A network to fight cybercrime

The message at the symposium to celebrate 20 years of SWITCH-CERT was that CERTs will need to work together more in future.

Text: Anja Eigenmann, published on 27.09.2016

SWITCH-CERT organised a celebration and symposium on 21 September to mark 20 years since it was formed. The theme was "the history and future of incident response". A welcome address by the host Michael Hausding was followed by three parts:

The overall conclusion from the event was that the "good guys" only have a chance against the cybercriminals if they work more closely with each other as part of a network.

Philipp Metzger, Director of the Federal Office of Communications (OFCOM)

Where does Switzerland stand as regards the digital revolution?

Uber or taxi? This question is a good example of how rapid technological change affects our day-to-day lives. The Swiss government believes that it cannot stand idly by. This is why the Federal Council adopted an overall digital strategy for Switzerland on 20 April 2016. The aim is to raise awareness and investigate the opportunities that digitalisation brings for Switzerland, and the strategy will be updated on an ongoing basis. One of its core goals is security and protection against online threats. Philipp Metzger talked about what the strategy is intended to achieve in general and how Switzerland is addressing the issue of security. The fact that .ch, with some two million domain names, is among the most secure top-level domains in the world vindicates the procedures in place, which allow fast and flexible intervention. SWITCH is also playing a part in the good reputation of .ch here. Metzger hopes that .swiss, which currently has 16,000 domain names, will continue this tradition.

Philipp Metzger's keynote speech about Switzerland's overall digital strategy.

Alexander Odenthal, Head IT Risk Controller and Deputy CISO at Raiffeisen Group Switzerland

Bot versus bot in the cyber wars?

Cybercrime is now more profitable than the narcotics trade – and it is less risky too. In his speech, Alexander Odenthal discussed the evolution of computing and how cybercrime has turned into a globally organised service that is available to people with no specialist know-how. He provided some facts on cybercrime, described the factors driving it and suggested possible solutions.

What does the future have in store as far as technology is concerned? Odenthal talked about four trends predicted by the IT market research firm Gartner and their potential impact. He finds the concept of software-defined security contradictory, given that software vulnerabilities are partly responsible for security being such a big issue in the first place. On the other hand, he is intrigued by the prospect of attack and defence in cyberspace eventually becoming a war of bot versus bot.

He hopes that CERTs will tailor their services to the differing needs of a wide variety of fields in future and believes that they should act as a kind of “crowd intelligence”, helping to move automation research forward. The money to fund this, he said, could come from public-private partnerships. He ended with a question: how does artificial intelligence deal with human failings? Odenthal’s input helped to kick-start the podium discussion that followed.

Alexander Odenthal's keynote speech about the history and future of cybercrime.

Podium discussion (see box for panel members)

Where next for incident response?

What does the future hold for CERTs? This is the first question moderator Lionel Ferette put to the panel. Baiba Kaskina responded, "I don't think people will be taken out of the equation in the future, with bots fighting bots. First, we need to deal with some things that may sound simple, like IPv6, enforcing laws and security on the Internet of Things. CERTs have only limited scope."

Margrete Raaum took up the topic of change: "The next generation will have a different idea of what privacy is compared with us, so maybe it won't need to be protected so heavily." Max Klaus sees the need for CERTs to increase their capacities and forge links with each other: "With all the gadgets coming onto the market, firms are being confronted more and more with issues concerning their IT."

Stefan Lüders would like to see extensive automation: "It should be possible to scan everything that's digital at the touch of a button. Systems should report vulnerabilities, and these should be patched automatically. That way, I can use my team to tackle complex issues that can't be handled with automation. I would like all of you here to help with this." He also identified another unsolved problem for CERTs: "I forward my Indicators of Compromise (IoC) list to the people I trust, but that doesn't scale. Why are we so bad at passing these lists on? Why don't we trust each other with them?"

Asked by Ferette whether CERTs are suitably equipped for what lies ahead, the panel exposed the weaknesses of the CERT system. The main one in their eyes is trust. Who can you trust with your information and be sure that it will not fall into the wrong hands? The fact that CERTs – unlike hackers – have to obey the law makes things harder. Hackers are only rarely held accountable. The panel insisted that CERTs have to be part of an all-encompassing, proactive security concept going forward rather than just cleaning up the mess.

Questions from the audience concerned topics such as the roles of various different CERTs, how cybercriminals are one step ahead and how to ensure that hackers cannot exploit IoC information.

Video of the podium discussion with Baiba Kaskina, Margrete Raaum, Max Klaus and Stefan Lüders (left to right). (Video Urs Schmid)
About the author
Anja   Eigenmann

Anja Eigenmann

Anja Eigenmann has worked at SWITCH since 2012 and is currently an editor for online and print media. She trained as a journalist and later completed a Master of Advanced Studies in Business Communications. She has previously been an editor-in-chief and consultant, among other things, and has led a course in online content writing.


Panel members

  • Moderator: Lionel Ferette, ENISA (European Union Agency for Network and Information Security)
  • Baiba Kaskina, Chair of TF-CSIRT (GÉANT Task Force Computer Security Incident Response Teams)
  • Margrete Raaum, Chair of FIRST (Forum of Incident Response and Security Teams)
  • Max Klaus, Deputy Head of MELANI (Swiss Reporting and Analysis Centre for Information Assurance)
  • Dr Stefan Lüders, Computer Security Officer at CERN
Other articles