Modern field guide to security and privacy

Opinion: Cybersecurity collaboration needs a toolkit. So we built a prototype

Instead of drafting yet another report saying collaboration is important for improving cybersecurity, we built a prototype, Web-based toolkit that provides cybersecurity pros a way to start more multidisciplinary cooperation.


Financial sector institutions from the US and Britain tested their cybersecurity cooperation last month in a joint exercise, dubbed operation Resilient Shield. The table-top exercise focused on transatlantic collaboration in areas including information sharing, incident response, and public communications across a variety of government agencies and financial sector institutions.

The exercise represents a positive step forward in our approaches to cybersecurity. But this level of partnership will need to become routine if we hope to mitigate our myriad cybersecurity vulnerabilities.

As a maturing and multidisciplinary field, cybersecurity includes specializations within a wide variety of domains. However, there is a clear disconnect between the specialist capabilities within government agencies and businesses and our collective ability to arrange those capabilities to improve overall cybersecurity. In a field that values specialization, there are few market incentives to drive collaboration. Yet the ubiquity of information technology, and therefore cyber-insecurity, demands that we develop holistic solutions, necessitating collaboration at scale. 

This is the impetus behind the Center for a New American Security’s NextWare Sessions project, which examined how both public and private sector organizations might think about collaborating for improved cybersecurity. Rather than draft a report simply stating that collaboration is important, we decided to create a prototype, web-based toolkit that provides cybersecurity experts methods to jump-start more comprehensive and multidisciplinary cooperation.

The NextWare Cybersecurity Collaboration Toolkit helps users understand the broad landscape of cyberthreats and encourages them to take a deeper look at the relationships within and between their organization and wider networks, their interests and values, and potential attackers’ incentives and motivations.

Analyzing the cyberthreat landscape through this lens not only encourages common understanding among the various groups involved in implementing cybersecurity solutions, but also provides these same groups with a clearer picture of where vulnerabilities and opportunities for partnerships exist. For example, advance coordination between technical and legal teams could identify possible vulnerabilities to new cyberthreats resulting from partnerships with third parties and mitigate the threat before attacks become a problem. Establishing this type of communication and collaboration works to address the disconnect between available specialist capabilities and the narrow selection of solutions that are applied in practice.

While this might appear to be a common sense solution to an obvious problem, cybersecurity collaboration is far from common practice. The purpose of the methods presented in the Toolkit is to provide an easy set of steps through which action that is deemed to be common sense can be pragmatically implemented as common practice, at scale. The Toolkit itself, as a prototype, is intended to spark demand for more robust collaboration tools and methods.

Exploring and adopting collaborative cybersecurity methods is important even to organizations already allocating significant resources to sophisticated cybersecurity strategies. Financial institutions, for example, continue to suffer extensive damage from cyberattacks in spite of employing advanced technical means to improve their defensive and forensic capabilities.

Their weakness lies in the lack of coordination between these technical capabilities and the political or legal means necessary to hold attackers accountable. This was clearly the case when US banks had no recourse against Iran in the wake of the 2011-12 distributed denial of service attacks in spite of knowing where the attacks originated. This issue is a symptom of insufficient integration between cybersecurity specializations.

While it is clear that collaboration can help address these types of issues, the lack of obvious integration points between cybersecurity specializations and few market incentives for collaboration perpetuate the status quo. The result is a security environment dominated by technical capabilities that can only provide limited, short-term solutions. 

The 2014 Sony Pictures Entertainment hack also provides a clear example of how poor implementation of cybersecurity capabilities can exacerbate the impacts of a cyberattack.

Having reached out to experts at McLarty Associates and Rand Corporation months before the hack, Sony Pictures leadership and filmmakers Seth Rogen and Evan Goldberg were aware North Korea might respond to "The Interview" with a cyberattack. When the attack happened, it was clear that Sony had not taken advantage of this forewarning.

Their haphazard response indicated Sony had neither implemented additional cybersecurity measures nor had they considered the breadth of consequences that could be caused by such an attack. Sony’s lack of preparation, narrow point of view, and therefore ill advised responses to a state based cyber attack ultimately provoked President Obama to say on national television, “I wish they had spoken to me first.” 

In short, given the complexity of the cyberthreat and the required response and mitigation efforts, the required team and capabilities Sony needed to bring to bear would have been incredibly difficult to assemble and prohibitively expensive to maintain. 

It's this realization that we cannot develop and sustain all our cybersecurity needs within any single organization that drives the need for collaboration. The NextWare Cyber Collaboration Toolkit provides a starting point that we hope will incite more collaborative action within the field of cybersecurity and the development of more sophisticated tools.

Our prototype toolkit is humble in scope and needs to be extended and deepened. We have therefore released all our work as an open-source resource designed to be easily adapted and enhanced – the site operates under a creative commons license and all source code is available on our GitHub page. We encourage you to use, improve upon the Toolkit, and share your work with us and the rest of the cybersecurity community. 

Ben FitzGerald is a senior fellow and director of the Technology and National Security Program at the Center for a New American Security. Follow Ben on Twitter @benatworkdc.

Alexandra Sander is a research Research associate with the Technology and National Security Program at the Center for a New American Security.



You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to

QR Code to Opinion: Cybersecurity collaboration needs a toolkit. So we built a prototype
Read this article in
QR Code to Subscription page
Start your subscription today