The latest news from the Dutch Safety Board (Dutch)

Fundamental intervention is needed to ensure Dutch digital safety and security

The Netherlands’ approach to digital safety and security needs to change rapidly and fundamentally to prevent Dutch society from being disrupted by cyber-attacks. This is the conclusion reached by the Dutch Safety Board in its report ‘Vulnerable through software’ published today. The Board investigated security breaches that occurred in thousands of organizations due to vulnerabilities in Citrix software. Jeroen Dijsselbloem, Chairman of the Dutch Safety Board, commented, “These incidents show that Dutch government organizations and businesses are highly vulnerable to cyber-attacks. They highlight the lack of a national structure capable of alerting all potential victims of cyber-attacks in a timely manner.”

Attacks via Citrix
On 17 December 2019, Citrix disclosed a vulnerability in its software and took temporary measures to mitigate the risks. But before the thousands of organizations using Citrix could be made aware of the acute risks and install the temporary measures, attackers had penetrated some systems. The National Cyber Security Centre (NCSC) issued a direct alert to the Dutch national government and vital operators, for which it considers itself responsible. Other organizations and the wider business community were not alerted directly by the NCSC, leaving the attackers free to infiltrate digital systems on a large scale. To this day, attackers have illegal access to systems and data in organizations. They can use this capability at any time to disrupt business processes and services, and affect privacy and security.

Manufacturers’ responsibility
Secure software is primarily the responsibility of the manufacturer. The Dutch Safety Board argues that manufacturers should invest greater resources on a more continuous basis to improve software security. At present, manufacturers inundate software users with patches and updates to fix flaws in their software without coming up with structural solutions. There are no instruments to provide software purchasers with independent insights into the security of the product they are buying. In addition, customers often lack the expertise and power to demand more secure software from the manufacturers. Some customers do not recognize the importance of doing so.

Limited government approach
As things stand, early warning systems do not reach all organizations that use software and are therefore potential victims of cyber-attacks. The NCSC sees no legal mandate for itself in terms of warning organizations beyond national government and vital operators. The Dutch Safety Board believes it is essential that the government should adopt a centralized approach to identifying threats and issuing quick and direct warnings to all potential cyber-attack victims, backed by a sufficient mandate and legal safeguards.

Recommendations of the Dutch Safety Board
Society is becoming increasingly dependent on digital systems. Manufacturers, governments and organizations will have to work together to come up with an effective approach that will make the Netherlands more resilient to cybercrime. This requires manufacturers to improve the security of their software on a fundamental and continuous basis. The Dutch Safety Board recommends that software quality requirements be set at a European level to compel software manufacturers to take responsibility for the security of their products. The Board advises the relevant government bodies and the business community to join forces. By working together, they can strengthen their position in relation to the software manufacturers and make better use of their limited expertise.

Within government, the monitoring of digital safety and security can be regulated in the same way as the monitoring of prudent fiscal policy as laid down in relevant legislature. Such legislation requires a single government official and a central service to oversee the relevant processes, to intervene where necessary and to be held accountable. The Board also recommends that larger companies and organizations be held legally accountable for how they manage their digital safety and security.

The report and recommendations are on the research page 'Vulnerable through software - Lessons resulting from security breaches relating to Citrix software'

Decisive conclusions on airworthiness of landing gear PH-MBN, aircraft accident Faro (1992)

At the request of the Minister of Infrastructure and Water Management, the Dutch Safety Board has conducted a follow-up investigation into the aircraft accident in Faro in 1992. The investigation focused specifically on the maintenance of the landing gear of the aircraft PH-MBN. During the investigation, no evidence was found of non-conformities or any exceeding of maintenance periods and inspections. The aircraft satisfied all maintenance requirements, and upon departure from Amsterdam for the flight to Faro was airworthy.

Request from the Minister

In the Portuguese accident investigation at the time, it was already concluded that upon departure from Amsterdam, the aircraft had been airworthy. According to the Portuguese investigation into the accident, upon landing, the impact on the landing gear was so considerable that the landing gear failed when the design limits were exceeded. Following the broadcasting of the TV news programme EenVandaag on 16 January 2016, doubts arose about the maintenance of the landing gear. It was alleged that due to the wrongfully granting of permission to postpone the compulsory exchange of the landing gear, the aircraft was not airworthy. The then State Secretary for Infrastructure and the Environment requested the Safety Board to investigate whether these claims were accurate. At that time, a second-opinion investigation was underway, commissioned by the District Court of The Hague. The Safety Board therefore considered it inopportune to launch its own supplementary investigation. This second-opinion investigation confirmed the Portuguese investigation, also concluding that the aircraft was airworthy. Following the court judgement in 2020, the Minister of Infrastructure and Water Management again requested the Safety Board to investigate whether the broadcast by EenVandaag in 2016 had revealed any new facts.

Investigation concluded

The Safety Board subsequently conducted an investigation into the maintenance of the landing gear of the aircraft involved in the accident. As part of this investigation, the investigators visited the archives in the Netherlands and Portugal, and spoke to persons directly involved. During the investigation, no evidence was found of non-conformities or any exceeding of maintenance periods and inspections. There was also no indication of any necessity to postpone the exchange of the landing gear. The final conclusion once again confirmed that the aircraft satisfied all maintenance requirements and upon departure from Amsterdam was airworthy.

The COVID-19 restrictions during the visits to the archives in the Netherlands and the archive in Portugal delayed the investigation by more than six months. The Minister of Infrastructure and Water Management has been informed of the findings in a letter (Dutch only).

Clear need for more attention for the fire safety of residential buildings

In the night of New Year’s Eve 2020, a fire in a sofa in the entrance hall of a block of flats in Arnhem left two people dead and two injured. The fire was able to rapidly develop into a major fire that gave off large volumes of toxic smoke. The fire raging on the only escape route made it impossible for the residents to escape from the block of flats. These are the conclusions of the Dutch Safety Board presented in the report ‘Fatal building fire in Arnhem - Lessons for fire safety’.

Jeroen Dijsselbloem, Chairman of the Dutch Safety Board, commented, “This investigation shows there is room for further improvement in the fire safety of furniture and residential buildings. In the Netherlands, we still impose no requirements on the fire safety of furniture. With regard to residential buildings, it is assumed there is always a safe escape route. The fire in Arnhem shows that this is not always self-evident.’’

Fatal fire

In the night of New Year’s Eve 2020, a family with two young children stepped into the lift in a block of flats on the Gelderseplein in Arnhem. At that moment, they were unaware that a fire was raging in the entrance hall on the ground floor. When they arrived in the entrance hall, they were immediately confronted by tremendous heat and clouds of toxic smoke. Because on the way down they had pushed the button for the third floor, the lift doors closed and the lift carried them back up to the third floor where they were later discovered by the fire service; for two of them, assistance arrived too late. The fire was caused by a light-grade firework set off in a sofa that had temporarily been left in the entrance hall by a resident.

Fire hazardous furniture

The majority of seating and mattresses are filled with plastic foam. This was also the case with the sofa that was placed in the entrance hall in the block of flats in Arnhem. Plastic foam can be easily set alight; the fire then develops rapidly and gives off large volumes of toxic smoke. This makes seating and mattresses extremely fire hazardous. In a number of European countries, requirements are imposed on the fire safety of furniture. The Dutch Safety Board calls upon the Dutch government to join these countries in imposing requirements on the fire safety of furniture.

Fire safety of residential buildings

There are many residential buildings in the Netherlands with just a single escape route outside. The presence of flames and smoke on this escape route represents a major risk for the safety of the residents. It is therefore of crucial importance that this single escape route be kept clear of obstacles, and fire safe. This is the responsibility of building owners. They must do more to live up to that responsibility. Municipal authorities must also actively supervise the fire safety of residential buildings. The Safety Board has therefore issued a recommendation to the Dutch Minister of the Interior and Kingdom Relations to ensure that the supervision of fire safety is improved.

Onderzoeksraad waarschuwt voor te snelle toelating nieuwe voertuigen

De Onderzoeksraad stelt vast dat het aangekondigde toelatingskader voor nieuwe licht elektrische voertuigen er nog steeds niet is. Wel is de BSO-bus reeds toegelaten tot de weg en liggen er aanvragen voor nieuwe bijzondere voertuigen. De voertuigen worden nog niet volgens het toekomstige toetsingskader beoordeeld en dat brengt veiligheidsrisico’s met zich mee.

De Raad publiceerde in 2019 het onderzoeksrapport Veilig toelaten op de weg - Lessen naar aanleiding van het ongeval met de Stint. Zoals wettelijk is vastgelegd reageerde de minister Infrastructuur en Waterstaat (IenW) aan de Onderzoeksraad in juli 2020 per brief met de terugkoppeling over de opvolging van de aanbevelingen uit het onderzoeksrapport. In de notitie die vandaag uitkomt reageert de Raad op deze terugkoppeling en de toelating van nieuwe voertuigen.

De minister belooft om, bij de toelating van licht elektrische voertuigen, veiligheid zwaarder mee te laten wegen. Zo schrijft zij in de reactiebrief. Voor deze voertuigen komt een nieuw toelatingskader met een strengere veiligheidskeuring voordat ze de weg op mogen. Het onafhankelijke oordeel van de Rijksdienst voor het Wegverkeer (RDW) wordt daarin leidend.


Het nieuwe toelatingskader is er nog niet. Wel is, op aandringen van de Tweede Kamer,  kinderopvangorganisaties en verenigingen van ouders, de BSO-bus toegelaten tot de weg. Voor de toelating van de BSO-bus heeft de minister een convenant gesloten met de kinderopvangbranche met afspraken over het gebruik van de BSO-bus. In dit convenant wordt echter afgeweken van het advies van de RDW en van de eigen beleidsregel van het ministerie. De RDW oordeelt dat de nieuwe BSO-bus technisch voldoet aan de eisen, maar dat er een veiligheidsrisico ontstaat wanneer het maximale gewicht wordt overschreden. De beleidsregel bepaalt dat meer dan acht kinderen niet is toegestaan in een dergelijk voertuig. De BSO-bus is echter van tien zitplaatsen voorzien en de minister staat in het convenant het vervoer van tien kinderen toe. Dit verhoogt de kans van overschrijding van het maximale gewicht. Daarnaast zijn de convenantafspraken veel minder verplichtend dan wettelijke voorschriften. Ook zijn niet alle kinderopvangorganisaties aangesloten bij de branchevereniging.

Besluitvorming onder druk

Deze gang van zaken lijkt op de oude werkwijze zoals de Raad in zijn rapport over de toelating van de Stint en andere licht gemotoriseerde voertuigen beschreef. Waarbij het advies en oordeel van een onafhankelijke instantie, zoals de RDW, niet wordt gevolgd na een politieke afweging. Ook staat de toelating van de BSO-bus haaks op de koers van het beloofde toekomstige toelatingskader, waarin veiligheid zwaarder gaat wegen. De Onderzoeksraad roept dan ook de minister, de Tweede Kamer en maatschappelijke organisaties op om consequent en consistent te zijn: laat alleen voertuigen toe tot de weg waarvan de veiligheid onafhankelijk getoetst en positief beoordeeld is.


Bekijk hier de volledige onderzoekspagina Veilig toelaten op de weg - Lessen naar aanleiding van het ongeval met de Stint.