Good morning, Lausanne! Second day of lausanne2019.canvas-project.eu Let's talk cybersecurity, strategy, ethics, values and so on.

And now, I have electrical power, thanks to @PirBoazo .

Nouschka Auwema on stage, about security of the Dutch government and critical infrastructure.

I learn that when you disclose a security vumnerability to the dutch governement, you are not prosecuted (if you do it properly), not rewarded in money, but you get a T-shirt: naijaknowhow.net/nigerian-fema

Description of security incident handling in the dutch governement. Among the people in the team, there is a "facility manager" (the person bringing coffee and pizzas to the response team.)

There is in the Netherlands a pilot program ("HackRight") for young computer crackers (if it is their first offence, only), they can escape fine and jail if they do an internship in a security organisation, with mandatory work on ethics.

Stephan Walder, Zürich prosecutor, about prosecution of "cybercrime". (A lot of "cyber" on the slides.)

One of the examples is the hacking of the machines of a swiss coffee machine producer... He uses that as an example that not all attacks are "cybercrime".

Daniel Plohmann speaks about collaboration in cybersecurity at .

For DGA (Domain Generation Algorithms), he created dgarchive.caad.fkie.fraunhofer (access restricted) to archive all possible generated domains.

There are 120 millions domains in . Almost the size of .com :-)

was a one-person project at the beginning but it evolved into a collective project. Lessons to attract volunteers: show appreciation, keep the project simple and focused.

Usual challenge with security data: how to distribute it to good guys only...

As with any data, lots of false positives. itunes.com and github.com were generated by the malware.

Other project by the author: , a curated encyclopedia / repository of . Lots of volunteers will be necessary. And access is for vetted people only.

Suivre

Martin Dion is the last speaker at the workshop lausanne2019.canvas-project.eu about ethical questions on cybersecurity and various answers depending on what sort of stakeholder you are.

· Web · 0 · 0 · 0
Inscrivez-vous pour prendre part à la conversation
Mastodon - Gougère Network

Vive les gougères ! mnt-by: @yapret @papaeng89