Jointly analysing cyber security information without sharing

Jointly analysing cyber security information without sharing

2020-06-23 Webinar MPC -TNO.pngFriday 10 July 2020

On July 7th, 2020, at a webinar organized for members of CIO Platform Nederland, TNO introdced an ongoing research project in the field of the exchange of cyber security information and Secure Multi-Party Computation (MPC). In this blog post, we'll make the information from the webinar more widely available, as MPC and cyber security can be an interesting and valuable combination for anyone who is working on cyber security (threat) information.

TNO is conducting exploratory research into Secure Mult-Party Computation (MPC) and cyber security information because it expects that valuable analyzes are possible when calculating confidential 'information security data' using MPC. The strength of this technology is that it makes analyzing sensitive data from multiple parties possible, without actually sharing this data.

Throughout 2020 TNO will be working together with other interested parties in order to gain experience with MPC and generate ideas and solutions. They have a lot of freedom to choose partners, test this technique in practice and to investigate its viability.

What is MPC?
Secure Multi-Party Computation (MPC) is a ‘toolbox’ of cryptographic techniques that allows several different parties to combine their (encrypted) data with (encrypted) data from other parties, with the aim of having previously agreed analyzes take place. The agreements are recorded in a mathematical protocol that can replace a trusted third party, and only in accordance with this protocol do analyzes take place on the data. Distinctive and of added value is the fact that the data itself is not exchanged. 

Important features of the technique are: the data remains safe, data is not decrypted for the analyzes, it is not possible to deviate from (the number of) parties included in the protocol, the data from the parties cannot be traced, many calculations can take place and it can be integrated with existing tooling. The only thing that is shared is the outcome of the analyzes. Please watch the video about MPC. For more information and videos, please visit www.tno.nl/mpc.

Looking for use cases
The relevance of MPC has been proven in various economic sectors and domains. Application in the cybersecurity domain is relatively new, but could potentially make a major contribution to an information sharing paradox:

Yes
Information about how others are doing or what they are seeing is useful.

Paradox

paradox.jpg

NO
Revealing cyber security information from my company to others might damage our reputation, or may even be illegal.


Due to the new character of the technique, identifying a use case is a challenge. Many companies have cyber security (threat) information at their disposal, but how does that compare with the information of others? Can we learn more when we compare data, or merge without knowing exactly what is being merged? Does MPC complement the informal relationship of trust? These questions form the starting position of the exploratory TNO research.

Does your company have any cyber security information that you would like to know from other companies, but which you are hesistant or unable to share yourself? 

Do you want to know more? Please contact the project leader of this project Marie Beth van Egmond, marie_beth.vanegmond@tno.nl.




Tags
Blog Engels
Information Security

« Back

More news

Launch guideline for successful cooperation

2021-05-18 Nieuwsbericht Richtlijn succesvolle samenwerking.pngTuesday 18 May 2021 In close cooperation between CIO Platform Nederland and NLdigital the ‘Guideline for successful cooperation’ has been launched. The guideline provides guidance towards more predictability and transparency in the relationship between providers and users of software. Download the guideline, implement it and make sure to let us know to what extent the guideline is (in)effective in practice. full story
Tags
CIO Platform Nederland
Vendor Relations

Article by FD about GDPR-compliance featuring CIO Platform Nederland finds national audience

AVG 2.jpgMonday 12 April 2021 On April 5th, the Financieele Dagblad published an article with contributions from CIO Platform Nederland about the issues business users face concerning compliance with the GDPR. The article did not remain unnoticed, but also contained a few inaccuracies. Please find below both amendments and a reference to the parliamentary questions asked and other publications in the media based on the article. full story
Tags
CIO Platform Nederland
Vendor Relations

Advisory report NL Cyber Security Council advises an integrated approach to cyber resilience with management at the highest level

CSR Adviesrapport.jpgWednesday 07 April 2021 Yesterday, the demissionary Minister of Justice and Security presented the Cyber Security Council's CSR Advisory Report "Integrated approach to cyber resilience" to the House of Representatives. It contains concrete (strategic) measures to be taken in the short term to get our cyber resilience to the necessary level as quickly as possible, including the corresponding investments of € 833 million. CIO Platform Nederland, represented in the council by Claudia de Andrade - de Wit, is pleased with the publication and emphasizes the importance of the central approach full story
Tags
CIO Platform Nederland
Information Security

Inspiring Board webinar Data Rules!

21-03-02 Data Rules intro Sjoerd.pngThursday 18 March 2021 'Data Rules!' - our inspiration-webinar on value creation through data- specifically designed for the (non-) executive board members and CxOs of the member organizations of CIO Platform Nederland was a huge success! Expert speakers from Alliander, DPG Media, Pon, Royal Schiphol Group, PostNL, Picnic Technologies, Rijkswaterstaat and Radboudumc inspired the interactive audience on the importance, opportunities and impact of data. full story
Tags
CIO Platform Nederland
Digital Strategy

View all news items through the archive

Close