SWOC/T Analysis of the National Cyber
Security Centre
Course: Security: Actors, Institutions and Constellations
Final assignment: SWOC/T analysis
Academic year: 2020-2021
Word count (excl. references + appendix): 3509
1
,1. Introduction
The National Cyber Security Centre (NCSC) is a public organisation which is part of the
Ministry of Justice and Security in The Netherlands. Their task is to protect the (1) central
governmental bodies and (2) the vital infrastructure in The Netherlands from threats in
cyberspace (Rijksoverheid 2020a). The NCSC is a security actor involved in policing, because it
aims at ensuring the security of the Dutch society, and the activities of the NCSC are designed to
achieve this goal (Button 2002: 6; ibid.). Because the NCSC is officially part of the Dutch
government, they can be classified as an organisation involved in policing by the government
(Loader 2000: 326).
An important part in the strategic planning process cycle is to do a Strengths,
Weaknesses, Opportunities and Challenges / Threats (SWOC/T) analysis of the organisation in
question (Bryson 2011). This is why in this document, you can find a SWOC/T analysis of the
NCSC, which will be presented by first illustrating the internal environment with its weaknesses
and strengths, followed by an assessment of the external environment and the accompanying
opportunities and challenges/threats, ending with a concluding section.
2. Internal environment
2.1 Mission
The NCSC wants to contribute to increasing the resilience of Dutch society in the ICT-domain.
The mission is to make The Netherlands digitally secure. The NCSC wants to achieve this
mission by collaborating with public and private parties (ACN 2020; DigitaleOverheid.nl 2020;
NCSC 2020a; IFV 2020). The organisation states that they find the digital infrastructure (and the
2
, security thereof) of vital importance (Dutch: levensbelang). If this infrastructure fails, the
consequences can be catastrophic, e.g. not getting clean water from a tap. This notion seems to
be in line with the vision of security as a prime value approach, since without the security of
these systems, other important values cannot exist (Baldwin 1997: 19; NCSC 2020b). The more
specific goals of the NCSC are not presented in a central place. However, based on several
reports, the following sub-goals of the NCSC’s mission can be identified:
● To limit damage and quickly recover if a digital attack were to occur (NCTV 2020a);
● Creating a safe way of dealing with information through tips from the Baseline
Information-security Government document (abbreviation: BIO) (Leisink 2020);
● Being able to bundle capacities and knowledge from signers of the National Response
Network when a cyber-incident occurs (NCSC.nl 2020);
● To inform managers of the NCSC’s target group of the dangers of ransomware and how
to deal with it (NCSC-FS 2020).
2.2 Values
The NCSC has three core values: understanding, connecting and preventing. Firstly, they
understand the vulnerabilities and threats in the digital domain. The NCSC identifies and
indicates the trends and risks in cyberspace. They aim for the knowledge they collect to be
broadly accessible. Secondly, the NCSC connects knowledge, parties and information. Being a
governmental organisation, they operate as the link in a network of national and international
partners. Thirdly, the NCSC prevents and limits societal threats by offering expert support and
advice. With their studies, analysis and products, they offer a direct operating perspective. When
there is a cybersecurity crisis, they are available 24/7 for help. Next to the three main values,
3
Security Centre
Course: Security: Actors, Institutions and Constellations
Final assignment: SWOC/T analysis
Academic year: 2020-2021
Word count (excl. references + appendix): 3509
1
,1. Introduction
The National Cyber Security Centre (NCSC) is a public organisation which is part of the
Ministry of Justice and Security in The Netherlands. Their task is to protect the (1) central
governmental bodies and (2) the vital infrastructure in The Netherlands from threats in
cyberspace (Rijksoverheid 2020a). The NCSC is a security actor involved in policing, because it
aims at ensuring the security of the Dutch society, and the activities of the NCSC are designed to
achieve this goal (Button 2002: 6; ibid.). Because the NCSC is officially part of the Dutch
government, they can be classified as an organisation involved in policing by the government
(Loader 2000: 326).
An important part in the strategic planning process cycle is to do a Strengths,
Weaknesses, Opportunities and Challenges / Threats (SWOC/T) analysis of the organisation in
question (Bryson 2011). This is why in this document, you can find a SWOC/T analysis of the
NCSC, which will be presented by first illustrating the internal environment with its weaknesses
and strengths, followed by an assessment of the external environment and the accompanying
opportunities and challenges/threats, ending with a concluding section.
2. Internal environment
2.1 Mission
The NCSC wants to contribute to increasing the resilience of Dutch society in the ICT-domain.
The mission is to make The Netherlands digitally secure. The NCSC wants to achieve this
mission by collaborating with public and private parties (ACN 2020; DigitaleOverheid.nl 2020;
NCSC 2020a; IFV 2020). The organisation states that they find the digital infrastructure (and the
2
, security thereof) of vital importance (Dutch: levensbelang). If this infrastructure fails, the
consequences can be catastrophic, e.g. not getting clean water from a tap. This notion seems to
be in line with the vision of security as a prime value approach, since without the security of
these systems, other important values cannot exist (Baldwin 1997: 19; NCSC 2020b). The more
specific goals of the NCSC are not presented in a central place. However, based on several
reports, the following sub-goals of the NCSC’s mission can be identified:
● To limit damage and quickly recover if a digital attack were to occur (NCTV 2020a);
● Creating a safe way of dealing with information through tips from the Baseline
Information-security Government document (abbreviation: BIO) (Leisink 2020);
● Being able to bundle capacities and knowledge from signers of the National Response
Network when a cyber-incident occurs (NCSC.nl 2020);
● To inform managers of the NCSC’s target group of the dangers of ransomware and how
to deal with it (NCSC-FS 2020).
2.2 Values
The NCSC has three core values: understanding, connecting and preventing. Firstly, they
understand the vulnerabilities and threats in the digital domain. The NCSC identifies and
indicates the trends and risks in cyberspace. They aim for the knowledge they collect to be
broadly accessible. Secondly, the NCSC connects knowledge, parties and information. Being a
governmental organisation, they operate as the link in a network of national and international
partners. Thirdly, the NCSC prevents and limits societal threats by offering expert support and
advice. With their studies, analysis and products, they offer a direct operating perspective. When
there is a cybersecurity crisis, they are available 24/7 for help. Next to the three main values,
3
