The latest news from the Dutch Safety Board (Dutch)

Broader view crucial to approach to the COVID-19 crisis

The Netherlands was not well prepared for a protracted, national health crisis. The country’s crisis structure and crisis communication proved to be inadequate. People from all sectors involved in tackling the crisis worked hard and in difficult circumstances. But the effort put in by so many does not detract from the fact that improvements in the crisis approach are both possible and necessary. This is the conclusion reached by the Dutch Safety Board in its report Approach to COVID-19 crisis, Part 1, published today. The research report examines the Dutch preparations for a pandemic and the approach taken during the first six months of the crisis. “The COVID-19 crisis touched people’s lives throughout the world. Here, the health crisis spilled over into the biggest social crisis we have seen in decades,” says Jeroen Dijsselbloem, chairman of the Dutch Safety Board. “The Netherlands proved to be vulnerable. This was due to the structures the government had in place for the health sector and the crisis response: they fell short given the nature and scope of the crisis.”

Improvising in an unprecedented crisis

The government and its advisors tried in various ways to minimize the uncertainties presented by this crisis. The lack of knowledge about the virus and the limitations of the testing policy in place in the investigated period meant that information on the spread of the virus and the effectiveness of the chosen approach was not sufficiently clear. Signals about social effects such as loneliness were snowed under in the advisory and decision-making process. “Dealing with uncertainty is part of a crisis,” Jeroen Dijsselbloem observes. “Advisors should not filter out uncertainties, but should rather put them forward to decision-makers including encouraging or disappointing scenarios. This is the only way decisions can be taken, and scenarios can be prepared in a timely manner.”

The Dutch government based its decisions on the advice of the Outbreak Management Team (OMT). This was a conscious decision. But it also meant that the Dutch focus during the first wave in the crisis of COVID-19 infections became overly fixated on the hospitals. Little attention was paid to the other effects of a crisis that was having an unprecedented impact on nursing homes, education, cultural institutions, and small and medium-sized businesses, among other sectors. These effects turned the health crisis into a wider social crisis. The Dutch Safety Board concludes that the government could have improved the effectiveness of its crisis response by making a greater effort to look further ahead and by seeking advice on a wider range of issues than the effects of the virus on acute care.

Limited government communication

During the early months of the pandemic, there was broad public support for the government’s approach. This decreased as the crisis continued. The government’s message failed to reach some groups in society, many of whom did not feel heard or did not agree with how the crisis was being handled. The Dutch Safety Board highlights the one-sided approach to crisis communication and argues that the government should engage more with citizens about their concerns and their needs. By being clear about what is or is not known about the course of the crisis while being less insistent, the government can avoid creating unrealistic expectations among the public about what the future might bring.

Nursing homes

This study takes a particularly close look at how the government’s approach to the crisis impacted on nursing homes. In the early stages of the crisis, all eyes were directed towards acute care and hospitals, and the government only had a limited view of the effects on non-acute care. The Board concludes that, as a result, the impact of the crisis on staff and residents in nursing homes was not adequately incorporated in the decision-making process. Despite the government’s stated goal of protecting the vulnerable in society, the focus was on the vulnerable COVID-patients in hospitals. Scant attention was given to the protection of vulnerable elderly people in nursing homes during the first period. This had serious consequences. It meant that initially protective equipment was primarily made available to hospitals and acute care, and not to nursing homes. When the gravity of the situation in nursing homes became clear, the government issued a ban on visits at the request of the nursing home sector. The social and psychological impact of this measure was keenly felt, leading to loneliness and in some cases denying family members the opportunity to say goodbye to loved ones who lost their lives. The Board speaks of a “silent disaster”: about half of the COVID-related deaths in the Netherlands up to September 2020 were nursing home residents.

Learning lessons for the future

From the numerous interviews conducted by the Dutch Safety Board, it is clear that, across all sectors, those involved in combating the crisis worked hard, while also coping with the effects that the crisis and the Covid measures were having on their private lives. Despite the tremendous resilience that the Board has seen, it is essential that the Netherlands looks closely at the early stages of the pandemic and learns lessons for the future. Because the responsibility for dealing with the COVID-19 crisis lies with the government, the Board addresses all of its recommendations to the government: Strengthen crisis preparedness within government by further developing scenarios and formulating the effects of those scenarios in greater detail. Develop the capacity to improvise. Adapt crisis structures by incorporating an implementation assessment and by considering long-term implications alongside an acute crisis-approach as part of the decision-making process. Ensure that you have an accurate and up-to-date view of the crisis and a good sense of the effect measures will have. Be acutely aware of the needs of vulnerable groups and monitor the approach to make sure that it is working for them. Lastly, when tackling a crisis, there should be a clear separation between the role of the advisors (the experts) and the role of the decision makers (the government officials). The government and parliament should explicitly make and account for the far-reaching considerations they sometimes inevitably have to make in very difficult  circumstances in a crisis.

Fundamental intervention is needed to ensure Dutch digital safety and security

The Netherlands’ approach to digital safety and security needs to change rapidly and fundamentally to prevent Dutch society from being disrupted by cyber-attacks. This is the conclusion reached by the Dutch Safety Board in its report ‘Vulnerable through software’ published today. The Board investigated security breaches that occurred in thousands of organizations due to vulnerabilities in Citrix software. Jeroen Dijsselbloem, Chairman of the Dutch Safety Board, commented, “These incidents show that Dutch government organizations and businesses are highly vulnerable to cyber-attacks. They highlight the lack of a national structure capable of alerting all potential victims of cyber-attacks in a timely manner.”

Attacks via Citrix
On 17 December 2019, Citrix disclosed a vulnerability in its software and took temporary measures to mitigate the risks. But before the thousands of organizations using Citrix could be made aware of the acute risks and install the temporary measures, attackers had penetrated some systems. The National Cyber Security Centre (NCSC) issued a direct alert to the Dutch national government and vital operators, for which it considers itself responsible. Other organizations and the wider business community were not alerted directly by the NCSC, leaving the attackers free to infiltrate digital systems on a large scale. To this day, attackers have illegal access to systems and data in organizations. They can use this capability at any time to disrupt business processes and services, and affect privacy and security.

Manufacturers’ responsibility
Secure software is primarily the responsibility of the manufacturer. The Dutch Safety Board argues that manufacturers should invest greater resources on a more continuous basis to improve software security. At present, manufacturers inundate software users with patches and updates to fix flaws in their software without coming up with structural solutions. There are no instruments to provide software purchasers with independent insights into the security of the product they are buying. In addition, customers often lack the expertise and power to demand more secure software from the manufacturers. Some customers do not recognize the importance of doing so.

Limited government approach
As things stand, early warning systems do not reach all organizations that use software and are therefore potential victims of cyber-attacks. The NCSC sees no legal mandate for itself in terms of warning organizations beyond national government and vital operators. The Dutch Safety Board believes it is essential that the government should adopt a centralized approach to identifying threats and issuing quick and direct warnings to all potential cyber-attack victims, backed by a sufficient mandate and legal safeguards.

Recommendations of the Dutch Safety Board
Society is becoming increasingly dependent on digital systems. Manufacturers, governments and organizations will have to work together to come up with an effective approach that will make the Netherlands more resilient to cybercrime. This requires manufacturers to improve the security of their software on a fundamental and continuous basis. The Dutch Safety Board recommends that software quality requirements be set at a European level to compel software manufacturers to take responsibility for the security of their products. The Board advises the relevant government bodies and the business community to join forces. By working together, they can strengthen their position in relation to the software manufacturers and make better use of their limited expertise.

Within government, the monitoring of digital safety and security can be regulated in the same way as the monitoring of prudent fiscal policy as laid down in relevant legislature. Such legislation requires a single government official and a central service to oversee the relevant processes, to intervene where necessary and to be held accountable. The Board also recommends that larger companies and organizations be held legally accountable for how they manage their digital safety and security.

The report and recommendations are on the research page 'Vulnerable through software - Lessons resulting from security breaches relating to Citrix software'

Decisive conclusions on airworthiness of landing gear PH-MBN, aircraft accident Faro (1992)

At the request of the Minister of Infrastructure and Water Management, the Dutch Safety Board has conducted a follow-up investigation into the aircraft accident in Faro in 1992. The investigation focused specifically on the maintenance of the landing gear of the aircraft PH-MBN. During the investigation, no evidence was found of non-conformities or any exceeding of maintenance periods and inspections. The aircraft satisfied all maintenance requirements, and upon departure from Amsterdam for the flight to Faro was airworthy.

Request from the Minister

In the Portuguese accident investigation at the time, it was already concluded that upon departure from Amsterdam, the aircraft had been airworthy. According to the Portuguese investigation into the accident, upon landing, the impact on the landing gear was so considerable that the landing gear failed when the design limits were exceeded. Following the broadcasting of the TV news programme EenVandaag on 16 January 2016, doubts arose about the maintenance of the landing gear. It was alleged that due to the wrongfully granting of permission to postpone the compulsory exchange of the landing gear, the aircraft was not airworthy. The then State Secretary for Infrastructure and the Environment requested the Safety Board to investigate whether these claims were accurate. At that time, a second-opinion investigation was underway, commissioned by the District Court of The Hague. The Safety Board therefore considered it inopportune to launch its own supplementary investigation. This second-opinion investigation confirmed the Portuguese investigation, also concluding that the aircraft was airworthy. Following the court judgement in 2020, the Minister of Infrastructure and Water Management again requested the Safety Board to investigate whether the broadcast by EenVandaag in 2016 had revealed any new facts.

Investigation concluded

The Safety Board subsequently conducted an investigation into the maintenance of the landing gear of the aircraft involved in the accident. As part of this investigation, the investigators visited the archives in the Netherlands and Portugal, and spoke to persons directly involved. During the investigation, no evidence was found of non-conformities or any exceeding of maintenance periods and inspections. There was also no indication of any necessity to postpone the exchange of the landing gear. The final conclusion once again confirmed that the aircraft satisfied all maintenance requirements and upon departure from Amsterdam was airworthy.

The COVID-19 restrictions during the visits to the archives in the Netherlands and the archive in Portugal delayed the investigation by more than six months. The Minister of Infrastructure and Water Management has been informed of the findings in a letter (Dutch only).

Clear need for more attention for the fire safety of residential buildings

In the night of New Year’s Eve 2020, a fire in a sofa in the entrance hall of a block of flats in Arnhem left two people dead and two injured. The fire was able to rapidly develop into a major fire that gave off large volumes of toxic smoke. The fire raging on the only escape route made it impossible for the residents to escape from the block of flats. These are the conclusions of the Dutch Safety Board presented in the report ‘Fatal building fire in Arnhem - Lessons for fire safety’.

Jeroen Dijsselbloem, Chairman of the Dutch Safety Board, commented, “This investigation shows there is room for further improvement in the fire safety of furniture and residential buildings. In the Netherlands, we still impose no requirements on the fire safety of furniture. With regard to residential buildings, it is assumed there is always a safe escape route. The fire in Arnhem shows that this is not always self-evident.’’

Fatal fire

In the night of New Year’s Eve 2020, a family with two young children stepped into the lift in a block of flats on the Gelderseplein in Arnhem. At that moment, they were unaware that a fire was raging in the entrance hall on the ground floor. When they arrived in the entrance hall, they were immediately confronted by tremendous heat and clouds of toxic smoke. Because on the way down they had pushed the button for the third floor, the lift doors closed and the lift carried them back up to the third floor where they were later discovered by the fire service; for two of them, assistance arrived too late. The fire was caused by a light-grade firework set off in a sofa that had temporarily been left in the entrance hall by a resident.

Fire hazardous furniture

The majority of seating and mattresses are filled with plastic foam. This was also the case with the sofa that was placed in the entrance hall in the block of flats in Arnhem. Plastic foam can be easily set alight; the fire then develops rapidly and gives off large volumes of toxic smoke. This makes seating and mattresses extremely fire hazardous. In a number of European countries, requirements are imposed on the fire safety of furniture. The Dutch Safety Board calls upon the Dutch government to join these countries in imposing requirements on the fire safety of furniture.

Fire safety of residential buildings

There are many residential buildings in the Netherlands with just a single escape route outside. The presence of flames and smoke on this escape route represents a major risk for the safety of the residents. It is therefore of crucial importance that this single escape route be kept clear of obstacles, and fire safe. This is the responsibility of building owners. They must do more to live up to that responsibility. Municipal authorities must also actively supervise the fire safety of residential buildings. The Safety Board has therefore issued a recommendation to the Dutch Minister of the Interior and Kingdom Relations to ensure that the supervision of fire safety is improved.