Thinking like the «bad guys» for a secure cyberspace

As Scientific Project Manager at armasuisse Science and Technology (S+T), Dr. Alain Mermoud is responsible for Technology Monitoring and Forecasting. Together with Dr. Mathias Humbert, responsible for Privacy and Machine Learning at armasuisse S+T, he is organising the Cyber-Defence Campus Conference from November 3 – 4 in Lausanne.

Is it common practice in the cyber world to align yourself to the «bad guys» processes?

Of course, the police does the same. A good policeman also thinks: «What would the thief do?» Or if you want to make your house safe from burglars, you also have to consider whether they will come in through the window, or through the roof, etc. In addition to my job at armasuisse, I’m also active as an intelligence officer in the Swiss armed forces. The principle is exactly the same there – you have to think like «red» in order to decide what you can do best as «blue». As a defender, it definitely helps to think like an attacker.

So the best cyber specialists are former hackers?

One can say that many cyber-security specialists come from a hacking background. This doesn’t mean that they have a criminal past, as there is such a thing as ethical hacking. The decisive factor is how the knowledge and motivation are used. That’s the difference between «white hat» hackers – the «good guys» and «black hat» hackers, the «bad guys», if you like.

You talk about threat intelligence and open source platforms. Can you explain more about these?

There are various platforms – such as MISP or Open Threat Exchange – on which ethical hackers, as well as companies, can exchange information on potential dangers. One example is MELANI-NET, on which an exchange of information on critical infrastructures, such as hospitals, the SBB or banks, takes place every day.

Source and full article : armasuisse S+T

EPFL EVENT 3.11.20: Cyber Threat & Technology Intelligence @EPFL SwissTech Center


Due to the Coronavirus pandemic, we switched to a hybrid mode, meaning that participants will also have the option to attend the conferences online at

Criminal hackers have a long history of sharing experiences, tools, and vulnerabilities; this has contributed to the success of major cyberattacks. The goal of this conference is to explore various measures to make cooperation, information sharing and collective intelligence also effective on the defender side.

As early as twenty years ago, the first Information Sharing and Analysis Centers (ISACs) were established as a central resource for sharing information on cyber threats to critical infrastructure. In the same vein, threat intelligence platforms help organizations aggregate, correlate, and analyze threat data from multiple sources in (almost) real-time to support defensive actions. Open source solutions have also been proposed as a counterweight to «black-hat» hackers successfully working together, for instance the Malware Information Sharing Platform (MISP) or the Open Threat Exchange (OTX), a crowd-sourced computer-security platform.

The Cyber Threat Intelligence (CTI) discipline, based on intelligence techniques and methods, aims to collect and filter all relevant information from the cyberspace, in order to draw up portraits of attackers, threats or technological trends (sectors of activity affected, methods used, etc.). CTI sources include open source intelligence, social media intelligence, human Intelligence, technical intelligence or intelligence from the deep and dark web. Thus, the tools used by large Security Operations Centers (SOCs), produce hundreds of millions of events per day, from endpoint and network alerts to log events, making it difficult to filter down to a manageable number of suspicious events for triage.

All in all, this profiling enables early detection of cyberattacks and better anticipation of cyber-risks. However, a proper threat intelligence approach should be complemented by technology intelligence, an activity that enables organizations to monitor and forecast the technological opportunities and threats that could affect the future growth and survival of their business. As emphasized by the National strategy for the protection of Switzerland against cyber risks (NCS, 2018-2022), an early identification of technological trends constitutes an important aspect for developing the Swiss cyber-defence. In that respect, the armasuisse CYD Campus cordially invites all stakeholders to bridge the gaps between academia, the industry, and governmental organizations working in the field of cyber-defence.

Registration Chair: Monia Khelifi

Program Chair: Dr. Alain Mermoud

Conference Fee: CHF 100.- one day, CHF 200.- both days, free of charge for students and government employees

Please note your will have to wear a mask except if you eat at a table (more information in the attached security concept).

More information and subscription: Armasuisse CYD Campus

Conférence sur la veille technologique et scientifique du 1er octobre 2020 à l’EPFL

Swissintell Event EPFL

Notre dernier événement consacré à la veille technologique dans les locaux du Cyber-Defence Campus à l’Innovation Park de l’EPFL fut un succès en cette période si particulière. Les mesures de l’OFSP et les mesures cantonales de lutte contre le coronavirus ayant été respectées, nous avons pu discuter des défis de la veille technologique appliquée aux domaines militaires et cyber.

La soirée a commencé par une introduction et une présentation du Cyber-Defence Campus par notre Président, le Dr. Alain Mermoud. Ensuite, il nous a proposé une démonstration de l’outil de veille technologique TMM (Technology & Market Monitoring) développé par armasuisse S+T.

Ensuite, Kilian Cuche a présenté les résultats de sa thèse de master consacrée à l’analyse des besoins en veille technologique des parties prenantes de la cyberdéfense fédérale. Un aperçu de sa présentation est disponible dans l’espace réservé aux membres de Swissintell.

Swissintell Event EPFL

Pour continuer, le Dr. Dimitri Percia David, nous a donné un aperçu de ses futurs travaux de recherche dans le cadre de son post-doc en collaboration avec l’UNIGE. Ses travaux se concentreront sur la détection de tendance technologique en scientifisant la courbe de Gartner ainsi que sur un algorithme de Ranking des technologies basé sur des méthodes d’intelligence artificielle.

Swissintell Event EPFL

Pour terminer, le Dr. Quentin Ladetto nous a présenté son programme de prospective technologique DEFTECH ainsi que ses différentes expérimentations d’utilisation de wargaming afin de prévoir des scénarios futuristes pour les forces armées. Les slides sont disponibles sur demande auprès de l’orateur.

Swissintell Event EPFL

La soirée s’est terminée de façon conviviale par des échanges et du réseautage autour d’un verre.