Source: GOV Magazine #21 autumn 2025
Interview Willem Beelen, Photo: Ron Kolkman/RWS, credits: Arie Cijfer for GOV Magazine
Ron Kolkman has been Chief Engineer Director of the national Central Information Provision (Centrale Informatievoorziening, CIV) organisational unit and CIO of Rijkswaterstaat since 15 February 2022.
The task for Rijkswaterstaat is to ensure that the Netherlands remains safe, liveable and accessible. ‘Targeted digitisation’ is the credo here. Digitisation should help to enable major maintenance work and new projects to be carried out. “We have much more work ahead of us than we can physically handle,” says Ron Kolkman. “One of the solutions we have come up with is to digitise what can be digitised.”
Because the internal challenge is clear: generate 25 per cent more output with the same number of employees. “So we are going to use digitisation primarily to increase the efficiency of our people,” explains Kolkman. ‘We are going to focus fully on digitisation to help us carry out a number of major interventions. Many structures were built in the 1950s and 1960s. With a technical lifespan of 80 years, they are now due for replacement and thorough renovation. So that is a major concern for Rijkswaterstaat and also for the Netherlands, because traffic is increasingly being disrupted. Through maintenance, we ensure that they remain safe and reliable, so that the Netherlands can continue to move. Digitisation is a huge help in this regard. Thanks to data, sensors and digital twins, we know exactly when maintenance is needed. This makes our work smarter, more sustainable and more efficient: fewer disruptions, less inconvenience and better use of people and resources.”
Vision document
The vision document ‘Targeted digitisation’ mentions new technologies such as ‘Digital Twins’ and AI, which are also reasons for moving to a private cloud. “We are currently working on sovereign AI applications, which are at least as important as sovereign cloud, but they also belong together technically. What we find important is that we can apply AI that supports the employee.” Data-driven asset management also plays an important role in this. “Simply put, we attach sensors to an object that generate data. This allows you to properly assess an object from your desk. How can you interpret the degree of wear and tear? How can you determine its technical lifespan? How can you work with scenarios? Not only is this highly relevant to the work we do, it also makes it a lot of fun. We have an area here with engineering structures: tunnels, bridges, locks. These contain many PLC systems (programmable logic controllers – ed.), and we recently replaced one that dated from 1978. We are going to bring that OT together with IT.”
“It is an obvious observation, but I have been involved in the remarkable world of IT for some time now, and it is changing very rapidly. The perspective has completely changed: we used to talk about workplaces, now we talk about sovereignty and vulnerability. It’s a completely different world and I’ve had to adapt to that myself in the sense of: what does this mean for us? To summarise briefly, the point is: do we really have that continuity guaranteed now? In my opinion, there are two factors at play here. Firstly, geopolitical relations and all the commotion surrounding the Big Tech companies. That has shaken us awake and made us think. And secondly, we must always be alert to potential vulnerabilities in our services, both at Rijkswaterstaat and across the government. Things that work perfectly today may be vulnerable tomorrow, and we need to be able to respond quickly to that.”
Continuity
This has also had an impact on the existing sourcing strategy, says Kolkman, based on his involvement in the CIO Council’s programme sourcing strategy for the government. “The sourcing strategy has been in place for some time, and we needed to reassess it, but then all this happened and we realised that there are other issues at stake. It’s not that complicated, really, because to guarantee that continuity, I need a good exit strategy in the sourcing contracts. Because we may have a good arrangement with supplier X at RWS, but if that supplier works for the entire government, then you have a completely different context. So, as CIO Council, you look at how you can organise that nationally. The question then is: are we going to arrange it all centrally, so that we have it sorted government-wide in one go? Personally, I don’t believe in that. I think we need to arrange it in such a way that the implementer has sufficient power to get started and that we have properly arranged administrative comfort with each other nationally. Ergo: that you have your fallback in place, that you have an exit strategy with suppliers and that you have a competence centre for IT sourcing where you can get centralised advice. Then we will be doing well in terms of continuity.” Incidentally, Kolkman’s enthusiasm for and participation in the Dutch Digitisation Strategy (NDS) is also based on the principle of ‘using the power of implementation and not top-down management’. “We have seen often enough that this does not work; the government is too big to do all that. So yes, I find the NDS approach appealing.”
Business continuity – and the associated services – is also under pressure from increasing cyber threats. In this context, there is talk of power stations failing, but if we look at RWS: bridges, locks, dykes… We have high water, we have storms, and the Russians are hacking the Delta Works. How do you deal with that?
“We are very aware of the fact that something could happen. I really feel that it’s not a question of if you’ll be hacked, but when. That’s the worst nightmare you can have as a CIO. But fortunately, we haven’t experienced it yet. Everyone in the Netherlands can sleep soundly.”
Incidentally, it is regulated by law that RWS must limit the chances of failure as much as possible on, for example, flood defences and bridges, in view of the billions in social damage that could be caused. “We are doing everything we can to guarantee that continuity and, ultimately, we can move things manually. Because you have to have a last fallback scenario to ensure that the Netherlands stays dry, or remains safe and accessible. We work on cyber security every day from our own Security Operations Centre (SOC). Nevertheless, there remains a risk of disruption from cyber attacks that are beyond Rijkswaterstaat’s control. That’s also part of the times we live in. I think it’s called cyber shame, that you don’t dare to talk about it, but it is the reality of today. A global SharePoint vulnerability like this has also made us extra alert.” Kolkman says that crisis management exercises are also held regularly to anticipate possible IT outages due to DDoS attacks, for example.
Government cloud
Rijkswaterstaat is investing heavily in its sovereignty, which explains why Kolkman is a member of the NDS Council. His assigned priority is the cloud. In this context, he refers to the government cloud, “because it concerns the entire government: central government, provinces, municipalities and water boards. It’s really huge, I’ve never seen anything like it before.” His view of the government cloud is “that it will soon consist of a number of layers, including the hyperscaler layer. I don’t think that we at Rijkswaterstaat want to get rid of the Big Tech players such as Microsoft if we don’t make too much of a fuss about it. They are here, and if they stop now, we will all have a problem. Consider the average workplace: it’s all Microsoft. But that sovereignty over the data that really matters, the crown jewels as they are called, in the case of RWS the obvious data we need to keep the Netherlands safe, liveable, resilient and accessible, that is located in a different layer.”
Kolkman finds it exciting to see how decision-making and management will work at the NDS, with the national government, provinces, municipalities and water boards all sitting around the table. There is a widespread awareness that this is something we need to tackle together, and the necessity and urgency are felt across the government. Although, it must be said, here and there, as is typical of government, there is still some ‘not invented here’ syndrome. Kolkman smiles: “We are going to entice people to get on board, we are going to work with best practices, we are going to create a marketplace. There will be no coercion, such as ‘you must be in the government cloud within two years’.”
Without wanting to be negative, experience shows that things sometimes go wrong between intention and implementation…
“Yes, I agree. But why do I think this will work? Mainly because the urgency is very high. And I think that if we really have a good government cloud, which also gives us more independence, which you can simply use and scale up and down, then everyone will benefit. Then you can focus fully on ensuring continuity.”
And when will that government cloud be ready?
“If you say now that we are going to create a new cloud strategy, then you have to take into account that in five years’ time you will be obliged to switch to the government cloud. That seems like a good ambition to me. And then I hope that within the next two years we will be able to show something together; we have to make sure we maintain that energy together.”
Next level
Kolkman points to the role of government data centres (ODCs) and cites the consolidation from 64 to the current 4 government data centres as an example. “Those ODCs are doing well with ‘OpenShift’, among other things. They have all chosen the same technology, which means you can actually grow into a natural government cloud. So we’re not starting with a blank sheet. We need to take stock of what’s happening and look at how things could be done in terms of tendering. So yes, we still have some hurdles to overcome. But the approach is not: let’s just build something and it will be ready in four years. Here, too, we are looking at best practices, and it could well be that over the next two years we will slowly migrate those four or five ODCs towards each other. I am sure it will not be a big bang scenario, but rather a very logical step to the next level, which is the government cloud.”
###
“At CoE-DSC, we believe this is the right direction for the government and we support this transition to a government cloud. We are closely involved in European developments, such as IPCEI Cloud Infrastructure and Services (CIS). That is why we are happy to offer support and share our knowledge of European initiatives with the people working on the government cloud, so that developments within the government are in line with these initiatives.”
