‘I am seeing our adversaries become faster, smarter and stronger every day. We need to respond to this situation. Not responding is not an option.’ That is the heartfelt cry made by General Swillens during a speech in which he outlines the necessary capabilities and criticises the Dutch Intelligence and Security Services Act 2017 (Wet op de inlichtingen- en veiligheidsdiensten 2017 – Wiv 2017) for placing too many constraints on the Netherlands Defence Intelligence and Security Service's (DISS) freedom of movement.
In his address, General Swillens, director of the Defense Intelligence and Security Service (DISS) also highlights the race occurring in the cyber domain. ‘Our adversaries are moving at lightning speed from server to server, from country to country, deliberately merging with and concealing themselves among the masses. I am seeing our adversaries become faster, smarter and stronger every day. And there is more; they blatantly flout all the rules that we abide by. We need to respond to this situation. Not responding is not an option. But we must always do so in accordance with our own values and laws.’
What does DISS need?
According to General Swillens, three elements are required in order for DISS to anticipate threats:
People and capabilities
Swillens: ‘During my time in the special forces I learned that humans are more important than hardware, and the same applies to intel.’
According to Swillens everyone agrees that cable communication interception and bulk datasets are indispensable for our services in order to ensure the security of the Netherlands. Such data sets are of high operational value, for example in establishing the cyber threat facing the Netherlands. DISS also uses bulk data sets in investigations targeting China, the Russian Federation, Iran, the Sahel, the Middle East and Syria, and to investigate the development and dissemination of weapons of mass destruction. For example, one of our bulk data sets allowed five high-ranking Syrian officers who had used toxic gas against their own people to be identified. And a bulk dataset also played a crucial role in the arrest of the Russian spies near the OPCW in 2018.
The mandate under which DISS operates is laid down in the Dutch Intelligence and Security Services Act 2017 (Wiv 2017). The purpose of the Wiv 2017 was to modernise powers in line with technological developments and to modernise the associated guarantees. Swillens: ‘It is no secret that this law has not provided everything we need. Last year a report on this topic was issued by the Netherlands Court of Audit, with a catchy Dutch sub-title loosely translated as: the law is binding, its application is problematic, and time is running out. The independent committee led by Ms Renee Bos-Jones reached similar conclusions. One aspect that the law introduced was a static test in a dynamic environment. This is problematic. And not what we want.’
Current law is not enough
Swillens emphasises that under current legislation, DISS cannot see where an adversary is on all fronts and cannot operate swiftly and flexibly on all fronts. Swillens: ‘And this poses a risk to our national security. Countries such as the Russian Federation and China have launched offensive cyber programmes targeting the Netherlands, and have no respect whatsoever for our citizens’ right to privacy. So it is vital that rapid action be taken to submit a temporary law to parliament that will allow us to do what we have to do. We support the need for security and the right to privacy. So that we can protect what we hold dear. I am aware of this every day. And so are my people.’
By way of introduction, General Swillens recounts an event on 2 February 2009, when he was commander of a battle group in Uruzgan. ‘At 10pm we receive a report from DISS that someone plans to blow themselves up in a suicide IED attack on Monday morning at the market in Deh Rawood 60 kilometres away. The most probable target is the local police chief with whom we do a lot of business. A year earlier a Dutch lieutenant was killed in a similar suicide attack at the same location. So, the first thing you ask yourself as a commander is: is this information correct? Is it reliable? But we soon see that DISS has done an excellent job. The second question you ask yourself as a commander is: Are we going to use this information? Or should we leave any action up to the Afghan security troops? So I call my subordinate commander in Deh Rawood and we conduct our analyses. At four o'clock in the morning we finally make a decision to arrest the suicide attacker in the quala complex. We found a suicide vest there. On that day we prevented a situation in which innocent people would have been blown up, including our own troops – Dutch military personnel – who would have been patrolling the area. And all thanks to DISS’s reliable and timely intelligence.’
DISS and the game Stratego
General Swillens compares the work of DISS with the spy in the game Stratego: ‘Disinformation is making it increasingly difficult for us to establish the truth. I am sure we are all familiar with the board game Stratego. Your opponent’s pieces are anonymous. You cannot see who your opponent is, what he is capable of and what his intentions are. It is a complex game during which you can expect to step on more than one bomb. Today’s Fog of War includes a type of digital Stratego. As a service we have been tasked with helping the Netherlands to see through the fog. It is with good reason that in the game Stratego the spy is the only person who can eliminate the hostile field marshal… The German military strategist Von Clausewitz already stated this back in the 19th century in his book Vom Kriege (On War): It is crucial to recognise and see the truth in times of war. The current war in Ukraine demonstrates that this statement still has relevance today. Because if you do not recognise danger, you lose... You will step on the bomb. And if you see it but cannot act, then you are also done for. Everything will turn black. It is as simple as that.’