Security Collaboration – How do you Start?

(Last Updated On: December 20, 2018)

We see weekly post, pontifications, announces, and proclamations about the need for greater security collaboration. Many times, the organizations and groups who are posting these “aspirations” fail to take the collaboration to the next step. They are not sure how to break into productive security collaboration.

In the security community, “productive security collaboration” is built on Trust. The people you work with on a security incident requires trust. They are granted access to incident data which could hurt your organization, other organizations, or the integrity of the investigation. Building trusted security relationships and communications is critical to productive security collaboration.

Can we build a trusted security collaboration? Yes, there is over two decade of “Trust-Group” history. Some of the groups are public. The Conficker Working Group is one example. The vast majority of these security Trust-Groups are private and confidential. They focus on cross-industry collaboration. They work on the “industry investigations” that later lead to law enforcement investigations. We have groups like the National Cyber-Forensics and Training Alliance (NCFTA) which builds Law Enforcement Trust Groups between police all over the world … then connects those Trust-Groups to industry Trust-Groups. Add to this “Trust-Groups” build by Forum of Incident Response and Security Teams (FIRST), the Anti-Phishing Working Group (APWG), the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG), and all the Information Sharing and Analysis Centers (ISACs) in the world.

Take Note! Security and law enforcement professions in “Trust-Groups” have been battling Threat-Actors launching cybercrime for decades. We always get new enthusiasm coming into the cybersecurity space. Great! We have big problems and need more people! But, do not think nothing is going on. There is a lot of security sharing, security communications, security investigations, and security action (i.e., arrest).

New Guides for Effective Security Communications

But, we need more. We need more organizations to build their own productive trust security communications. Enter the National Cyber Security Centre (NCSC). NCSC is the central information hub and cente of expertise for cybersecurity in the Netherlands. NCSC is also one of our oldest national Computer Emergency Response Teams (CERT) with a very long history of trusted security collaboration.

NCSC is an organization which is always working on security-resiliency empowerment. They continue that with guides to start your own trusted security collaboration:

These guides are very valuable to any organization who is building a security trust-group to help with their incident, investigation, or any other security activity. As the NCSC points out …

In recent years many successful collaborations are created by NCSC-NL and its partners within the government and Dutch vital infrastructure. The Dutch approach to public-private cooperation is unique and is built upon three important core values: trust, shared interests and equality. We believe public-private cooperation is crucial to increase the digital resilience of society. Collaboration with other organisations is essential to take the next step in strengthening the resilience of your organisation. These lessons learned form the basis of these guides.

National Cyber Security Centre (NCSC)

What’s Next?

Thanks to NCSC for sharing their experiences with the world. Now organizations, corporations, and governments have a tool to move from the security aspirations stage to a security actions stage.

If you have questions around all of this, please feel free to contact me (see below) OR contact NCSC. The NCSC Team has a history of helping to empower others.

Need Security Advice?

If you find your organization needs help and worry about the FUD from the industry, reach out and ask for help. You can reach me at bgreene@senki.org. Help organizations leverage the talent around them to get started with their security activities. Start with the Operator’s Security Toolkit. It is the no-nonsense security for all Operators. It provides details to help them build more security resilient networks. In the meantime, stay connected to the Senki Community to get updates on new empowerment and security insights. You can sign up to the mailing list for updates here: Stay Connected with Senki’s Updates.