Modernisation of C2000 to continue
The C2000 system is used for mobile communications between emergency services, for example in the wake of a car collision. A tender to modernise C2000 was awarded in 2015 to a consortium of three companies. One of these is Hytera Mobilfunk GmbH, a former division of a German company, which has been taken over by the Chinese company Hytera. Rising concerns about increasing interference by state actors and changing geopolitical relations led the Minister of Justice and Security, Ferdinand Grapperhaus, to commission a number of investigations, including one by the General Intelligence and Security Service (AIVD), into the risk of undesirable influences on C2000 and potential vulnerabilities. The minister has concluded from the security investigations and the measures taken that the modernisation of C2000 will be able to proceed in a responsible manner. He will gladly discuss his considerations shortly with the Dutch House of Representatives. The minister presented this information in a letter to the House of Representatives today.
Minister Grapperhaus commissioned two security investigations into the new C2000 system in summer 2018. The AIVD and the IT company Xebia conducted these investigations. While the AIVD investigation identified a low risk of the Chinese government interfering with the modernised C2000 system should Hytera Mobilfunk GmbH be involved, the IT company Xebia qualified the level of security at Hytera Mobilfunk GmbH as ‘not bad’, which is an average rating. Minister Grapperhaus also commissioned an in-depth technical investigation by the company Valori into two applications that Hytera China has developed, neither of which were found to contain any so-called ‘backdoors’.
These security investigations have prompted Minister Grapperhaus to increase the level of security by arranging additional technical and organisational measures as well as by incorporating further contractual safeguards. Both the prevention of undesirable interference by state actors and the general security situation will benefit from these measures. The minister has made agreements with Hytera Mobilfunk GmbH on increasing the level of security, the implementation of which will be monitored closely. Further arrangements have been established on a strict separation between the Chinese owner on the one hand and the German process of development, production and management on the other. The minister is always able to have the source code of Hytera Mobilfunk GmbH inspected.
An opinion on the investigations and measures referred to above has been requested from Bart Jacobs, Professor of Security and Correctness of Software at Radboud University, who is also a member of the Cyber Security Council. His recommendation is to continue modernising C2000 along the current lines with the parties involved, with a continuous emphasis on security matters and with due regard for a number of areas for improvement. The AIVD has also confirmed that the measures recommended in the classified section of the service's investigation report have been addressed efficiently.