COcyber Batch #3 Ambassadors in the Spotlight: Maarten Botterman

With its third batch now underway, the COcyber Ambassador Programme continues to expand the network of professionals supporting stronger civilian-defence cybersecurity cooperation in Europe. Since its launch, each of the three cohorts has brought new expertise, perspectives and connections, helping to broaden the project’s outreach and reinforce dialogue within the cybersecurity community.

As Batch 3 approaches the final stage of its six-month ambassadorship, we are introducing the professionals who have helped carry this work forward.

In this article, we spoke with Maarten Botterman, Director of GNKS Consult BV, about his background, his perspective on the European cybersecurity landscape, and his reflections on the COcyber Ambassador experience as the journey comes to an end.

Q: Who are you, and what is your professional background?

I am a global leader on Internet Governance and related issues with 25+ years of experience in guiding governments and major organisations on the economic, business, and societal impacts of current and future internet innovations and technologies. I have chaired the ICANN Board, the Public Interest Registry Board, Nlnet Foundation, and I hve published over 100 reports and articles relating to a broad range of information society issues, ranging from telecom regulations to data privacy, from internet governance to future internet developments and emerging technologies.

My passion is making the best use of internet-related technologies for a sustainable society. My mission is increasing justifiable trust in the use of the Internet and e-mail. My vision is based on a deep understanding of what it means to live in a global, knowledge-based society, and my driving motivation is doing the right thing from a public interest perspective in the one world we share.

My activities consist of independent digital policy advice, board governance, cyber capacity building, and teaching and mentoring young people on Internet governance matters. Alongside my research work at GNKS Consult, I serve as Strategic Advisor to EasyDMARC and Chair of the Advisory Board of Whisper.security. I also teach Internet Governance to youth ambassadors at the Internet Society and organise capacity building workshops for safer use of the Internet around the world. I have also been a Member of the ENISA Permanent Stakeholder Group.

Q: Since when and how are you involved in the European cybersecurity sector?

My involvement in European cybersecurity goes back to 1995, when as Scientific Officer at the European Commission supporting the Telecom and IT Research programmes, cybersecurity beyond information security was already considered a crucial element in "going digital." Towards the end of 1999 I joined the RAND Corporation to set up an Information Society Policy Practice in the European Office, where some of the first European-sponsored cybersecurity work I led was the Dependability Development Support Initiative, focusing on what it takes to ensure dependability in the telecom and internet ecosystems.

From 2003 to 2006 I was CEO of the UK public-private platform Information Assurance Advisory Council, bringing together representatives from UK industry, government, and parliament to promote information assurance. I have been a Member of the ENISA Permanent Stakeholder Group and supported ENISA in its development. I also led a team advising on the "home" of the European Cyber Crime Centre, ultimately linked to Europol. 

More recently, for the Global Forum for Cyber Expertise, I have run a series of workshops around the world to "enhance justifiable trust in the use of the Internet and e-mail," focusing on regional capacity building by raising awareness of modern internet standards, inspiring through good practices from around the world, and supporting joint action planning with the help of global players.

Q: From your perspective, what are the main challenges in the collaboration of the civilian and defence cybersecurity sectors in Europe?

Over the years, I have been in rooms with people who would not share their real name or the organisations they worked for, and yet collaboration between civil and government security, police, and the military has been a necessity from the outset. I have seen and learned that strict divides, often put in place for good reasons, have stopped fruitful exchanges and collaboration that seemed obvious, and we cannot afford that anymore.

Cyberspace is a shared space that needs to be secure and safe enough for people around the world to benefit from. At the same time, it offers an attack vector that requires active defensive and security measures. Ensuring there is a space people can trust enough to benefit from is only possible when we actively support cross-collaboration where it is needed and possible.

Q: Again, from your perspective, what are the most crucial steps to address these challenges and strengthen Europe's joint digital safety efforts?

I see four crucial steps. The first is ensuring that good governance, whether at national or organisational level, includes an explicit responsibility to ensure digital assets are appropriately protected. This cannot be done without raising awareness at all levels, from strategic command and control staff, parliaments, and relevant civil servants, all the way to businesses and citizens who engage with the digital space even if only as user. They all need to be able to rely on trusted sources for information.

The second is ensuring robust infrastructures. Modern internet standards are developed with the integrity of origin and message in mind and need to be applied throughout our infrastructures. This comes with a cost, so unless we actively stimulate adoption through mechanisms such as NIS2, CSA and CRA legislation, vulnerabilities we do not need and frankly cannot afford will remain. Clarity for all on what "responsible use" looks like and which standards should at minimum be considered is key.

The third is ensuring that infrastructure is provided in a way that capture by single companies or country governments cannot lead to destructive disruption. Digital sovereignty measures are to be considered though it should be clear this is not the same as isolation, as a global digital space we can use remains crucial.

The fourth is looking ahead and integrating evolving technologies such as AI, and pre-empting quantum developments before they outpace our defences – and not wait for things to go wrong before taking action. It would be irresponsible to “wait for the Titanic to sink” if it is already obvious that action is needed to prevent that – whih I believe is the case. Civil and defence sectors alike.

Q: Did your experience as a COcyber Ambassador align with what you expected at the beginning, and what are your key reflections now that the journey is ending?

Whereas change is the only constant, cybersecurity challenges are clearly accelerating in scale, nature and impact. Geopolitical tensions, the rapid rise of AI, and the accelerating development of quantum networking and computing all demonstrate that responsible risk management can no longer be reactive. The wars in Ukraine and Iran further underline how blurred the lines between “civilian” and “defence” have become, especially in cyberspace.

For me, this made it easy to say “yes” to joining the COcyber Ambassador network. Having been in the room several times, I have seen both the struggle and the growing recognition that collaboration across sectors is no longer optional, but necessary. This is not only a practical challenge; it also requires cultural change and mutual trust. What encouraged me most is seeing an expanding community of experts from both civilian and defence backgrounds willing to take these first important steps together. Much remains to be done, but the foundations for more effective and responsible cooperation are clearly being built.