The panel, consisting of Miguel De Bruycker (Managing Director General at the Centre for Cybersecurity Belgium), Bart Asnot (National Security Officer at Microsoft Belgium), Ilias Chantzos (Global Privacy Officer and Head of EMEA Government Affairs at Broadcom Inc.), Alex Vandurme (Head of NATO Cyber Security Centre Cyber Hygiene Branch) and Bart Preneel (Professor in KU Leuven’s COSIC research group), was moderated by Sujin Chan Allen (General Counsel at NATO’s NCI Agency).
In a world where a cyberattack occurs every 39 seconds, threat intelligence sharing has never been more urgent. At its core, threat intelligence revolves around one critical question: how can we ensure optimal sharing of cyber threat information and data between all involved stakeholders? “This has been an issue for more than 25 years,” explained Ilias Chantzos, underscoring not only the importance of this process for the industry, but also its role as a driver of progress. “We must share intelligence as effectively as possible, because the ‘dark side’ is continually doing so – and advancing because of it,” added Bart Preneel.
“Trust and transparency are fundamental: people need to know you and understand what you do. That’s why, in a sector that operates primarily online, in-person connections – for example, through networking events and gatherings – are more important than ever,” continued Miguel De Bruycker. However, he added that in the realm of threat intelligence sharing, you must accept that those providing information will never disclose everything they know.
Bart Asnot agreed: “The human element is fundamental. We need to learn to understand each other’s language, and together determine how to navigate the existing context and regulations.”
Regulation and complexity go hand in hand
As the panellists pointed out, while regulations are crucial for setting standards, they also add complexity, especially for smaller businesses. So, how can the right balance be achieved? “One could argue that every new regulation or legislation, whether it’s the GDPR or NIS2, is an attempt to formalise the process of information sharing,” Ilias Chantzos pointed out. “The result is that the organisation’s legal team is now often putting the brakes on information sharing, while technical teams like engineers are eager to share more.”
The downside of increasingly strict laws and initiatives around information-sharing requirements is slower progress in cyber security. “For a small-business-focused country like Belgium, compliance with these laws is an even greater challenge,” noted Bart Asnot. “Moreover, increased obligations undermine a core advantage of the digital world – the ease of cross-border collaboration – often without fully revealing one’s identity. So is it desirable or feasible to completely reverse this logic?” Bart Preneel responded.
The greater good
This tension resonated with the other panellists. “In my experience, sometimes you simply have to dare to share data, even if not required by regulations. It’s a matter of give and take, where we must always keep the greater good in mind. Ultimately, it’s about risk management,” Alex Vandurme added, highlighting the growing complexity surrounding information sharing. “Technological innovations, including those from academia, can be a great help here. “Take encryption, for example—it ensures confidentiality while enabling information sharing without exposing critical data, thanks to advanced encrypted computing techniques,” Bart Preneel chimed in.
A further complication is Europe’s position as the strictest regulator – a well-known reality that clearly affects businesses. “In this whole debate, it’s crucial to keep the true purpose of these actions at the forefront. We can encrypt and secure data all we want, but the real question is what we ultimately aim to do with it,” concluded Ilias Chantzos.