Belgium (BE)

National Cyber Security Strategy

The national strategy was prepared by BELNIS, the national consultation forum on information security.

Appropriate definition for "critical infrastructure protection" (CIP): Yes

The strategy defines 3 strategic objectives across eight action domains.

Obj. 1 - Ensure a safe and reliable cyberspace.

Obj. 2 - Provide optimal security and protection for critical infrastructures and governmental information systems.

Obj. 3 - Enable the development of national cyber security capabilities.


Current status: National Cyber Security Strategy

Year of adoption

Belgium - Cyber Security Strategy 2012 in French and Dutch

Updates and revisions A Strategy for Defence was published in 2014.
Implementation and Monitoring Implementation and monitoring is understood to take place through national government.

Legal conditions

Policy requirement for an inventory of "systems" and the classification of data. Policy requirement for security practices/requirements mapped against risk levels. There is only partial implementation of a critical infrastructure protection (CIP) strategy. There is also only partial coverage of mandatory reporting of cybersecurity incidents and with regard to requirements for public and private procurement of cybersecurity solutions based on international accreditation or certification schemes, without additional local requirements. There are several important gaps at the legal level. Missing elements include: no requirement to establish a written information security plan; no requirment for an annual cyber-security audit; no requirement for a public report on cyber-security capacity for government and no requirement for an agency to have a chief information officer (CIO) or chief security officer (CSO). 

Operational capacities
  • National computer emergency response team (CERT)/computer security emergency response team established in 2008.
  • A national competent authority for network and information security (NIS) established.
  • Incident reporting platform for collecting cyber-security incident data available.
  • Conducting of national cyber security exercises.

No national incident management structure (NIMS) for responding to cybersecurity incidents.

Public-private partnerships Only partially defined public private partnership (PPP) for cybersecurity with no evident planning underway. However, there are business/industry cyber-security councils in place.
Sector-specific cyber-security plans Several key elements are missing, such as a joint public private sector plan on cyber security; sector specific priorities; sector risk assessment.
Risk assessment plan Rsk assessment is not part of the national strategy though the number of reported incidents is publicly available along with an online guide to cyber threats.
Progress measures

No information currently available.

Date of last WISER analysis July 2016


Current status: NIS Directive and national CERTs/CSIRTs

Computer security incident response teams (CSIRTs)

Belgium currently has 1 public response team and 1 private one. - cyber emergency team of the Belgian federal government tasked with assisting private and public sector organisations in the event of a cyber incident, coordinating the handling of large-scale incidents, and information sharing through events and publications free of charge. It works with an international team of cyber-security experts and assists in setting up CERT activities. also incorporates Belnet CERT - research and education network to improve quality and level of service.

Proximus Cyber Security Incident Response Team (PXS-CSIRT *formerly known as BGC-CSIRT) - Commercial CERT for its ISP-customers and Belgacom-service customers, including affiliated organisations such as Telindus NL, UK, and LU. Certified in July 2016.
Certified: July 2016.

Best practices:

Safe on line guide, including different types of cyber attacks.

Monitoring system

Not currently known.

Report an incident

Dutch, French, English

Date of last WISER analysis July 2016


Contact us for more info