Understanding International Grand Challenges in Cyber Security

Today's world's societies are becoming more and more dependent on open networks such as the Internet - where commercial activities, business transactions and government services are realized. This has led to the fast development of new cyber threats and numerous information security issues which are exploited by cyber criminals. The inability to provide trusted secure services in contemporary computer network technologies has a tremendous socio-economic impact on global enterprises as well as individuals.

This course is about understanding international grand challenges in cyber security, i.e. complex challenges for network security engineers, analysts, law enforcement agencies but also policy makers to proactively combat rapidly changing cyber threats. Among others, the course discusses to what extent efforts of different players can address and/or contribute to cyber security challenges, but also points to the issues of international coordination and cooperation to deal with these challenges.

Workshop program

Date: 26 October 2016, 8:45-12:30

Location: Jaffalaan 5, Rooms H-I-J

Detailed Program:

8:45 General introduction

Maciej Korczynski, Delft University of Technology

8:50 Challenges for Law Enforcement Agencies in the Digital Era

Speaker: Luuc van der Horst, The Dutch National High Tech Crime Unit (NHTCU)

Abstract: The advent of the internet has had huge impact on criminal behaviour. The possibilities of cyberspace empowered criminals in their existent (cross-border) activities and have lead to cybercrime: offences in which end-users and digital infrastructure are targets in itself. Meanwhile, law enforcement agencies (LEA) struggle to keep in pace with these developments within the limitations of the current legal framework.

This presentation briefly sketches the cybercrime landscape from a LEA perspectives and focuses on the technical, legal and procedural challenges LEAs face in combatting cybercrime. Additionally, the presentation will explore current and future solutions to these challenges.

9:20 Clean Netherlands: Tackling Internet Pollution Using Science and Law Enforcement

Speaker: Maciej Korczynski, Delft University of Technology

Abstract: In this presentation, we describe a collaboration between Delft University of Technology, the Dutch National Police, the Authority for Consumers and Markets and the Public Prosecutor. This collaboration aims to enable law enforcement to engage with hosting providers and determine which factors influence Internet abuse in the Dutch hosting provider market, based on robust metrics. As such, this project intertwines large data sets on Internet abuse with robust metrics and the criminological concepts of problem-oriented policing and positive criminology. We present an approach to develop reputation metrics for the security of hosting providers. Next, we present how several law enforcement agencies use the proposed metrics to engage the hosting provider community.

9:50 The Rise of DDoS attacks: why, how, and what we can do about it

Speaker: Giovane Moura, Stichting Internet Domeinregistratie Nederland (SIDN)

Abstract: We have seen over the last year a continuous increase on the frequency and size of distributed denial-of-service (DDoS) attacks use for various goals, ranging from extortion of the victims, censorship, diversion from other attacks, and state sponsored events. Big DDoS now are available for rent on the Internet for less than 10 USD.

In this talk, we will cover the incentives, business models, and what we can expect and do about this emerging threat.

10:20 DarkWeb: A Dark Grand Challenge?

Speaker: Rolf van Wegberg, TNO and Delft University of Technology

Abstract: The dark side of the internet can be easily accessed, and it is getting more and more popular amongst (cyber)criminals to deploy criminal activities. Ranging from drugs- and weapon trade to cybercrime-as-a-service, the Dark Web is the new anonymous, place-to-be for an increasingly large group of criminals. This talk covers concrete examples of (novel) criminal activities as well as the criminal business models supported by the Dark Web. Trends and patterns in Dark Web-facilitated crime are identified using big data approaches and new insights on emerging 'threats' are presented. Finally the question arises: how grand a challenge are we talking about?

10:50 Break

11:00 - 12:30 Exploring the nature of international grand challenges in cyber security

11:00 Mobile Payment and Banking Hacks (speaker: Marijne Kramer)

11:05 Whistle Blowing (speaker: Ludo van den Buijs)

11:10 Ransomware (speaker: Bastiaan Manintveld)

11:15 NFC Hacking/Skimming (speaker: Ashwin Rajgopal)

11:20 People, the Weakest Link? (speaker: Tony Reijm)

11:25 Conflict Between Consumer Privacy and Cyber Security (speaker: Erin Bartholomew)

11:30 Data Privacy Versus National Security (speaker: Daniel Borsje)

11:35 End-to-end Encryption (speaker: Dirk Wolffenbuttel)

11:40 Smart Homes (speaker: Ellen Mok)

Students are requested to form groups of 4-5. Each group should prepare a short presentation (5 minutes) about one challenge in cyber security. You should briefly explore the nature of the selected challenge and try to address at least a subset of questions that you explored during the 'market' session (September 7), such as: "What is the problem?", "How urgent is a solution for the problem?", "Who is responsible for solving?", etc. You may explore any challenge related to security and privacy, examples could be: privacy in health data, location data, communications; cyber threats such as phishing, malware, spam, ransomware, identity theft; security of critical infrastructures, e-commerce; whistle blowing, data breaches, hacktivism, etc. You may choose any other subject.

Please send the chosen subject, title, presenter's name, and list of group members at latest 2 days in advance to the course (24 October) to maciej.korczynski{at}tudelft.nl

If you have any further questions related to the lectures or your presentations please send me an email.