Since our founding last year, we’ve been busy. Our membership has more than doubled by growing from six to seventeen members; sharing on the platform has increased in terms of total volume and in the amount of context included; and we have built up our staff to support the mission. We’ve made our first forays into policy work by providing comments on the NIST Cybersecurity Framework revision and the draft Countering Botnet report; we’ve sponsored an event in Washington, D.C. with the Coalition for Cybersecurity Policy and Law. And we’ve enabled our members to improve their response to major incidents, like WannaCry and NotPetya.
In support of this work, over the last few months we have released a series of blog posts entitled “Smarter Cybersecurity Thinking.” Our goal was to introduce different ways of thinking about cybersecurity to ultimately make our digital ecosystem more secure and resilient. As we’ve said before, “With the right mindset and a holistic strategy in place, we can start to build the right tools, enact effective policies, and establish the needed collaborations to tackle our cybersecurity challenges over the long-term.”
Now, in this blog, we want to talk about how all this work and thought leadership comes together. CTA has its own strategy in place that encompasses three objectives to improve global cybersecurity: Protect, Disrupt, and Elevate. Here’s what our strategy and objectives look like:
- Protect End Users: Our platform allows CTA members to share, validate, and deploy actionable threat intelligence to their end-users in near-real time at speed and scale. When our members share and deploy these protections, their products and services improve and, in turn, their customers are better off. In most cases, as a consumer or enterprise user, you don’t even have to do anything more than use their services to reap these benefits.
- Disrupt Malicious Actors: CTA’s threat sharing enhances collective defenses and forces malicious cyber actors to invest time and money in new infrastructure and procedures – and not in carrying out malicious activity. Our information sharing gives network defenders the ability to disrupt adversary activity at multiple points along the kill chain. When significant cyber incidents do occur, our members stand ready to share information in multiple ways, so they can more effectively protect their customers from the emerging threat. Woven together, these actions can begin to undermine the bad guys’ business models.
- Elevate Overall Security: As a result of CTA members sharing information, each member can independently address cyber threats by improving products and services, better protecting customers, more systematically disrupting adversaries, and competing more vigorously. Further, CTA emphasizes a new way of thinking about cybersecurity that is more effective – that cybersecurity is not a technical issue, but one that must focus on holistic risk management efforts across an organization. Finally, CTA promotes best practices and policy efforts for network defenders. Combined, all these actions will elevate the security of the entire global digital ecosystem.
The Front-line of Cyberspace
Cybersecurity companies, cloud service providers, telecommunications companies, and similar organizations are on the “front-line” of cyberspace. They own and operate the security infrastructure, they manage the security products for their end-users, and they often have the greatest insight into the issues, especially when they share information.
CTA makes information sharing – and action necessary for improving cybersecurity – a reality. We’re focused on building a more defensible cyberspace, as envisioned by the New York Cyber Task Force, which means we will always look for approaches that offer network protection at speed and scale, giving the advantage to the defenders and taking it away from the attackers.
But we can’t do this alone. We encourage cybersecurity companies that meet our criteria to consider membership in CTA. We also encourage partners in cybersecurity, such as government network defenders, computer emergency response teams, or academics to become contributing allies. We believe that CTA is the next operational innovation that will improve our overall approach to cybersecurity and provide the leverage we need to succeed against malicious cyber actors. As we move forward, we will provide updates and links to joint analysis that can help disrupt our adversaries, and we will seek feedback on the work we are doing. Look out for future blog posts that describe CTA’s approach to cybersecurity. In many ways, we are looking to rewrite the book on cybersecurity, this time focusing on using threat intelligence sharing as the foundation.
All for the greater good.