Stronger together. When it comes to cyberdefence, this slogan could not be more apt. When private and public organisations join forces for cybersecurity, everyone benefits. Cooperations like this can take place at different levels and with different stakeholders.
Text: Andreas Heer, Pictures: Swisscom
12 October 2023
“Protecting Switzerland against cyberthreats is a joint task for society, the business community and the state.” This is one of the principles of the National Cyber Strategy(opens in new tab) (NCS), which was published in April 2023. Although the statement specifically relates to protecting public institutions, it can be applied more widely: “Cooperation is the key to effective cyberdefence.” An important objective of cooperation is to obtain a clear overview of the current threat status. Once you have this, appropriate protective measures can be taken, and attacks can be identified and blocked at an early stage.
Cooperation is essential between multiple organisations to achieve these goals, says Vincent Lenders, Director of the Cyber-Defence Campus(opens in new tab) at armasuisse: “Private and public organisations complement each other perfectly in cyberdefence. Public organisations have a good overview of potential threats while private organisations have information about the risks that are typical for their company or industry.”
The Cyber-Defence Campus actively cultivates cooperation between the public and private sector in the form of a public-private partnership (PPP). This cooperation covers different areas: “Sharing information about new security vulnerabilities and technologies is an essential aspect, but there is also great potential for information sharing in the areas of education, training, research and innovation,” says Vincent Lenders.
To strengthen cyberdefence, there is also networking between the different security experts who work in cyberdefence, such as between different CERTs (computer emergency response teams). “We interact with other critical infrastructure operators, but also with other managed security service providers,” says Marco Bruno, customer advisor in incident response at Swisscom.
The aim of this professional dialogue is to share knowledge with one another and optimise our preparation for future cyberattacks. “We discuss ransomware cases and software vulnerabilities, for instance,” explains Marco Bruno. “In addition to the attack methods, we are also interested in the traces left behind”. It is not unusual to discuss terms such as ‘indicators of compromise’ (IoC) and ‘TTP’ (tactics, techniques and procedures). While IoC refer to the evidence left behind by specific actors, TTPs provide information about the methods used. This knowledge, in turn, supports incident response.
In the event of an actual incident, cooperation takes place on another level, with law enforcement agencies or the National Cyber Security Centre (NCSC). Cybercriminals often operate from abroad, making criminal prosecution more difficult, according to Marco Bruno: “By the time a compromised server abroad can be seized, the attackers are often long gone.”
The strategic international cooperation of the Cyber-Defence Campus is proving more successful, as Vincent Lenders explains: “In the context of a public-private partnership, we work closely with the Swisscom outpost in Silicon Valley, for example, to share information about cyber start-ups and technological developments.”
When it comes to cybersecurity experts sharing information about current incidents, what about the data confidentiality implications? Marco Bruno and Vincent Lenders dismiss this concern; there are rules governing the information that can be shared. And any identifying data such as IP addresses are anonymised.
For Vincent Lenders, the test lies elsewhere: “The main challenge is to find partnership models in which both parties can invest and benefit equally.” The organisations involved are therefore called upon to develop an approach that ensures this mutual give and take.
Both experts agree that the information sharing is extremely beneficial. “By pooling their resources, both sides can pursue a more coordinated, and efficient cyberdefence,” Vincent Lenders concludes.