Joerg Habermeier - stock.adobe.c
When the Netherlands hosted the Nuclear Security Summit in 2014, all the country’s special units were put in place to make the meeting as safe as possible. World leaders who came to The Hague included then US president Barack Obama and German chancellor Angela Merkel.
Bas Smits, who at the time was chairman of a customer support group that included all the special units, said it was one of the biggest security operations the Netherlands had seen up until then. “The leaders all had their own security guards, and in the Netherlands, all conceivable security units were on high alert, such as the marines, the intelligence services and the military police,” he said.
Smits had held his support group role since 2006, and so had extensive knowledge and experience. “When performing that role, I saw that hardly anyone thought about the communication between all the special units, both our own and those that accompanied the world leaders,” he said. Smits suggested to summit organisers that this had to change.
Smits has worked with the Netherlands government all his life. He joined the army at the age of 17 and then transferred to the police. There he ended up working with the anti-terror special units. “In that capacity, I did a lot of work with encryption and communication,” he said.
When Smits brought up the communication issue with a temporary project team set up to support the Nuclear Security Summit, he said they recognised the need for improvements and gave him the green light to start working on a secure communication solution.
That was just a few months before the summit. In a matter of weeks, Smits, supported by a couple of dozen IT architects, developers and other professionals, built a platform on which all the special units and world leaders could communicate safely.
“Many more people were involved in the project indirectly, because all kinds of equipment was needed,” he said. “Telecoms provider KPN had to lay pipes, for example, and antennas had to be built throughout the country.”
A virtual network was created, to which the equipment used by the visiting world leaders and their entourage could be connected. “When the Obama team came to the Netherlands, their equipment was put through our ‘car wash’, as we called it, and their devices were able to use the extra security of our network. Everyone’s identity could be checked and validated.”
Read more about cyber security in the Netherlands
- Nowhere in the Netherlands is digitisation as big as it is in small and medium-sized enterprises, but the sector still has a lot to do in terms of cyber security.
- The coalition government in the Netherlands has agreed its plan for the next for years, with IT security prominent.
- The Netherlands is a pioneer when it comes to legislating around data protection, so GDPR might not be as much of a shock as in other countries.
After the secure platform proved a success for the summit, Smits saw its commercial possibilities. “At one point, I saw a news item about PostNL wanting to deliver mail through pizza deliverers,” he said. “That kind of made me think. Traditional mail delivery is a very old process – it is time to radically change and digitise it.”
The safe platform Smits had built for the Nuclear Security Summit formed the basis for a company he founded, known as Kryb.
“Because you have to identify yourself on Kryb via iDIN [a Dutch online identification tool], it is always clear who you are,” he said. “This ensures that phishing and spam are no longer possible. The identity of the sender and recipient is always clear to both parties.”
That makes it an attractive system for business communication by small and medium-sized enterprises (SMEs). Through the platform, entrepreneurs automatically comply with the EU’s General Data Protection Regulation (GDPR), said Smits.
“That is something many entrepreneurs struggle with,” he said. “They do not have the technical knowledge to protect their systems adequately, nor do they fully understand the GDPR. It is a very complex matter and it is often not clear what is and what is not allowed.”
Ethical hackers invited
Smits is so certain about the security of his platform that he even invites ethical hackers to look for vulnerabilities in Kryb’s open source code.
“Of course, you can never completely rule out errors, but we optimise and improve continuously,” he said. “Our CTO is an ethical hacker, we have regular pen tests and there is a responsive disclosure on our website. Moreover, we invite hackers worldwide to approve our software code.”
Smits’ ambition for Kryb is to digitise the business mail market. “Many people now want to receive letters digitally,” he said. “Kryb is faster, easier to archive, better for the environment and, above all, cheaper.”
Because Kryb, via iDIN, links the identity and physical address of a user, organisations can check an address via Kryb’s application programming interface (API) and see whether there are Kryb users in their own customer relationship management (CRM) or enterprise resource planning (ERP) databases, he said.
“If you want to send a batch of letters as an organisation, you can carry out a check by address via our API,” said Smits. “When a Kryb user is in your mailing list, the letter is removed from the mailing list for physical mailing and the letter is placed directly on the device of that user. People who do not yet use Kryb, or have indicated that they prefer to receive paper mail, will still receive the physical letter at home.”