“We have to get smart.”

NBIP General Director Octavia de Weerdt on how cybersecurity could become Europe’s strategic edge

As General Director of NBIP and contributor to the 8ra Initiative, Octavia de Weerdt makes the case for a decentralised infrastructure, open standards and trust-based collaboration.

June 2025

In Conversation with Octavia de Weerdt
General Director, NBIP

In this interview, Octavia de Weerdt, General Director of NBIP, outlines how a non-profit, community-based approach to cybersecurity can strengthen Europe’s digital resilience. For over two decades, NBIP has supported Dutch digital infrastructure providers by pooling operational expertise and technical resources to deliver secure, compliant services. As a key contributor to the 8ra security workstream and the MISD project, the organisation is now helping extend this model across Europe – advancing the development of a decentralised, trusted infrastructure for the cloud-edge continuum.

Octavia explains why security must be seen as the foundation of infrastructure rather than an add-on, why open standards and access to threat intelligence are crucial for sovereignty, and how Europe can compete globally not through scale, but through skills, trust and smart regulation. As the boundaries between cloud and edge blur, her message is clear:

Shared problems demand shared solutions. And cybersecurity is no exception.

Can you briefly introduce NBIP and explain what brought your organisation into the 8ra Initiative?

“NBIP was initially founded to help internet providers solve shared problems together. That started with compliance challenges in the early 2000s and evolved into a shared service model that today supports over 200 digital infrastructure providers in the Netherlands and eight other European countries. For instance, we operate a European DDoS mitigation centre and the spillover effect is significant. Through this service, we protect a large number of websites and services for our participants across the Netherlands and increasingly Europe.

For us, decentralisation wasn’t a new concept – it was the next step. We were already asking: how can we deliver these services not just nationally, but across a distributed European network? 8ra came at exactly the right time. It provides a framework to expand that model across borders while staying aligned with our principles: collaboration, neutrality and resilience.”

What are the key challenges in securing distributed infrastructure?

“Everything is connected now – industrial systems, everyday devices – and that means every connection can become a vulnerability. Attacks like Mirai – an infamous piece of malware that hijacked connected devices to create a large botnet – showed how easily these systems can be exploited at scale.

But what concerns me most is the lack of visibility. Many organisations don’t see their own traffic anymore because data moves through opaque, centralised platforms. That limits their ability to detect threats or even understand what’s happening. It also makes it harder to train the next generation of cybersecurity professionals. We can’t develop skills if we can’t observe the systems that we’re supposed to secure.

That’s why transparency is so important. In the Netherlands, we are a founding member of the national Anti-DDoS Coalition. And while NBIP works with around 200 providers, which may not sound like much, their customers represent millions of websites, applications and systems that benefit from secure, hardened network infrastructure. That kind of spillover effect shows what’s possible when we build security from the ground up, and why we need more operational cooperation at the European level.”

How does your non-profit model influence NBIP’s role in the 8ra Initiative?

“We operate on the belief that security is a shared good. We don’t have competitors – everyone who contributes to strengthening the network is part of the solution. That shapes how we work: we share our tools, our knowledge and our time.

We also focus on making research practical. We collaborate with universities and translate their findings into operational security measures. It’s about building a bridge between academia and the real-world needs of providers. That’s where we see our added value within 8ra – linking ideas to implementation.

We advocate for open platforms. That doesn’t mean services are free, our participants fund our work, but the outcomes must be interoperable and transparent. You can’t build trust or resilience on a closed system.“

What kind of support do providers and initiatives need from regulation and European institutions?

“There’s a growing gap between what’s expected and what smaller providers can realistically manage. Many SMEs are overwhelmed by regulation. Even participating in an initiative like 8ra can be challenging for them. That’s a clear signal: we need support mechanisms that keep the playing field open.

At the same time, we must avoid closed vendor platforms disguised as innovation. If we don’t create open standards and a neutral certification process, we risk losing control of the very infrastructure we’re trying to protect. The European Union Agency for Cybersecurity (ENISA) and similar institutions have a key role to play. But timing matters – we’re still in a pioneering phase in which everyone is just pouring in their knowledge. What we need is a clear path toward stability and certification, so we can anchor it in a solid framework.”

Can security really become Europe’s competitive advantage?

“Absolutely. Let’s be honest – we’re not going to outscale the hyperscalers. They’ve had a massive head start, with hundreds of billions in investment. But scale isn’t everything. If we can’t get big, we have to get smart.

Europe has strengths that matter: regulatory leadership, research excellence and a strong public-interest foundation. If we focus on knowledge sharing, open frameworks, and federated infrastructure, security becomes not just a necessity, but a strategic asset.

We’ve already shown we can build compliance models that work. We now need to apply the same thinking to cybersecurity: decentralised and open by design.”

Looking ahead: How the collective approach can strengthen Europe’s digital infrastructure

Octavia de Weerdt’s perspective reflects what the 8ra Initiative is working to achieve: infrastructure that is not just technically advanced, but collectively governed with a transparent security. Her emphasis on shared responsibility, operational visibility and open frameworks aligns directly with 8ra’s mission to create a federated, Multi-Provider Cloud-Edge Continuum.

NBIP’s non-profit model demonstrates how community-based infrastructure, when driven by public-interest values, can scale effectively and deliver real impact. It offers a concrete example of how decentralised services, transparent governance and shared security mechanisms can support Europe’s digital sovereignty in practice. As the 8ra Initiative connects actors across sectors – providers, researchers, regulators and industry – this kind of collaborative approach becomes not just relevant, but essential for shaping Europe’s digital resilience and future infrastructure.