Stéphane BortzmeyerMay 14, 2019

Good morning, Lausanne! Second day of #CANVAS https://lausanne2019.canvas-project.eu/ Let's talk cybersecurity, strategy, ethics, values and so on.

And now, I have electrical power, thanks to @PirBoazo .

CANVAS Workshop Lausanne: Ethical dilemmas in strategical and operational cybersecurity at State level

Show threadStéphane BortzmeyerMay 14, 2019
Nouschka Auwema on stage, about security of the Dutch government and critical infrastructure. #CANVAS
Show threadStéphane BortzmeyerMay 14, 2019
I learn that when you disclose a security vumnerability to the dutch governement, you are not prosecuted (if you do it properly), not rewarded in money, but you get a T-shirt: https://naijaknowhow.net/nigerian-female-hacker-rewarded-for-hacking-dutch-government/ #CANVAS
Nigerian Female Hacker Rewarded For Hacking Dutch Government! ⋆ Naijaknowhow

A Nigerian female hacker was rewarded for hacking the Dutch government. All thanks to the National Cyber Security Centre of Netherlands. Learn more here!

Naijaknowhow
Show threadStéphane BortzmeyerMay 14, 2019
Description of security incident handling in the dutch governement. Among the people in the team, there is a "facility manager" (the person bringing coffee and pizzas to the response team.) #CANVAS
Show threadStéphane BortzmeyerMay 14, 2019
There is in the Netherlands a pilot program ("HackRight") for young computer crackers (if it is their first offence, only), they can escape fine and jail if they do an internship in a security organisation, with mandatory work on ethics. #CANVAS
Show threadStéphane BortzmeyerMay 14, 2019

Stephan Walder, Zürich prosecutor, about prosecution of "cybercrime". (A lot of "cyber" on the slides.)

One of the examples is the hacking of the machines of a swiss coffee machine producer... He uses that as an example that not all attacks are "cybercrime".

#CANVAS

Show threadStéphane BortzmeyerMay 14, 2019

Daniel Plohmann speaks about collaboration in cybersecurity at #CANVAS.

For DGA (Domain Generation Algorithms), he created #DGarchive https://dgarchive.caad.fkie.fraunhofer.de/ (access restricted) to archive all possible generated domains.

DGArchive

Show threadStéphane BortzmeyerMay 14, 2019
There are 120 millions domains in #DGarchive. Almost the size of .com :-) #CANVAS
Show threadStéphane BortzmeyerMay 14, 2019

#DGarchive was a one-person project at the beginning but it evolved into a collective project. Lessons to attract volunteers: show appreciation, keep the project simple and focused.

Usual challenge with security data: how to distribute it to good guys only...

#CANVAS

Show threadStéphane BortzmeyerMay 14, 2019
As with any #DGA data, lots of false positives. itunes.com and github.com were generated by the #Virut malware. #CANVAS
Show threadStéphane Bortzmeyer
Other project by the author: #Malpedia, a curated encyclopedia / repository of #malware. Lots of volunteers will be necessary. And access is for vetted people only. #CANVAS
May 14, 2019 at 1:07pmWeb
Show threadStéphane BortzmeyerMay 14, 2019
Martin Dion is the last speaker at the #CANVAS workshop https://lausanne2019.canvas-project.eu/ about ethical questions on cybersecurity and various answers depending on what sort of stakeholder you are.
CANVAS Workshop Lausanne: Ethical dilemmas in strategical and operational cybersecurity at State level