Bruno Kerouanton, CISO of the Republic and Canton of Jura, Switzerland

Bruno, you're CISO of the Republic and Canton of Jura in Switzerland. Could you tell us a bit about your job and what a typical day involves?

Sure. As Chief Security Officer for cybersecurity I’m involved in ensuring security of the state. That means we have mostly 100 locations and 400 applications, for example schools, healthcare industry, roads, taxes, police and so on. So the perimeter I have to secure is quite broad. The problem we have is that I have to check all the risks involving this perimeter and also understand the needs of the business, because every business has different needs. So we have to match guidelines also from the Swiss Confederation, and ISO 27001 standards, to define policies and roles. So that’s my main job and that takes a lot of time because we have to be compliant.You also work with the Swiss National Security Network. What does that involve?

The Swiss National Security Network is aiming for coordination between Swiss cantons and the federal services, in case of attacks for example. It’s not related to the war state, it’s just during peace time, but we’re trying to coordinate all the cyberattacks and cyberdefence, to understand how to better improve our responsiveness for that.

How do you find the coordination aspect? Is it very challenging?

It’s very challenging because we have a mixed environment involving private companies, like for example energy providers, and also public companies, transportation and so on. And the coordination has to be made for global response, so that’s interesting.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

For my part, my challenge is to try to learn German! Because all the talks are in German.

Last point as well: we have yearly exercises, and simulations of attacks, and so on. So that’s important. Last autumn we had some exercises with simulation of cyberattacks on the power plants, linked to a big flu epidemic, so that was very complex. It also involved hospitals and… well, everybody. It was complex.

There's been a lot of discussion at DFRWS about law enforcement working together with academics and corporate to combat cybercrime. Do you think this is important, and if so, how do you think we can encourage it?

Yes it’s very important to have academic research in this area, because cybercriminals are always improving their methods, and most governments don’t have time to investigate new ways of fighting cybercrime and conducting investigations. We also have new technologies coming, like smart TVs and everything, that improves month after month. The issue we have is starting to be able to understand those new technologies. So definitely, if research is going further, that’s important for us.

As well as all of your other jobs, you lecture in IT security. What are some of the most common misconceptions you see from new students?

Most of the time IT security is not very well-known, because they mostly just focus on the high-level parts, and you have to think about global issues. For example most people I teach are developers, so they don’t think about all the political issues that we have when we do our policies. And that’s important, we have to take that into account. Security must be safe, must be good, strong, but we cannot prevent a user from working. So we have to make some decisions like that, and that’s the most important misconception about this.

The second one is to be able to understand all the implications in terms of low-level. For example when you think about e-voting, that’s a concept, a mathematical concept, you can just decline that using software, but you have to think about using all the low-level implications, that you could fake the hardware, for example. And most students also don’t know this, because they were not taught about that.

Do you think that teaching of IT in schools is in need of improvement?

The problem is that there are two levels; you have to teach IT for everybody, every citizen, but that’s not very simple. And then when you focus on IT students, I guess there’s a lack of teaching in some specific fields, like understanding exactly how a computer is working, for example. That’s important in terms of digital forensics. Because forensics is low-level most of the time. So if you don’t understand how the system is working – the inner workings – that’s bad, because you can just miss understanding how the problem is set up.

In your opinion, what is the “next big thing” in digital forensics?

I guess it will be big data. I don’t like the term, I hate the term in fact. It’s all marketing, you know. But big data for me is important, because now we are able to use statistics and predictive analyses, which is very useful also in terms of forensics. For example, now if we want to have a case and to seize hard drives, the problem is that it could be virtual systems using maybe tens of thousands of hard drives, so it’s just impossible to copy them. The only way to check that is using big data and statistical methods. So yes, that’s the next step, I guess. But personally, I don’t like that.

Finally, you're part of the Club des Vigilants. Could you tell us a bit about this?

Sure. That’s not IT-related, that’s a French think tank. We are discussing global things about how to enhance society for the benefit of everybody.

Bruno Kerouanton is CISO of the Republic and Canton of Jura in Switzerland, directing the IT security strategy and operations for the region. He is also an Honorary Consul of France, a teacher of IT security and a volunteer fireman. Bruno is also part of the Club des Vigilants, a French think tank about global security.

Forensic Focus interviewed Bruno at DFRWS, the annual Digital Forensics Research Workshop, which took place in Dublin from the 23rd-26th of March. The next workshops will be held in Philadelphia in August 2015, and Switzerland in March 2016. You can find out more and register here.

Leave a Comment

Latest Videos

In this episode of the Forensic Focus podcast, Si and Desi explore how artificial intelligence is being leveraged to uncover crucial evidence in investigations involving child sexual abuse material (CSAM) and examine the importance of exercising caution when implementing these tools. 

They also discuss a recent murder case in which cyber experts played a vital role in securing a conviction, and explore the unique challenges associated with using digital evidence as an alibi.

Show Notes:

A Practitioner Survey Exploring the Value of Forensic Tools, AI, Filtering, & Safer Presentation for Investigating Child Sexual Abuse Material (CSAM) - https://dfrws.org/wp-content/uploads/2019/06/2019_USA_paper-a_practitioner_survey_exploring_the_value_of_forensic_tools_ai_filtering_safer_presentation_for_investigating_child_sexual_abuse_material_csam.pdf

Man charged with NI murder ‘faked live stream to provide alibi’ (The Guardian) - https://www.theguardian.com/uk-news/2023/feb/02/man-charged-with-ni-faked-live-stream-to-provide-alibi

A YouTuber accused of murder faked a 6-hour livestream to produce an alibi (Sportskeeda) - https://www.sportskeeda.com/esports/news-a-youtuber-accused-murder-faked-6-hour-livestream-produce-alibi

European Interdisciplinary Cybersecurity Conference (EICC) 2023 - https://www.forensicfocus.com/event/european-interdisciplinary-cybersecurity-conference-eicc-2023/#more-493234

YouTuber reportedly faked GTA livestream to have an alibi while he committed murder (Dexerto) - https://www.dexerto.com/entertainment/youtuber-reportedly-faked-gta-livestream-to-have-an-alibi-while-he-committed-murder-2052974/

Forensic Europe Expo - https://www.forensicfocus.com/event/forensic-europe-expo/#more-493225

In this episode of the Forensic Focus podcast, Si and Desi explore how artificial intelligence is being leveraged to uncover crucial evidence in investigations involving child sexual abuse material (CSAM) and examine the importance of exercising caution when implementing these tools.

They also discuss a recent murder case in which cyber experts played a vital role in securing a conviction, and explore the unique challenges associated with using digital evidence as an alibi.

Show Notes:

A Practitioner Survey Exploring the Value of Forensic Tools, AI, Filtering, & Safer Presentation for Investigating Child Sexual Abuse Material (CSAM) - https://dfrws.org/wp-content/uploads/2019/06/2019_USA_paper-a_practitioner_survey_exploring_the_value_of_forensic_tools_ai_filtering_safer_presentation_for_investigating_child_sexual_abuse_material_csam.pdf

Man charged with NI murder ‘faked live stream to provide alibi’ (The Guardian) - https://www.theguardian.com/uk-news/2023/feb/02/man-charged-with-ni-faked-live-stream-to-provide-alibi

A YouTuber accused of murder faked a 6-hour livestream to produce an alibi (Sportskeeda) - https://www.sportskeeda.com/esports/news-a-youtuber-accused-murder-faked-6-hour-livestream-produce-alibi

European Interdisciplinary Cybersecurity Conference (EICC) 2023 - https://www.forensicfocus.com/event/european-interdisciplinary-cybersecurity-conference-eicc-2023/#more-493234

YouTuber reportedly faked GTA livestream to have an alibi while he committed murder (Dexerto) - https://www.dexerto.com/entertainment/youtuber-reportedly-faked-gta-livestream-to-have-an-alibi-while-he-committed-murder-2052974/

Forensic Europe Expo - https://www.forensicfocus.com/event/forensic-europe-expo/#more-493225

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_7QiFTiuY7Vw

AI In CSAM Investigations And The Role Of Digital Evidence In Criminal Cases

Forensic Focus 22nd March 2023 12:44 pm

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_g6nTjfEMnsA

Tips And Tricks Data Collection For Cloud Workplace Applications

Forensic Focus 20th March 2023 12:00 pm

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...