Author: mrkoot

No, the Dutch minister of defense did NOT say that the Netherlands is at “cyberwar” with Russia

(Note: this post was written in a hurry; I may make changes to better express my line(s) of reasoning, especially wrt the missing context and nuances of the conversation that spawn misleading news headlines today. But I want to get this message out now. I recommend anyone who understands Dutch to actual watch + listen to today’s WNL Op Zondag show — and try to forget the pretext/frame already imposed on your brain by the news headlines while doing so; i.e., watch/listen as if you’ve never read anything about it. And either then form an opinion about the headlines; or remain undecided for the time being.)

News headlines today in the Netherlands and subsequently in international media suggest that Dutch minister of defense Ank Bijleveld has said that the Netherlands is at “cyberwar” with Russia. These reports are misleading and misrepresent reality.

On Sunday 14 October 2018, during an interview in the right-leaning Dutch tv show “WNL Op Zondag”, journalist Yoeri Albrecht brought forward the words “propaganda war” and “cyber war”; this was in the context of the disruption of a Russian cyber operation as revealed on 4 Oct 2018 — which is about intelligence & espionage, not about war (semantics matter).

The host, journalist Rick Nieman, then asked the minister: “a ‘cyberwar’, as mentioned by Yoeri by the way, is that a good description?”. The minister somewhat loosely confirmed that, without much deliberation, in a way that to me clearly was only meant to be conducive to a conversation (in an informal setting); not to confirm that we are “at war”. Yet, Omroep WNL published a piece that cherry-picked & overemphasized that side-step detail, ignoring the aforementioned details, through the following headline:

  • Omroep WNL: “Defense minister Bijleveld: ‘Netherlands is at cyberwar with Russia'”

Subsequently, reports started appearing from other Dutch media:

  • NOS: “Minister Bijleveld bevestigt: we zijn in cyberoorlog met de Russen” (link)
  • “Minister Bijleveld: ‘Nederland in cyberoorlog met Rusland'” (link)
    • Note: the even states ‘Minister Bijleveld spreekt van een “cyberoorlog” in het televisieprogramma WNL op Zondag’, which is hard to interpret other than as suggesting that Bijleveld herself mentioned the word “cyberoorlog” (English: “cyberwar”). She never mentioned that word a single time.
  • “Bijleveld: Nederland in cyberoorlog met Russen” (link)
  • (many more)

And reports then started to appear in international media, for instance:

  • Guardian: “Netherlands in a ‘cyberwar’ with Russia, says defence minister” (link)

…including RT (formerly known as Russia Today) & Sputnik Int’l:

  • RT: “Netherlands in cyberwar with Russia? Dutch defense minister says ‘YES’” (link)
  • Sputnik Int’l: “Netherlands in ‘Cyberwar’ With Russia – Defense Minister” (link)

The minister’s response, especially in its context and given the precise words & intonation etc., in no way warrants headlines of the likes seen here. Also, note that the minister herself did not mention the word “cyber war” a single time during the entire show. The minister could, and perhaps should, have objected to the word “war” — which, let me repeat it once more, was brought forward by others — but didn’t at that time. But neither the lack of explicit refutation nor (even) the confirmation, taking the context into account, warrant such headlines.

I hold the Dutch ‘fourth estate’ in high regard. But in my opinion, the Dutch journalists/editors who chose to spin the WNL conversation into dubious headlines failed us as a society today (a little bit); perhaps in an instance of ‘medialogica‘. While Dutch journalists are not responsible for what e.g. RT & Sputnik do, they do have a moral responsibility to be accurate in reporting, especially regarding these matters, taking into account geopolitical developments. That responsibility includes anticipating potential re-use / abuse of news in support of ongoing information operations — by which I’m not implying they should not report something, but by which I am claiming that due diligence is necessary when reporting about these sensitive topics.

Failing to take such responsibility means accepting the risk that one becomes a useful idiot to others — which I also stated in a tweet (it’s a bit offensive, but for good reason). Today’s headlines were misleading and unnecessarily provided informational cannon fodder for ongoing information operations that may also be aimed against the Netherlands.


In early 2018, two Russians were apprehended in The Hague over suspicions of intending to compromise Swiss gov’t lab’s computer network on behalf of Russian foreign intelligence agency GRU

UPDATE 2018-09-18: the Dutch and Swiss envoys to Russia have been summoned by the Russian ministry of Foreign Affairs yesterday, according to NRC Handelsblad. Also, reportedly, the Swiss & Russian minister of foreign affairs will meet next week in New York “on the sidelines of the United Nations General Assembly.”

According to reports by Dutch news paper NRC Handelsblad and Swiss news paper Tages-Anzeiger published on 13 September 2018, western intelligence agencies thwarted a plot involving two Russians intending to compromise the computer network of a Swiss government laboratory — the Spiez Laboratory, which carries out investigations related to nuclear, biological and chemical weapons and defense (CBRN).

The two were apprehended in The Hague (NL) in early 2018 and allegedly carried (unspecified) equipment with them that can be used to compromise computer networks. They are believed to work for GRU, Russia’s foremost foreign intelligence agency. The apprehension was the result of cooperation between various European intelligence services, reportedly including the Dutch Military Intelligence & Security Organization (MIVD).

The Spiez laboratory has been commissioned by the Organization for the Prohibition of Chemical Weapons (OPCW) to carry out investigations related to the poisoning of Russian double agent Skripal and the use of chemical weapons by the Russian-support Assad regime.

Switzerland’s federal intelligence agency NDB confirmed knowledge about the discovery and expulsion of the two. NDB states that it has “cooperated actively with Dutch and British partners” and has thereby “contributed to preventing illegal actions against a sensitive Swiss infrastructure”.

NRC Handelsblad states that according to the public prosecutor in Bern (CH), the two Russians have been subject of a criminal investigation since March 2017 on suspicions of compromising a computer system of anti-doping agency WADA. In September 2016, WADA stated that Russian espionage operator group Tsar Team (aka Fancy Bear aka APT-28) had compromised its Anti-Doping Administration and Management System (ADAMS) database via “an International Olympic Committee (IOC)-created account for the Rio 2016 Games”; specifically via the account of Yuliya Stepanova, who WADA qualifies as “key whistleblower” for the WADA commission that exposed widespread doping in Russian athletics. (Note: if WADA’s attribution of that attack to the Tsar Team is accurate, it is possible that the two caught in The Hague are operators of the Tsar Team.)

The Spiez laboratory had already been a target of hacking attempts earlier this year, according to a spokesperson of the laboratory. “We defended ourselves against that. No data was lost”, the spokesperson stated to NRC Handelsblad and Tages-Anzeiger.

On 14 April 2018, Russian foreign minister Sergei Lavrov stated he had obtained the confidential Spiez lab report about the Skripal case “from a confidential source”. That report confirmed earlier findings made by a British laboratory. The OPCW states that its protocols do not involve dissemination of lab reports to OPCW member states. It remains unknown how Lavrov got hold of it.

In the aftermath of the Salisbury incident, the Dutch government expelled two employees of the Russian embassy in The Hague. In a letter (.pdf) sent to the Dutch parliament on 26 March 2018 — the day on which a large number of countries announced bilateral measures against Russia —, the ministers of foreign & internal affairs stated that they decided to expel the two “in close consultation with allies and partners”. The Russians were ordered to leave the Netherlands within two weeks. It is unknown whether the two expelled Russians are those who were apprehended in The Hague.

In a November 2017 parliamentary letter from Dutch minister of internal affairs Ollongren, the minister stated that Russian intelligence officers are “structurally present” in the Netherlands in various sectors of society to covertly collect intelligence. She stated that Russia in addition to classical (human) intelligence methods also deploys digital means to influence decision-making processes and public opinion.

Dutch policy debate on 5G spectrum is in deadlock: telco’s and military intelligence have opposing legitimate interests in 3.5GHz band

The Dutch policy debate on 5G spectrum is caught in deadlock: there are opposing legitimate interests of Dutch telecom providers and the Dutch Military Intelligence and Security Service (MIVD) in the 3.5GHz band. The House of Representatives discussed 5G on 29 March 2018. The 3.5GHz band, the most promising of the three standardized 5G bands (700MHz, 3.5GHz, and 26GHz), is also the band that in the northern half of the Netherlands — above the ‘Amsterdam-Zwolle’ line that cuts the Netherlands in half — is fully reserved for the MIVD’s satellite station in Burum, part of the National Sigint Organization (NSO; which is now part of the Joint Sigint Cyber Unit aka JSCU). In 2016 there was a similar situation when telecom operators sought to improve 4G connectivity using the 3.4GHz band (presumably too close to 3.5GHz).

Below follows an unofficial translation of an article printed in the 4 May 2018 issue of Technisch Weekblad.

Dutch policy debate on 5G spectrum is in deadlock

The deployment of a nation-wide 5G network in the Netherlands may end up being seriously delayed because the most important 5G band (3.5GHz) is reserved for the Dutch intelligence services until 2026. The AIVD and MIVD eavesdrop on ether communications via their satellites dishes in the Frisian place of Burum.

Telecom providers and other industry parties raised an alarm about this in the House of Representatives on 29 March 2018. Earlier, MP William Moorlag (Labour Party / PvdA) even argued that the MIVD antennas should be moved to drilling platforms at sea.

The National Frequency Plan prescribes that until 2026, only the intelligence services are permitted to use the 3.5GHz band on territory north to the Amsterdam-Zwolle axis. Licenses can be issued for territory south to that axis, but only under such restrictions that it is doubtful telecom parties will be interested, says 5G expert Toon Norp of TNO Research. Norp: ‘The discussion about the use of the 3.5GHz band has reached a deadlock. Both the MoD and telecom providers have legitimate interests.’

5G for cars

5G is the next generation of mobile data communication technology. Its bandwidths are 3-10x that of 4G, connections are established 20x faster (lower latency) and a million devices per square kilometer should be able to connect. 5G should realize the internet of things. The low latency is important for communication between self-driving cars. For smartphones, 5G is not a necessity, although the high connection/device density is an advantage. Dutch telecom provider KPN states: ‘4G connects people, 5G connects society’.

Whether 5G will indeed arrive at a large scale is uncertain. GSMA expects the share of 5G connections in the global data communications to grow from 2% in 2020 to 12% in 2025. More than half of the 750 telecom operator chiefs interviewed by the GSMA mentioned ‘lack of a clear business case’ as biggest threat to 5G. The required investments are estimated at 150 billion euro globally on an annual basis. This is largely due to the fine-grained network of antennas that is required to achieve high throughput and low latency.

According to the standard, 5G will use three bands: 700MHz, 3.5GHz, and 26GHz. The 700MHz band, which has the longest waves, does not offer high throughput and is mostly useful to help support a nation-wide network. The 26GHz millimeter band has very high throughput, but due to its short waves has a short range and can only be used for the last couple of hundred meters of a mobile connection. The 3.5GHz band combines the best of both: high throughput and good range. It is the presumed backbone of 5G, but is reserved for use by the MIVD.

Action plan

Next year, part of the 700MHz band for 5G will be auctioned off, but according to Norp, that provides little solace. ‘It is merely a very short band that is auctioned, just 30MHz wide. At most three operators can participate there, while the 3.5GHz band has hundreds of MHz of room.’

Norp expects that 5G networks on the 3.5 GHz band can largely be deployed via existing 3G/4G antenna locations. But simply using the 3G and 4G bands for 5G is not an option for the near future, because equipment manufacturers will first make their 5G equipment work with the internationally agreed bands. Notably the 3.5GHz band.

State secretary Mona Keijzer (Economic Affairs) announced she will present directions for solutions to end the deadlock, and that she will elaborate on those in her Digital Connectivity Action Plan. Norp hopes a creative solution will be found to allow telecom provides and the MoD to share the 3.5GHz band. At the longer term, the MIVD will no longer be able to control the 3.5GHz band. ‘Because Germany will use the 3.5GHz band for 5G’, according to Norp. Regardless of the Dutch government’s policy, the MIVD will get competition on the 3.5GHz band.



EU Commission says it does not seek crypto backdoors, will propose legal framework in early 2018 for Member States to help each other access encrypted devices

UPDATE 2018-02-15: Five million euro for Europol’s “decryption platform” (blog by Matthias Monroy / @matthimon).

On 18 October 2017, the European Commission (EC) announced an upcoming anti-terrorism package, which addresses, inter alia, encryption challenges in criminal investigations. From the Q&A:


4. Supporting law enforcement in criminal investigations online

What is the role of encryption in criminal investigations?

Law enforcement and judicial authorities are increasingly facing challenges posed by the use of encryption by criminals in the context of criminal investigations. This is not only limited to serious crimes: in many cases, electronic data may be the only information and evidence available to prosecute and convict criminals. The challenges are not only due to attempts by criminal users to disguise their electronic communication and privately stored data, but also due to the default option of many communication services to apply encryption. The use of encryption by criminals, and therefore its impact on criminal investigations, is expected to continue to grow in the coming years.

How is the Commission proposing to support Member States on encryption?

Following consultation with Member States and stakeholders, the Commission has proposed today:

  • to support Europol to further develop its decryption capability;
  • to establish a network of centres of encryption expertise;
  • to create a toolbox for legal and technical instruments;
  • to provide training for law enforcement authorities, supported by €500,000 from the ISF–Police fund in 2018;
  • to establish an observatory for legal and technical developments;
  • to establish a structured dialogue with industry and civil society organisations.

In early 2018, the Commission will present proposals to provide for a legal framework to facilitate access to electronic evidence.


It is unclear what this might mean in practice, but Rebecca Hill (Twitter: @BekiHill) reported at El Reg that security commissioner Julian King (Twitter: @JKingEU) said the following:

“The commission’s position is very clear – we are not in favour of so-called backdoors, the utilisation of systemic vulnerabilities, because it weakens the overall security of our cyberspace, which we rely upon.”

Hill (correctly) states:

“How exactly… we don’t know. Maybe someone has an RSA-cracking supercomputer up their sleeve they’re keeping secret. Maybe someone’s particularly good with a soldering iron and can read off keys from extracted flash memory chips.

What we do know is that the thrust of the plan boils down to asking member states to help each other by sharing their knowledge on dealing with encryption and creating a observatory to keep an eye on the latest tricks of the trade.”

On 16 October 2017, two days before the announcement by the EC, Maryant Fernández Pérez (Twitter: @maryantfp) stated the following in a blog post at EDRi:

“Saying ‘no’ to backdoors is a step into the right direction, but not the end of the debate, as there are still many ways to weaken encryption. The answer to security problems like those created by terrorism cannot be the creation of security risks. On the contrary, the EU should focus on stimulating the development and the use of high-grade standards for encryption, and not in any way undermine the development, production or use of high-grade encryption.

We are concerned by the potential inclusion of certain aspects of the Communication, such as the increase of capabilities of Europol and what this may entail, and references to removal of allegedly “terrorist” content without accountability in line with the Commission’s recent Communication on tackling illegal content online. We remain vigilant regarding the developments in the field of counter-terrorism.”

The EC statement that it does not seek backdoors should not be interpreted as meaning that Member States’ intelligence services / communities won’t, individually or in voluntary cooperation with peers or industry, pursue influencing crypto standards for kleptographic objectives (such as NSA did with Dual_EC_DRBG) regardless of EU-level policy. It simply means that the EC does not pursue EU-level policy on that — at this time, anyway.

Cryptanalytic efforts, such as the Edgehill (GCHQ) program, will obviously remain in existence in individual Member States, as they do elsewhere in the world (notably in the U.S.) — and the EC announcement’s Q&A excerpt cited above states the EC will seek to support Europol to further develop its decryption capability.

The EC’s announcement also says they will promote “structured dialogue with industry and civil society organisations”, with unstated objectives. To speculate: objectives might include convincing those engaged in dialogue that strong end-to-end crypto should not be enabled by default, and/or making sure certain information other than message content is still emitted and observable, and/or or otherwise changing software/hardware/protocol design (e.g. hardware backdoors – read for instance this paper) or implementation to suit LE/intel needs. Which includes needs that must, in addition to privacy interests, also be addressed to maintain democratic values. [UPDATE 2017-12-14: something along those lines seems to be happening in the U.S., going by the following statement by FBI director Christopher Wray cited by @emptywheel : “[…] The FBI is actively engaged with relevant stakeholders, including companies providing technological services, to educate them on the corrosive effects of the Going Dark challenge on both public safety and the rule of law, and with the academic community and technologists to work on technical solutions to this problem”.]

To be continued.

Related reading:


[Dutch] Snippets: digitale thema’s, veiligheid en privacy in Regeerakkoord 2017-2021

Hieronder volgt een selectie van afspraken uit het Regeerakkoord 2017-2021 — Vertrouwen in de toekomst (VVD, CDA, D66 en CU) die betrekking hebben op digitale thema’s, veiligheid en privacy. Een tweet van Liza van Lonkhuyzen (NRC) doet me de volgende van de afspraken even apart uitlichten (vetmarkering is van mij):

“Voor de uitvoering van de Wet Computercriminaliteit III komt 10 miljoen euro extra beschikbaar. Daarbij zal slechts in een specifieke zaak hacksoftware worden ingekocht door opsporingsdiensten. Leveranciers van dergelijke software worden gescreend door de AIVD en verkopen niet aan dubieuze regimes. Statistieken over het gebruik van hacksoftware worden jaarlijks openbaar gemaakt. Bij de evaluatie van de wet na twee jaar wordt bezien in hoeverre deze regeling de effectiviteit van de wet ernstig aantast. In dat geval wordt alsnog de aanschaf van hacksoftware voor algemeen gebruik overwogen.”

De volledige selectie:

“1. 1 Justitie en veiligheid




  • In het Team Internationale Misdrijven wordt extra geïnvesteerd. Dit kan worden gebruikt om expertise van buiten de politie aan te trekken, bijvoorbeeld personeel dat ervaring heeft met opsporing van internationale misdrijven, specifieke vreemde talen beheerst en digitale experts.
  • Er wordt structureel 95 miljoen euro gereserveerd voor cybersecurity. De middelen worden onder andere ingezet voor de uitbreiding van personele capaciteit en ICT-voorzieningen en verdeeld over de departementen Veiligheid en Justitie (NCTV), Defensie (MIVD), Binnenlandse Zaken en Koninkrijksrelaties (AIVD), Buitenlandse Zaken, Infrastructuur en Milieu en Economische Zaken.
  • Er wordt een ambitieuze cybersecurity-agenda opgesteld met onder meer standaarden voor Internet-of-things-apparaten, het stimuleren van bedrijven om veiliger software te maken via software-aansprakelijkheid, het versterken van het Nationaal Cyber Security Centrum (CCSC) als aanspreekpunt van Computer emergency response teams (CERT) van alle sectoren, het stimuleren van cybersecurity-onderzoek en het verbeteren van voorlichtingscampagnes op het gebied van cyberhygiëne.
  • Voor de uitvoering van de Wet Computercriminaliteit III komt 10 miljoen euro extra beschikbaar. Daarbij zal slechts in een specifieke zaak hacksoftware worden ingekocht door opsporingsdiensten. Leveranciers van dergelijke software worden gescreend door de AIVD en verkopen niet aan dubieuze regimes. Statistieken over het gebruik van hacksoftware worden jaarlijks openbaar gemaakt. Bij de evaluatie van de wet na twee jaar wordt bezien in hoeverre deze regeling de effectiviteit van de wet ernstig aantast. In dat geval wordt alsnog de aanschaf van hacksoftware voor algemeen gebruik overwogen.
  • Terrorismebestrijding vergt onverminderde aandacht. De rapportages omtrent het dreigingsbeeld tonen aan dat ook in de komende periode op alle borden tegelijk zal moeten worden geschaakt. Voor preventie en de-radicalisering betekent dit dat moet worden bezien welke aanpak het meest effectief is en hoe “best practices” kunnen worden gedeeld en uitgevoerd. Ook moet alles in het werk worden gesteld om te voorkomen dat aan “haatpredikers” een podium wordt geboden. Daarnaast blijven ook repressieve maatregelen noodzakelijk, waarbij telkens kritisch afgewogen moet worden in welke mate de privacy en overige vrijheden worden ingeperkt. Voor contraterrorisme is 13 miljoen euro extra per jaar beschikbaar.
  • Van (potentiële) terugkeerders gaat een bijzondere dreiging uit, gelet op hetgeen zij hebben meegemaakt en waaraan zij mogelijk zelfs hebben deelgenomen. Omdat de bewijsvoering in dezen bijzonder moeilijk is, zal worden bezien of en hoe de samenwerking met onafhankelijke internationale organisaties (die zich bezighouden met het verzamelen van bewijzen) kan worden bevorderd. Zorgvuldige bewijsvergaring kost tijd, gedurende welke het risicovol geacht wordt dat terugkeerders zich vrijelijk kunnen bewegen in onze samenleving. Daarom wordt wetgeving tot stand gebracht op basis waarvan terugkeerders gedurende langere tijd in voorlopige hechtenis gehouden kunnen worden, waarbij de rechter kritisch kan blijven toetsen of daartoe (nog) aanleiding bestaat. Deze wetgeving omvat verder de strafbaarstelling van opzettelijk verblijf zonder toestemming in een onder controle van een terroristische organisatie staand gebied en verruiming van de mogelijkheid van DNA-onderzoek bij een verdenking van een terroristisch misdrijf.
  • In de EU zet Nederland in op een veel strengere aanpak van jihadisme.
  • Beïnvloeding vanuit onvrije landen en organisaties via social media of door de financiering van organisaties in Nederland is onwenselijk. Voorkomen moet worden dat vanuit het buitenland via geldstromen naar politieke, maatschappelijke en religieuze organisaties onwenselijke invloed wordt gekocht. Daartoe zullen deze geldstromen meer transparant gemaakt worden. Wederkerigheid vormt hierbij een belangrijke toetssteen. Geldstromen vanuit onvrije landen, waarbij misbruik wordt gemaakt van onze vrijheden, zullen zoveel mogelijk worden beperkt.
  • Er is een nieuwe Wet op de inlichtingen- en veiligheidsdiensten. Informatie-uitwisseling beperkt zich tot partnerdiensten, tenzij de minister toestemming geeft voor uitwisseling met niet-partnerdiensten. Van het willekeurig en massaal verzamelen van gegevens van burgers in Nederland of het buitenland (‘sleepnet’) kan, mag en zal geen sprake zijn. Daarom zal het kabinet bij de uitvoering strikt de hand houden aan de extra waarborgen in deze wet. De evaluatie, waarbij aan dit punt bijzonder belang zal worden toegekend, wordt vervroegd uitgevoerd door een onafhankelijke commissie en zal in ieder geval niet later beginnen dan twee jaar na inwerkingtreding. Indien de evaluatie hiertoe aanleiding geeft, zal het kabinet voorstellen additionele waarborgen in de wet op te nemen en het toezicht hierop te versterken.


Berechting, straffen en maatregelen


  • Er wordt ingezet op het beschermen van de privacy van burgers onderling. Het verspreiden van wraakporno grijpt diep in de persoonlijke levenssfeer in en wordt als een zelfstandig delict strafbaar gesteld.


2.4 Economie, innovatiebeleid en vestigingsklimaat

Een goed en gelijk speelveld voor ondernemers


  • Vitale sectoren krijgen specifieke bescherming. Na zorgvuldige analyse van risico’s voor nationale veiligheid kunnen aangewezen bedrijven uit vitale sectoren alleen met actieve goedkeuring worden overgenomen, zo nodig onder voorwaarden, of beschermd worden door het vastleggen van de andere, juiste waarborgen. Onderzocht wordt of naast de bestaande lijst vitale sectoren ook voor landbouwgronden en bepaalde regionale infrastructurele werken dit beschermingsregime noodzakelijk is. Indien nodig worden er maatregelen genomen.


4.2 Defensie


  • Het kabinet formuleert een veiligheidsstrategie waarin binnen- en buitenlandse dreigingen, waaronder terrorisme, het hoofd worden geboden en die de huidige Internationale Veiligheidsstrategie vervangt. Ook actualiseert het kabinet periodiek de Defensienota waarbij zij rekening houdt met het planningsproces van NAVO en EU en de strategische keuzes van belangrijke bondgenoten. De Defensienota zal leidend zijn voor langetermijn-besluitvorming over de aanschaf en noodzaak van grote wapensystemen. Om de flexibiliteit en inzetgereedheid van de krijgsmacht te vergroten wordt het concept van de adaptieve krijgsmacht in de komende kabinetsperiode concreet uitgewerkt.


  • Nederland dient te beschikken over een krijgsmacht die opgewassen is tegen technologisch hoogwaardige tegenstanders. Daartoe investeert het kabinet in een forse uitbreiding van cybercapaciteit en technologie bij alle krijgsmachtonderdelen en versterkt zijn rol in de digitale beveiliging en bewaking van Nederland vanuit zijn grondwettelijke verantwoordelijkheid.”