Toespraak Dick Schoof op jaarlijks veiligheidssymposium Europese Commissie

Toespraak | 17-10-2019

United in diversity

Good morning,

Thank you for inviting me to this symposium.

As the Director General of the General Intelligence and Security Service of the Netherlands I am honoured to contribute to the discussion on European security in times of transition here in Brussels.

Before I begin, I would like to express my thanks to those who have already addressed you.

On the eve of a new European Commission, I would like to thank Commissioner Sir Julian King for his efforts regarding the Security Union and the security of Europe’s citizens.

A word of thanks also for Commissioner Oettinger and his work for Europe these past ten years, and for organising this recurring symposium, an important meeting for all those involved in security within the EU.

Given the large audience I expect that not everyone is an expert in the field of the intelligence and security services.

And there are quite a lot of different kinds of services within Europe.

This is one way in which we are certainly united in diversity.

First I will tell you something about my service, what we do and what we observe.

Then I will say something about the ways in which we cooperate and what we think the future holds in terms of cooperation between the intelligence and security services in the EU.

We are the Netherlands General Intelligence and Security service. We watch internal and external threats.

We are also a Signals Intelligence Service; we intercept communications.

We are not a secret service.

What we are, is a service with secrets.

Secrets that are necessary if we are to uncover unknown threats.

If we could not keep the identity of one of our sources or our modus operandi secret, for example, we would not be able to do our work.

Similarly there are strict rules about sharing information.

Also with other security and intelligence services.

We have joint operations with services inside and outside the EU.

We are an independent service. We swim against the current. We talk truth to power. An important mantra, because it means that the services, like the AIVD, can operate free from political influence.

A security service focuses on threats to national security. Think of terrorism, extremism, radicalisation, espionage, foreign interference or sabotage by state-sponsored actors.

An intelligence service attempts to unearth the true intentions of another country.

Is there a double agenda, one that would have repercussions for our country?

Do they say things publicly or in diplomatic channels that are different from their actual goals?

With our work, we help our government give shape to our country’s foreign policy.

One important thing to note: we do not do investigate crimes.

That is the task of the police and the judicial authorities.

We do cooperate closely with the police and the judicial authorities in our country.

Each with our own task, because in the Netherlands, we want to maintain that strict separation between intelligence and law enforcement and provide our citizens with the right safeguards.

That is one of the reasons why information exchange between EU law enforcement bodies and intelligence organisations, each working within their own mandate, is cumbersome.

Of course, when we come across criminal offences in our own investigations, we can inform the judicial authorities.

But they will have to initiate their own investigation, because we cannot tell them where we obtained our information.

Fortunately we do not live in a state in which someone can be convicted on the basis of information that cannot be made public.

To carry out our investigations we have special investigatory powers at our disposal.

We are allowed to talk to sources, run agents, use wiretaps, hack systems or intercept signals either on cable or over the air.

But this is not something we can do as we see fit; our work is subject to strict control and oversight.

We are only allowed to infringe on the privacy of civilians if and when this is absolutely necessary for our investigation.

Before we can use special investigation methods, an independent commission assesses whether this is justified.

And afterwards there is the oversight committee which oversees whether everything is done in compliance with the law.

Recently the oversight committee issued a report on how we share intelligence with other services, also internationally.

In addition to these two, there is also parliamentary oversight, both in a public setting and in a confidential one, when we are discussing operational information.

And all of this is very important to me.

The fact that two oversight bodies check our work and the knowledge that parliament looks over our shoulder too, gives us our license to operate.

Together they provide our service with the legitimacy to do what we do in a democracy.

To protect our national security, our constitutional democracy, and the fundamental rights of our citizens.

So, what are some of the threats to our national security?

The number of jihadist terrorist or radical Islamist incidents in Western Europe has fallen significantly in recent times.

The recent incident in Paris of a police officer who appears to have radicalized, is the first serious incident in quite some time.

For a long time the Netherlands was spared where attacks are concerned, but last year our country had to deal with a number of incidents with casualties.

The authorities also rounded up a terrorist network.

ISIS may have lost its physical territory.

We can see that the ISIS ideology still manages to encourage and inspire jihadists to carry out attacks. And due to the recent developments in north-eastern Syria might re-emerge.

What’s more, we should be mindful of the fact that as the world was watching ISIS, al-Qaeda was rebuilding its organisation in the shadows.

Al-Qaeda has thousands of supporters, and the organisation is still focused on carrying out attacks in and against the West.

Just like the other countries in Europe we face the problem of people who want to return after their stay in the conflict area.

The military activities in north eastern Syria by Turkey is a major challenge in this regard.

Around 50 adults and at least 90 children with a connection to the Netherlands are in camps in that region. Around 100 are at large in the area.

If we look at the whole of Europe, the numbers are staggering.

This is a recurring issue also discussed here in Brussels.

These are people who could pose a serious threat.

We try to establish whether someone poses a threat in as early a stage as possible.

Another major cause of concern today is the development of radical Islam, in particular Salafist inciters.

Their activities can lead to isolationism and parallel societies.

They can also form a breeding ground for jihadism.

We are concerned that our institutions for formal and non-formal education could become sites for the spreading of ideological views that would cause young Muslims to become estranged from society.

In the most extreme cases, there may even be justification or propagation of jihadist violence.

Precisely because of radical Islam and the aforementioned jihadist terrorism, some groups in Dutch society, and elsewhere in Europe too, fear the coming of migrants and Muslims.

They blame the government for not putting a stop to migration and Islamisation.

Because of social media, more and more (young) people are introduced to anti-Islam and anti-government sentiments.

This could have an inspiring effect on people.

In certain cases this dissatisfaction with the government, coupled with a fear of migrants and Islam, becomes extremist hatred.

In the Netherlands, instances of physical violence have been limited, but hate-mongering, verbal intimidation, and threats are increasing, especially on the internet.

With mounting abhorrence I followed the reporting on the attack in Halle last week, which claimed two casualties.

A strong suspicion exists that the perpetrator appears to have had right-wing extremist, anti-Semitic motives.

And what are the threats posed by state-sponsored actors?

With the world in turmoil, countries are more inclined to stand up for their own national interests, sometimes quite harshly.

They also use their intelligence and security services.

Occasionally these services can be quite brazen, aggressive, and without shame.

The Russian military intelligence service was more than likely behind the attempt on the life of former intelligence officer Sergej Skripal in England.

In The Hague the same service attempted to hack into the network of the Organization for the Prohibition of Chemical Weapons (OPCW).

But this is not the only aggressor on Dutch soil.

In the past couple of years two opponents of the Iranian regime were murdered.

The order for these assassinations quite likely came from the Iranian security service.

This aggressiveness is also exhibited by countries engaged in political and economic espionage, usually in the form of cyberattacks.

Several states have offensive cyber-strategies, using cyber-attacks to obtain their own economic, political and ideological goals.

At the expense of the EU member states.

They are interested in us because of our position in international relationships, our innovation economies, and our high-quality infrastructure.

Such an offensive cyber-strategy could focus on gathering political intelligence, for example.

This intelligence would provide the other state with insight into our national as well as our EU and NATO policy-making processes.

Armed with this information they could then try to influence those processes.

We have observed attacks on Dutch embassies in foreign countries.

Secondly there are states, like China, that want to reinforce their economic position and thus also their position of power.

They do this by obtaining innovations and developing these further themselves.

This poses a threat to the economic security of our top sectors.

Thirdly there are countries whose cyber-strategy involves obtaining a covert position within vital sector processes.

In the Netherlands such sectors are energy, chemistry, or water supply.

In this way states can put political pressure on the targeted country.

It is becoming harder and harder for victims to discover cyberattacks in time.

The reason for this is that state-sponsored actors use the trusted ISPs, telecommunications providers, and managed service providers of the targeted organisations.

In some cases, states can legally oblige such service providers to cooperate.

The trusted hardware and software of service providers is used as a springboard.

This helps attackers obtain extensive, profound, and structural access to the data streams of targeted organisations.

This method is used for espionage as well as sabotage.

For these reasons we also believe it would be an undesirable situation if our country were to become dependent on foreign companies that could influence processes or systems that are crucial to our country and part of our vital infrastructure.

Especially when these companies are from countries that follow an offensive cyber-strategy against our own interests.

In those cases we believe it is really important to carry out a thorough risk assessment first.

This is important especially when it comes to 5G technology.

That is why I am very pleased with the risk assessment of the cybersecurity of 5G networks by the NIS cooperation group, published last week.

A joint risk assessment is very necessary.

It should not solely be an exercise by individual member states.

This brings me to the topic of cooperation.

Today’s threat does not stop at the border.

State-sponsored actors do not focus exclusively on one single EU member state; they have a much broader agenda that could constitute a threat to the democratic legal order of many a state.

Sabotage operations can have consequences for more than one country, for example in case of an energy supply disruption.

The Schengen Area, one of the main achievements of European integration, also means that returnees can travel freely from one country to another.

This international, cross-border threat requires a cross-border response.

In the case of intelligence cooperation, this response is not found within EU frameworks.

The EU treaties are very explicit about this.

One of the opening articles of the EU treaty states, and I paraphrase:

The Union shall respect the essential State functions of Member States.

In particular, national security remains the sole responsibility of each Member State.

The services contribute in a different way to the security of Europe’s citizens and the EU’s internal security.

Shared threats to national security can prompt intelligence and security services to come to analytical or operational cooperation, bilaterally or multilaterally.

The fact that this cooperation usually remains hidden due to the nature of our work, does not mean that it is not there.

Let me give you an example of this kind of cooperation.

Since 2013, thousands of men, women, and children have travelled to an area across parts of Iraq and Syria that was proclaimed to be the Islamic State.

ISIS also targeted Europe, planning and carrying out dozens of attacks, one merely a stone’s throw from where we are today.

Because these attacks involved individuals that often had left Europe to go to ISIS and that could also return, the sharing of information on foreign fighters became a priority.

After the 9-11 attacks of 2001, a closer multilateral cooperation had already been set up: the Counter Terrorism Group.

The CTG unites the security services of the members of the EU, plus Norway and Switzerland, in order to combat jihadist terrorism.

The multiple attacks in Europe shook the CTG-services.

During the EU presidency of the Netherlands and under my predecessor Rob Bertholee an operational CT platform was created.

This platform offers intelligence officers a physical location where they can jointly investigate cross-border threats in and against Europe.

In concrete terms this cooperation enables us to detect, identify and arrest potential jihadist attackers in Europe at an earlier stage.

In fact, I can state that the creation of this platform has resulted in the prevention of terrorist attacks.

The fact that this cooperation exists outside of EU frameworks also means that we can continue our cooperation with our highly valued British colleagues in the same vein.

Irrespective of what happens at the end of this month, deal or no deal.

Within this cooperation, all the member services are bound by their own legal framework, oversight and mandate.

There are differences between us, certainly, as there are security services, combined police and security services, and combined intelligence and security services; the AIVD, for example.

Another way in which we are also united in diversity. Perhaps you think that because of this cooperative framework and Article 4.2 of the Treaty, the European intelligence community is absent in Brussels.

Fortunately, this is not so.

Since 2002, EU INTCEN has been the ‘single gateway’ for intelligence analysis from the intelligence community to the EU.

The services provide their analyses to contribute to EU decision making and a joint foreign policy.

On a more strategic level the CTG presidency has regularly attended the Justice and Home Affairs council on CT-related matters.

The CTG presidency also has constructive dialogues with INTCEN, Europol, the EU CTC and the Commission.

To explore practical ways to cooperate more efficiently within the practical and legal limitations governing the activities of the two different communities: intelligence and law enforcement.

I would like to wish my Finnish colleague Antti Pelttari and his team the best of luck for their current CTG presidency.

Right now the EU is engaged with strategic agendas, election promises and shaping the EU for the next five years.

If I may add my own modest view: I believe that it is important that the work of the EU and the work of the intelligence community complement each other.

As the director general of the AIVD, I sometimes find myself in a quandary with regard to the EU.

Article 4.2 of the Treaty has almost become like a mantra.

On the other hand the decisions made in Brussels can have a direct impact on the operational core of our intelligence work.

And consequently also on the security of our citizens.

I am thinking of the deployment of the 5G network.

This rollout has security implications for law enforcement as well as the intelligence community, for example with regard to lawful intercept.

This is one of the themes that the EU Counter Terrorism Coordinator, Gilles de Kerchove, has managed to bring to broader attention.

I also welcome the words of Commissioner King on this matter.

I would like to thank them both.

Data retention regulations also affect the intelligence community at its operational core.

The importance of being complementary can also be seen in how we deal with hybrid threats.

Hybrid threats are characterised by their diffuse nature: apparently random elements could, when combined, be part of a hostile operation.

That is why ‘connecting the dots’ is crucial.

Several national and international parties play an important part in sending out timely signals.

This includes the EU agencies, each from its own mandate.

Assessing whether a malicious act is the work of a state-sponsored actor, is primarily a task for the intelligence and security services.

Deciding on how to proceed after it has been established that a state-sponsored actor is behind an operation, is a political consideration.

If we want to present these issues in a more structural manner, it is time to step out of the shadows.

That is why I welcome one of the recommendations in the report by the Special Committee on Terrorism, namely the call to increase the visibility of the intelligence and security community in Brussels.

I would like to thank the Members of European Parliament for this special report, in particular the rapporteurs: MEP Monika Hohlmeier and former MEP Helga Stevens.

It is time the intelligence community let itself be more heard in the EU.

Not just where jihadist terrorism is concerned, but in all areas where national security of the member states and the internal security of the EU come together or even overlap.

Whilst, of course, respecting the treaties and national legal frameworks.

Talking, not tasking.

Greater mutual understanding is contingent on dialogue, dialogue between the EU and the intelligence community.

That is the way to work towards decision making processes that support the work of the competent authorities, in the area of police and justice, as well as in intelligence.

But also that those tasks that fall firmly within a national mandate, are also carried out there.

This is easier said than done, though. The terrorist threat features is a clear, shared enemy.

But other types of threat, foreign interference or threats to our economic security for example, come with complex repercussions that directly touch upon political decision-making processes.

That is why I welcome one of the recommendations in the report by the Special Committee on Terrorism, namely the call to increase the visibility of the intelligence and security community in Brussels.

I would like to thank the Members of European Parliament for this special report, in particular the rapporteurs: MEP Monika Hohlmeier and former MEP Helga Stevens.

To sum up: tackling today’s threats is a joint effort and cooperation on both national and European level is necessary if we want to impede threats in a timely manner.

Let us complement each other, let each of us contribute to a safer Europe from within our own mandate.

If we are to face the threats ahead of us – aggressive state-sponsored actors with offensive cyber programmes or malign foreign influence terrorism, including the foreign terrorist fighters and the situation in north eastern Syria we should strengthen our resilience.

I see this as our joint responsibility towards the citizens of Europe.

Thank you.