Safe and privacy-friendly sharing of cyber security data
Organisations are reluctant to share information on cyber security. But sharing such data also provides opportunities to improve cyber security. We’re therefore developing new methods and techniques to shield data effectively, while at the same time enabling a secure exchange of information. Find out how this works.
The paradox inherent in sharing information
There’s a paradox within our data-driven society. In the age of big data, it’s becoming increasingly important to analyse data from different sources. This enhances understanding and improves decision-making, for example in healthcare, the financial sector, national security, but also in order to strengthen cyber security.
At the same time, risks are increasing. The impact of data breaches or theft can be significant and may even put national security at risk. Companies and organisations are open to learning from each other, but sharing cyber security data and insights is often a step too far. Privacy, finances, or reputation are barriers to information sharing.
Techniques for sharing data securely
Secure Multi-Party Computation (MPC) is a solution. It enables both large and small organisations to use data collectively for computing as if they jointly own a database. At the same time, there’s absolute certainty that they can never see each other’s data. This enables you to link the most sensitive databases without the risk of hackers using one database to gain access to another.
We’ve developed a Proof of Concept with this technique. This makes it possible to analyse information about cyber security incidents from different organisations. And it breaks down barriers to sharing cyber security data.
Added value of MPC
In 2020, we investigated the added value of MPC for sharing cyber security information with the help of a use case. The use case involves organisations A, B, C, D, and E. All of them store information about cyber security incidents that occur in their network (e.g., ransomware or DDoS attacks).
They suspect that other organisations record similar incidents and would like to know about them when they occur. However, organisation A doesn’t want to send this information to organisations B, C, D, and E. Why not? Because it reveals too much sensitive information, such as how long it took to resolve an incident, or the extent of the financial damage.
MPC protocol for sensitive information
The sensitivity of this kind of information stands in the way of it being shared. An MPC protocol offers a solution to this in the following way:
- Organisations answer questions about each recorded incident, for example about the attacker, the impact, and internal actions taken to resolve the incident.
- Each organisation processes this information in a database (the input) and then adds it to the MPC protocol.
- The data are securely combined.
- Each participating organisation performs its own analysis of the joint data. For example, determining the percentage of incidents in which malware played a role. Sensitive information cannot be retrieved. For example, no one can find out that organisation A recorded several ransomware attacks.
- In this way, participating organisations learn from each other while maintaining anonymity. A truly ‘shared’ database is the result.
MPC is not a total solution. Organisations often need help to collect data in a structured way. This is an important condition for the successful operation of an MPC protocol. Participating organisations also have to agree in advance which questions they want answered. With these prerequisites in place, MPC is a technical solution for breaking down barriers to information sharing.
Would you like to know how MPC can strengthen cyber security in your organisation? Please feel free to contact us.
Freek BomhofFunctie:Senior Consultant
Freek Bomhof is senior consultant in the Data Science group, focusing on applications of responsible AI, mostly for the Safety & Security sector. He is one of the driving forces behind the National Innovation Center for Privacy Enhancing Technologies, and he is also board member of the Big Data Value Association.
Looking for another expert?View all experts
Cyber risks and chain effects
TNO strengthens processes and supply chains, thus helping to boost the resilience of the Netherlands against cyber threats. Reduce cyber risks with the help of our white paper.
National cyber resilience
People are at the root of both the solution and the cause of cyber security problems. This, therefore, is decisive in our approach to cyber resilience.