niet over methoden om deze risico’s adequaat te monitoren en beheersen.
Over the past decade, the trend in both the public sector and industry has been to outsource ICT to the cloud. While cost savings are often used as a rationale for outsourcing, another argument that is frequently used is that the cloud improves security. The reasoning behind this is twofold. First, cloud service providers are typically thought to have skilled staff trained in good security practices. Second, cloud providers often have a vastly distributed, highly connected network infrastructure, making them more resilient in the face of outages and denial-of-service attacks. Yet many examples of cloud outages, often due to attacks, call into question whether outsourcing to the cloud does improve security. In this project our goal therefore is to answer two questions: 1) did the cloud make use more secure?and 2) can we provide specific security guidance to support cloud outsourcing strategies? We will approach these questions in a multi-disciplinary fashion from a technical angle and from a business and management perspective. On the technical side, the project will focus on providing comprehensive insight into the attack surface at the network level of cloud providers and their users. We will use a measurement-based approach, leveraging large scale datasets about the Internet, both our own data (e.g. OpenINTEL, a large- scale dataset of active DNS measurements) and datasets from our long-term collaborators, such as CAIDA in the US (BGPStream, Network Telescope) and Saarland University in Germany (AmpPot). We will use this data to study the network infrastructure outside and within cloud environments to structurally map vulnerabilities to attacks as well as to identify security anti-patterns, where the way cloud services are managed or used introduce a weak point that attackers can target. From a business point of view, we will investigate outsourcing strategies for both the cloud providers and their customers. For guaranteeing 100% availability, cloud service providers have to maintain additional capacity at all times. They also need to forecast capacity requirements continuously for financially profitable decisions. If the forecast is lower than the capacity needed, then the cloud is not able to deliver 100% availability in case of an attack. Conversely, if the forecast is substantially higher, the cloud service provider might not be able to make desired profits. We therefore propose to assess the risk profiles of cloud providers (how likely it is a cloud provider is under attack at a given time given the nature of its customers) using available attack data to improve the provider resilience to future attacks. From the costumer perspective, we will investigate how we can support cloud outsourcing by taking into consideration business and technical constraints. Decision to choose a cloud service provider is typically based on multiple criteria depending upon the company’s needs (security and operational). We will develop decision support systems that will help in mapping companies’ needs to cloud service providers’ offers.
