Dec 14 2015 A new cybersecurity toolkit encourages cross-sector, multidisciplinary collaboration

In the past few years, several industry and government leaders have called for collaborative approaches to improving cybersecurity. Reports like IBM’s “Forging Connections to Improve Cybersecurity Education” highlight the need for collaboration to address this increasingly prevalent and complex issue. “There is a significant need for a common language of information security, not within the technical discipline, but between government, academia, and different industries,” detailed the report. With a growing consensus that increased collaboration is necessary to improve cybersecurity, the Center for a New American Security (CNAS) took the next step to make this a reality. In a recent op-ed entitled “Cybersecurity collaboration needs a toolkit. So we built a prototype,” Ben FitzGerald and Alexandra Sander of CNAS highlight the challenges faced by cybersecurity professionals and present a new toolkit that can benefit the industry by encouraging collaboration between traditionally siloed disciplines and sectors.

“It’s this realization that we cannot develop and sustain all our cybersecurity needs within any single organization that drives the need for collaboration,” FitzGerald and Sander explained. This was the impetus for CNAS to create a toolkit that can be used by cross-sector professionals to catalyze and improve collaboration. The toolkit encourages users to “take a deeper look at the relationships within and between their organization and wider networks, [and] their interests and values.” One example of a potential real-life use for cybersecurity collaboration is between financial institutions and the government. Financial institutions continue to suffer from cyberattacks despite their technical skills and specialized capabilities because they lack “the political or legal means necessary to hold attackers accountable.”

“It’s this realization that we cannot develop and sustain all our cybersecurity needs within any single organization that drives the need for collaboration.”

The toolkit is broken down into several sections that walk cybersecurity professionals through how to communicate clearly, collaborate effectively, and develop a common understanding of both the immediate and long-term threats they face. While some of the tactics it presents are issue-specific, much of their advice aligns with our Toolkit, which is a resource for cross-sector partners involved in any issue. The cybersecurity toolkit’s Issue Scoping Chart, for example, leads users through visualizing various stakeholders’ interests to see where they may align or diverge so “users can identify areas of natural conflict and cooperation.” This “forms a basis for assessing what … solutions will be required; with whom the user should seek to collaborate; and on what common interests collaboration can be founded,” which closely aligns with our tactic Engage Potential Partners.

The toolkit also asks several questions of the user to stimulate crucial discussion among internal and external stakeholders about the potential of collaboration. For example, partners should ask, “What stakeholders have expertise in areas where we identified gaps and vulnerabilities? Can partnerships be established to learn from their expertise?” which encourages partners to Account for Resources.

FitzGerald and Sander note that while collaboration may seem to be a common sense solution to problems in the cybersecurity industry, it “is far from common practice.” With the contribution of a toolkit that provides actionable advice to help users collaborate, CNAS is helping professionals create broader, more effective solutions to a complex problem.