Security Collaboration – How do you Start?
We see weekly post, pontifications, announces, and proclamations about the need for greater security collaboration. Many times, the organizations and groups who are posting these “aspirations” fail to take the collaboration to the next step. They are not sure how to break into productive security collaboration.
In the security community, “productive security collaboration” is built on Trust. The people you work with on a security incident requires trust. They are granted access to incident data which could hurt your organization, other organizations, or the integrity of the investigation. Building trusted security relationships and communications is critical to productive security collaboration.
Can we build a trusted security collaboration? Yes, there is over two decade of “Trust-Group” history. Some of the groups are public. The Conficker Working Group is one example. The vast majority of these security Trust-Groups are private and confidential. They focus on cross-industry collaboration. They work on the “industry investigations” that later lead to law enforcement investigations. We have groups like the National Cyber-Forensics and Training Alliance (NCFTA) which builds Law Enforcement Trust Groups between police all over the world … then connects those Trust-Groups to industry Trust-Groups. Add to this “Trust-Groups” build by Forum of Incident Response and Security Teams (FIRST), the Anti-Phishing Working Group (APWG), the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG), and all the Information Sharing and Analysis Centers (ISACs) in the world.
Take Note! Security and law enforcement professions in “Trust-Groups” have been battling Threat-Actors launching cybercrime for decades. We always get new enthusiasm coming into the cybersecurity space. Great! We have big problems and need more people! But, do not think nothing is going on. There is a lot of security sharing, security communications, security investigations, and security action (i.e., arrest).
New Guides for Effective Security Communications
But, we need more. We need more organizations to build their own productive trust security communications. Enter the National Cyber Security Centre (NCSC). NCSC is the central information hub and cente of expertise for cybersecurity in the Netherlands. NCSC is also one of our oldest national Computer Emergency Response Teams (CERT) with a very long history of trusted security collaboration.
NCSC is an organization which is always working on security-resiliency empowerment. They continue that with guides to start your own trusted security collaboration:
- Start your own cybersecurity collaboration
- Security Cooperation
- I would like to start a collaboration
- I would like to strengthen my collaboration
- International collaboration
- National Detection Network
These guides are very valuable to any organization who is building a security trust-group to help with their incident, investigation, or any other security activity. As the NCSC points out …
In recent years many successful collaborations are created by NCSC-NL and its partners within the government and Dutch vital infrastructure. The Dutch approach to public-private cooperation is unique and is built upon three important core values: trust, shared interests and equality. We believe public-private cooperation is crucial to increase the digital resilience of society. Collaboration with other organisations is essential to take the next step in strengthening the resilience of your organisation. These lessons learned form the basis of these guides.
National Cyber Security Centre (NCSC)
What’s Next?
Thanks to NCSC for sharing their experiences with the world. Now organizations, corporations, and governments have a tool to move from the security aspirations stage to a security actions stage.
If you have questions around all of this, please feel free to contact me (see below) OR contact NCSC. The NCSC Team has a history of helping to empower others.
[This article was originally published on www.senki.org.]