Jeroen van der Ham is associate professor of Cyber Security Incident Response in the Design and Analysis of Communication Systems (DACS) group at the University of Twente. Jeroen combines this with his work at the National Cyber Security Centre in The Netherlands (NCSC-NL).
At NCSC-NL he focuses on the many developments in coordinated vulnerability disclosure and ethics of the security profession.
At the University of Twente he focuses on incident response, ethics of incident response and internet security research, denial of service attacks, and anonimization in network measurements.
Incident Response is a fundamental part of cybersecurity. Now that digitalisation has permeated almost every part of society, incident response has become a vital aspect of cybersecurity.
Incident response must grow from a trade to a profession. Incident Response started in earnest with the Morris worm and the formation of CERT/CC. However, Incident Response has always been a trade that has been learned mostly from lore, rather than grounded theory.
A profession requires theoretical frameworks and academic grounding.
Some questions that I'm focusing on:
PhD in System and Network Engineering, 2010
University of Amsterdam
MSc in System and Network Engineering, 2004
University of Amsterdam
MSc in Cognitive Artificial Intelligence, 2002
Besides my current position (since 2015) as security researcher at the National Cyber Security Centre, I have (held) the following academic positions (in reverse chronological order)
In the computer science field coordinated vulnerability disclosure is a well-known practice for finding flaws in IT-systems and patching them. In this practice, a white-hat hacker who finds a vulnerability in an IT-system reports that vulnerability to the system’s owner. The owner will then resolve the problem, after which the vulnerability will be disclosed publicly. This practice generally does not focus on potential offenders or black-hat hackers who would likely exploit the vulnerability instead of reporting it. In this paper, we take an interdisciplinary approach and review the current coordinated vulnerability disclosure practice from both a computer science and criminological perspective. We discuss current issues in this practice that could influence the decision to use coordinated vulnerability disclosure versus exploiting a vulnerability. Based on different motives, a rational choice or cost–benefit analyses of the possible reactions after finding a vulnerability will be discussed. Subsequently, implications for practice and future research suggestions are included.
Many networking research activities are dependent on the availability of network captures. Even outside academic research, there is a need for sharing network captures to cooperate on threat assessments or for debugging. However, most network captures cannot be shared due to privacy concerns. Anonymisation of network captures has been a subject of research for quite some time, and many different techniques exist. In this article, we present an overview of the currently available techniques and implementations for network capture anonymisation. There have been many advances in the understanding of anonymisation and cryptographic methods, which have changed the perspective on the effectiveness of many anonymisation techniques. However, these advances, combined with the increase of computational abilities, may have also made it feasible to perform anonymisation in real time. This may make it easier to collect and distribute network captures both for research and for other applications. This article surveys the literature over the period of 1998–2017 on network traffic anonymisation techniques and implementations. The aim is to provide an overview of the current state of the art and to highlight how advances in related fields have shed new light on anonymisation and pseudonimisation methodologies. The few currently maintained implementations are also reviewed. Last, we identify future research directions to enable easier sharing of network traffic, which in turn can enable new insights in network traffic analysis.
This paper examines the impact of this development for Internet measurements and analyses previous cases where Internet measurements have touched upon ethical issues. The paper proposes an early framework to help researchers identify stakeholders and how a network study may impact them. In addition to this, the paper provides advice on creating measurement practices that incorporate ethics by design, and also considers the role of third-party data suppliers in ethical measurement practices.