December 04, 2015

Opinion: Cybersecurity collaboration needs a toolkit. So we built a prototype

Financial sector institutions from the US and Britain tested their cybersecurity cooperation last month in a joint exercise, dubbed operation Resilient Shield. The table-top exercise focused on transatlantic collaboration in areas including information sharing, incident response, and public communications across a variety of government agencies and financial sector institutions.

The exercise represents a positive step forward in our approaches to cybersecurity. But this level of partnership will need to become routine if we hope to mitigate our myriad cybersecurity vulnerabilities.

As a maturing and multidisciplinary field, cybersecurity includes specializations within a wide variety of domains. However, there is a clear disconnect between the specialist capabilities within government agencies and businesses and our collective ability to arrange those capabilities to improve overall cybersecurity. In a field that values specialization, there are few market incentives to drive collaboration. Yet the ubiquity of information technology, and therefore cyber-insecurity, demands that we develop holistic solutions, necessitating collaboration at scale.

This is the impetus behind the Center for a New American Security’s NextWare Sessions project, which examined how both public and private sector organizations might think about collaborating for improved cybersecurity. Rather than draft a report simply stating that collaboration is important, we decided to create a prototype, web-based toolkit that provides cybersecurity experts methods to jump-start more comprehensive and multidisciplinary cooperation.

The NextWare Cybersecurity Collaboration Toolkit helps users understand the broad landscape of cyberthreats and encourages them to take a deeper look at the relationships within and between their organization and wider networks, their interests and values, and potential attackers’ incentives and motivations.

Analyzing the cyberthreat landscape through this lens not only encourages common understanding among the various groups involved in implementing cybersecurity solutions, but also provides these same groups with a clearer picture of where vulnerabilities and opportunities for partnerships exist. For example, advance coordination between technical and legal teams could identify possible vulnerabilities to new cyberthreats resulting from partnerships with third parties and mitigate the threat before attacks become a problem. Establishing this type of communication and collaboration works to address the disconnect between available specialist capabilities and the narrow selection of solutions that are applied in practice.

While this might appear to be a common sense solution to an obvious problem, cybersecurity collaboration is far from common practice. The purpose of the methods presented in the Toolkit is to provide an easy set of steps through which action that is deemed to be common sense can be pragmatically implemented as common practice, at scale. The Toolkit itself, as a prototype, is intended to spark demand for more robust collaboration tools and methods.

Exploring and adopting collaborative cybersecurity methods is important even to organizations already allocating significant resources to sophisticated cybersecurity strategies. Financial institutions, for example, continue to suffer extensive damage from cyberattacks in spite of employing advanced technical means to improve their defensive and forensic capabilities.

Their weakness lies in the lack of coordination between these technical capabilities and the political or legal means necessary to hold attackers accountable. This was clearly the case when US banks had no recourse against Iran in the wake of the 2011-12 distributed denial of service attacks in spite of knowing where the attacks originated. This issue is a symptom of insufficient integration between cybersecurity specializations.

While it is clear that collaboration can help address these types of issues, the lack of obvious integration points between cybersecurity specializations and few market incentives for collaboration perpetuate the status quo. The result is a security environment dominated by technical capabilities that can only provide limited, short-term solutions. 

The 2014 Sony Pictures Entertainment hack also provides a clear example of how poor implementation of cybersecurity capabilities can exacerbate the impacts of a cyberattack.

Having reached out to experts at McLarty Associates and Rand Corporation months before the hack, Sony Pictures leadership and filmmakers Seth Rogen and Evan Goldberg were aware North Korea might respond to "The Interview" with a cyberattack. When the attack happened, it was clear that Sony had not taken advantage of this forewarning.

Their haphazard response indicated Sony had neither implemented additional cybersecurity measures nor had they considered the breadth of consequences that could be caused by such an attack. Sony’s lack of preparation, narrow point of view, and therefore ill advised responses to a state based cyber attack ultimately provoked President Obama to say on national television, “I wish they had spoken to me first.” 

In short, given the complexity of the cyberthreat and the required response and mitigation efforts, the required team and capabilities Sony needed to bring to bear would have been incredibly difficult to assemble and prohibitively expensive to maintain.

It's this realization that we cannot develop and sustain all our cybersecurity needs within any single organization that drives the need for collaboration. The NextWare Cyber Collaboration Toolkit provides a starting point that we hope will incite more collaborative action within the field of cybersecurity and the development of more sophisticated tools.

Our prototype toolkit is humble in scope and needs to be extended and deepened. We have therefore released all our work as an open-source resource designed to be easily adapted and enhanced – the site operates under a creative commons license and all source code is available on our GitHub page. We encourage you to use, improve upon the Toolkit, and share your work with us and the rest of the cybersecurity community. 

Ben FitzGerald is a senior fellow and director of the Technology and National Security Program at the Center for a New American Security. Follow Ben on Twitter @benatworkdc.

Alexandra Sander is a research associate with the Technology and National Security Program at the Center for a New American Security.