Safe and privacy-friendly sharing of cyber security data

The paradox inherent in sharing information

There’s a paradox within our data-driven society. In the age of big data, it’s becoming increasingly important to analyse data from different sources. This enhances understanding and improves decision-making, for example in healthcare, the financial sector, national security, but also in order to strengthen cyber security.

At the same time, risks are increasing. The impact of data breaches or theft can be significant and may even put national security at risk. Companies and organisations are open to learning from each other, but sharing cyber security data and insights is often a step too far. Privacy, finances, or reputation are barriers to information sharing.

Techniques for sharing data securely

Secure Multi-Party Computation (MPC) is a solution. It enables both large and small organisations to use data collectively for computing as if they jointly own a database. At the same time, there’s absolute certainty that they can never see each other’s data. This enables you to link the most sensitive databases without the risk of hackers using one database to gain access to another.

We’ve developed a Proof of Concept with this technique. This makes it possible to analyse information about cyber security incidents from different organisations. And it breaks down barriers to sharing cyber security data.

Added value of MPC

In 2020, we investigated the added value of MPC for sharing cyber security information with the help of a use case. The use case involves organisations A, B, C, D, and E. All of them store information about cyber security incidents that occur in their network (e.g., ransomware or DDoS attacks).

They suspect that other organisations record similar incidents and would like to know about them when they occur. However, organisation A doesn’t want to send this information to organisations B, C, D, and E. Why not? Because it reveals too much sensitive information, such as how long it took to resolve an incident, or the extent of the financial damage.

MPC protocol for sensitive information

The sensitivity of this kind of information stands in the way of it being shared. An MPC protocol offers a solution to this in the following way:

1. Organisations answer questions about each recorded incident, for example about the attacker, the impact, and internal actions taken to resolve the incident.
2. Each organisation processes this information in a database (the input) and then adds it to the MPC protocol.
3. The data are securely combined.
4. Each participating organisation performs its own analysis of the joint data. For example, determining the percentage of incidents in which malware played a role. Sensitive information cannot be retrieved. For example, no one can find out that organisation A recorded several ransomware attacks.
5. In this way, participating organisations learn from each other while maintaining anonymity. A truly ‘shared’ database is the result.

Collaborating

MPC is not a total solution. Organisations often need help to collect data in a structured way. This is an important condition for the successful operation of an MPC protocol. Participating organisations also have to agree in advance which questions they want answered. With these prerequisites in place, MPC is a technical solution for breaking down barriers to information sharing.

Would you like to know how MPC can strengthen cyber security in your organisation? Please feel free to contact us.