print preview

Thinking like the «bad guys» for a secure cyberspace

As Scientific Project Manager at armasuisse Science and Technology (S+T), Dr. Alain Mermoud is responsible for Technology Monitoring and Forecasting. Together with Dr. Mathias Humbert, responsible for Privacy and Machine Learning at armasuisse S+T, he is organising the Cyber-Defence Campus Conference from November 3 - 4 in Lausanne.

Science and Technology, Department of Business Processes

Dr. Alain Mermoud in fornt of his workplace.

The Cyber-Defence Campus Conference will take place on November 3 and 4 at EPFL, both on site and online. The goal of the conference is to exchange ideas for a secure cyberspace. Dr. Alain Mermoud, Scientific Project Manager at armasuisse S+T, will talk among other topics about «Cyber Threat Intelligence» and how this helps to anticipate cyber-risks early on.

Mr. Mermoud, what was the motivation for creating the Cyber-Defence Campus conferences?

The conferences bring different worlds together. The goal of these conferences is to bring people from academia together with people from industry and the federal administration. In the national strategy for protecting Switzerland against cyber risks, the CYD Campus thus fulfils its mission to bring together experts from the DDPS, the security-relevant industry, start-ups, universities and international partners. At the same time, the conferences give us the opportunity to show the cooperation between armasuisse and its partners, and enable the participants to exchange the results of research.

How do these conferences contribute to the cyber-security of Switzerland?

The largest contribution is definitely bringing research – which is mainly theoretical – into industry and the federal administration. Without this exchange, people in research are unaware of the problems prevalent in industry. On the other hand, people from industry need research to drive innovation. The conferences offer a platform to bring people from different parties together in order to transfer the results of research to real products.

The conferences also bring a certain awareness of cyber and security topics. We are all heavily dependending on IT, be it in business or in everyday life.

The next conference revolves around the topics of «Cyber Threat & Technology Intelligence» and «Privacy-Enhancing Technologies». Why these topics in particular?

For one thing, Dr. Mathias Humbert, my team colleague at the Cyber-Defence Campus, and I are intensively engaged in these topics at the Cyber-Defence Campus, and for another, the two topics fit together very well. On the first day, we will talk about intelligence-related issues. Basically, you have to collect an enormous amount of data in order to be able to analyse it. For research issues on cyber security, data is like what petrol is for an engine – without it nothing works. On the second day, we will be discussing how we can protect the privacy of citizens. Hence, the two days will allow us to explore this trade-off.

            For research issues on cyber security, data is like what

             petrol is for an engine – without it nothing works.

                                                  Dr. Alain Mermoud


You are responsible for Day 1, which revolves around the subject of «Cyber Threat & Technology Intelligence». You already mentioned that this concerns intelligence-related issues. Can you be more specific?

In short, it’s about creating a radar for future threats. For this purpose, we collect data and information from various sources, such as open data platforms, social media, etc. and evaluate it. This then enables us to create portraits of hackers, threats and technological trends. We can thus identify early on, which threats we could be facing in the future. This gives us the chance to prepare for them better.

The attackers, in other words criminal hackers, also known as «black hats», do it the same way – they exchange information, experience, tips and tricks. The idea of cyber threat intelligence is actually to do the same thing on the «good» side. In contrast to criminally motivated hackers, we naturally have various rules and laws, which we must comply with, but the basic idea is the same.

Is it common practice in the cyber world to align yourself to the «bad guys» processes?

Of course, the police does the same. A good policeman also thinks: «What would the thief do?» Or if you want to make your house safe from burglars, you also have to consider whether they will come in through the window, or through the roof, etc. In addition to my job at armasuisse, I’m also active as an intelligence officer in the Swiss armed forces. The principle is exactly the same there – you have to think like «red» in order to decide what you can do best as «blue». As a defender, it definitely helps to think like an attacker.

So the best cyber specialists are former hackers?

One can say that many cyber-security specialists come from a hacking background. This doesn’t mean that they have a criminal past, as there is such a thing as ethical hacking. The decisive factor is how the knowledge and motivation are used. That’s the difference between «white hat» hackers – the «good guys» and «black hat» hackers, the «bad guys», if you like.

You talk about threat intelligence and open source platforms. Can you explain more about these?

There are various platforms - such as MISP or Open Threat Exchange - on which ethical hackers, as well as companies, can exchange information on potential dangers. One example is MELANI-NET, on which an exchange of information on critical infrastructures, such as hospitals, the SBB or banks, takes place every day.

Is there a speaker who you are really looking forward to hearing?

Our first CYD Fellow post-doctoral researcher, Dr. Dimitri Percia David, will present the first results of his research together with his supervisor Dr. Thomas Maillart from the University of Geneva. They will be looking at the future of threat intelligence and technology forecasting for cyber-defence. I am very much looking forward to it.

Are there already plans for next year?

Yes, we will hold a conference at the end of September at EPFL on the topic of critical infrastructure protection. We will hold this conference in conjunction with the scientific conference CRITIS 2021, which takes place in a different country every year. Another conference is planned in spring, if the Coronavirus pandemic allows.

Have we aroused your interest in the topic of cyber-defence? Then register for one or more of the Cyber-Defence Campus conferences. These are open for all interested parties. There are still free places, both for the conference this November and for the CRITIS 2021 (16th International Conference on Critical Information Infrastructure Security). We look forward to seeing you!