Jeroen van der Ham is a tenured associate professor of Cyber Security Incident Response in the Design and Analysis of Communication Systems (DACS) group at the University of Twente.
He focuses on the many developments in coordinated vulnerability disclosure and ethics of the security profession, incident response, ethics of incident response and internet security research, denial of service attacks, and anonimization in network measurements.
Incident Response is a fundamental part of cybersecurity. Now that digitalisation has permeated almost every part of society, incident response has become a vital aspect of cybersecurity.
Incident response must grow from a trade to a profession. Incident Response started in earnest with the Morris worm and the formation of CERT/CC. However, Incident Response has always been a trade that has been learned mostly from lore, rather than grounded theory.
A profession requires theoretical frameworks and academic grounding.
Some questions that I'm focusing on:
PhD in System and Network Engineering, 2010
University of Amsterdam
MSc in System and Network Engineering, 2004
University of Amsterdam
MSc in Cognitive Artificial Intelligence, 2002
This chapter examines current research on cybersecurity ethics. It frames this around three different approaches to the subject. The first (‘bottom up’) considers ethical issues arising in different case studies and developing groupings of these issues, such as those relating to privacy, those to security, etc. The second approach (‘pragmatist’) considers ethical approaches currently used in cybersecurity practice, focusing on the confidentiali ty, integrity, availability (CIA) triad. The third approach (‘top down’) takes its starting point as broader ethical theories, which are then applied to cybersecurity. The authors present a novel top-down approach, defining security as the inverse of risk and then drawing on recent literature on the ethics of risk. The chapter concludes with a review of the strengths and weaknesses of each approach.
In the computer science field coordinated vulnerability disclosure is a well-known practice for finding flaws in IT-systems and patching them. In this practice, a white-hat hacker who finds a vulnerability in an IT-system reports that vulnerability to the system’s owner. The owner will then resolve the problem, after which the vulnerability will be disclosed publicly. This practice generally does not focus on potential offenders or black-hat hackers who would likely exploit the vulnerability instead of reporting it. In this paper, we take an interdisciplinary approach and review the current coordinated vulnerability disclosure practice from both a computer science and criminological perspective. We discuss current issues in this practice that could influence the decision to use coordinated vulnerability disclosure versus exploiting a vulnerability. Based on different motives, a rational choice or cost–benefit analyses of the possible reactions after finding a vulnerability will be discussed. Subsequently, implications for practice and future research suggestions are included.
Many networking research activities are dependent on the availability of network captures. Even outside academic research, there is a need for sharing network captures to cooperate on threat assessments or for debugging. However, most network captures cannot be shared due to privacy concerns. Anonymisation of network captures has been a subject of research for quite some time, and many different techniques exist. In this article, we present an overview of the currently available techniques and implementations for network capture anonymisation. There have been many advances in the understanding of anonymisation and cryptographic methods, which have changed the perspective on the effectiveness of many anonymisation techniques. However, these advances, combined with the increase of computational abilities, may have also made it feasible to perform anonymisation in real time. This may make it easier to collect and distribute network captures both for research and for other applications. This article surveys the literature over the period of 1998–2017 on network traffic anonymisation techniques and implementations. The aim is to provide an overview of the current state of the art and to highlight how advances in related fields have shed new light on anonymisation and pseudonimisation methodologies. The few currently maintained implementations are also reviewed. Last, we identify future research directions to enable easier sharing of network traffic, which in turn can enable new insights in network traffic analysis.
This paper examines the impact of this development for Internet measurements and analyses previous cases where Internet measurements have touched upon ethical issues. The paper proposes an early framework to help researchers identify stakeholders and how a network study may impact them. In addition to this, the paper provides advice on creating measurement practices that incorporate ethics by design, and also considers the role of third-party data suppliers in ethical measurement practices.
Besides my current position (since 2015) as security researcher at the National Cyber Security Centre, I have (held) the following academic positions (in reverse chronological order)