Attribution is one of the key problems when it comes to a digital attack. Not only does the web inherently promote anonymity among its users, but some of the most sophisticated attackers also know how to leverage Internet technology to hide their tracks. Specifically, they know how to launch their campaigns using other people’s web infrastructure, an evasive technique which renders attribution even more difficult than it already is.
Few understand the challenges of attribution better than Alexandre Dulaunoy.
Dulaunoy first began working with computers in the eighties when he disassembled computers for the first time. He has been pursuing information security and free software ever since. Along the way, he has worked as a senior security network consultant at various security firms, and he even helped co-found a startup that specializes in information security management. Dulaunoy now works at a national Luxembourg Computer Security Incident Response Team (CSIRT), where he specializes in the research and operational fields. That not only involves incident response and mitigating threats; it also entails designing software for sharing indicators of compromise (IoCs) and other threat information with a community of 500 organizations.
To emphasize the importance of information sharing for the security industry, Dulaunoy will discuss best practices in exchanging strategic intelligence at this year’s Borderless Cyber Europe, which will be held at the European Commission in Brussels, Belgium on 8-9 September. He will walk through the practical development of information sharing tools such as the Malware Information Sharing Platform (MISP). He will also touch upon challenges in sharing intelligence, such as seemingly incompatible legal frameworks and classification models, and how practitioners can address those problems.
First and foremost, Dulaunoy hopes his presentation will highlight the truth behind most challenges in information sharing:
“From my experience, technical details account for only a quarter of the problems regarding information sharing. The rest of it has to do with negotiating legal frameworks and coming to an understanding with communities that don’t want to share. That 75 percent is a human problem, and we can all do something about it.”
He also hopes organizations realize that they are facing a universal problem and that borders create more problems than solutions.
In the end, it all comes down to whether companies are in a mindset to share. Dulaunoy explains:
“Information sharing is a mindset. In the past year, lots of organizations have expressed their interest in sharing intelligence, but they haven’t followed through because of a mindset that says they should limit what and how much they share. That’s not the right way organizations should approach information sharing. Instead they should have an approach that by default encourages exchanging intelligence openly. Adopting an open mindset is much more beneficial than closing yourself off, and in many cases, it can be better to share more broadly and on a large-scale.”
For more information about Dulaunoy’s upcoming presentation, please click here.
To make sure your views on information sharing are heard at Borderless Cyber Europe, register for the conference here.