Connecting the Dutch Security Chain During the NATO Summit

During the NATO Summit in The Hague, the Access Service for Shared Facilities (TGV) was used in practice for the first time. For this occasion, Booleans connected a series of vital applications, including the National Crisis Management System (LCMS), the Logistics and Support Database (DBLO) and several education environments, to a single federated access layer with Single Sign On (SSO) and Multi Factor Authentication (MFA). The summit was not only a test of international diplomacy, but also a stress test for digital collaboration within the Dutch security chain.

One Access Layer for the Entire Security Chain

Where safety regions, chain partners and crisis organisations traditionally each maintain their own login systems and authorisations, TGV for the first time provides uniform access to all facilities managed by the Netherlands Institute for Public Safety (NIPV). During the summit, hundreds of officials, administrators and specialists were able to log into critical systems without requiring separate integrations for each organisation. In operational terms, this meant less management, reduced risk and significantly greater speed.

The numbers speak for themselves. Twenty five safety regions and sixty five chain partners are now phasing in. Together, they open access to roughly twenty applications across one hundred direct organisations, which then grant access to more than thirty thousand third parties for crisis management and education. MFA and SSO are built in by default and meet the highest government standards.

“The NATO Summit demonstrated that digital collaboration is just as crucial as physical security. TGV brings consistency, control and ease of use to a security chain that has traditionally grown through separate systems and organisations,” says Peter Feijen, Strategic Identity Specialist at Booleans.

Federated Architecture in Practice

Under the hood, TGV works as a federated identity layer. Regions and partners retain their own Identity Provider (IdP), but connect via a central TGV gateway that enforces uniform policies, logging and oversight. Authentication takes place decentrally, while authorisation is centralised through a roles and attributes model that can be finely tuned per user and
per application.

The strength of the model is that TGV does not replace existing infrastructures, but connects them. For CIOs and CISOs, a key advantage is that the solution provides standardised logging and reporting that is immediately usable for ENSIA and BIO audits. All access decisions are recorded in a uniform audit trail. Failover scenarios, fallback options for IdP outages and real time monitoring through SIEM integration are all included. TGV therefore not only meets compliance requirements, but makes them demonstrable and manageable.

From Technology to Tangible Results

The success of TGV is not in the technology itself, but in the operational value it delivers. During the NATO Summit, onboarding new chain partners proved faster than ever before: within hours instead of days. The number of login related support requests dropped significantly, and audit reports could be delivered within one working day, whereas this previously took weeks.

“The greatest benefit is the time and peace of mind it provides,” says Peter from Booleans. “During an event of this scale, you do not want to be dealing with passwords or access issues. Everything needs to work and be secure.”

 

Governance and Control

Beyond technological innovation, TGV’s governance structure is particularly distinctive. Each party retains control over its own users, while policies, roles and logging are centrally managed. This prevents inconsistency and fragmentation. Vendor lock in has also been deliberately avoided: all components are based on open standards, policies can be exported and application roles remain separated from organisational roles.

Privacy and security have been integral to the design from the start. Only strictly necessary data is shared, and sensitive information is shielded wherever possible. Offboarding of users and third parties is arranged just as rigorously as onboarding, an essential yet often underestimated aspect of proper access management.

Looking Ahead

The NATO Summit served as a full scale rehearsal for the nationwide rollout in 2026. The key lessons? Standardising roles and attributes at the source is essential. Access and authorisation policies must be managed as a product, including version control, reviews and test cycles. And success is driven not only by budget but by attention: Return on Attention rather than Return on Investment.

For CIOs and CISOs in the public sector, this signals a new reality. The era of isolated login portals is over. Organisations wishing to join the shared infrastructure of the security chain in 2026 will need to invest now in identity hygiene, clear role catalogues and proper alignment with TGV’s federated standards.

In the coming months, Booleans will continue the rollout of TGV across all safety regions and chain partners. New applications will be added, the governance structure further refined and broader adoption within the public sector encouraged. The ambition is clear: a fully federated ecosystem that not only supports crisis management, but also serves as an example for other domains where collaboration, control and security intersect.