The cyber threat is not a figment of the imagination and is no longer discussed as a hypothesis but as a certainty. The catastrophe appears day after day through shocking publications: data breaches, spear phishing, ransomware and soothing crisis declarations: “We have the situation under control and we are investigating”; “We have called in the best experts”; “The measurement of the impact shows that the company’s lifeblood is not affected”; or “No data has been impacted.”
Companies have of course added the risk of cyberattack to their governance panel. They have undertaken organisational reform and recruited suitable profiles, including managers responsible for defending information and assets against these cyber threats, usually in conjunction with teams of experts.
The CISO is the primary point of contact for cybersecurity within their company and private or public organisation, the person to whom everyone turns. They are responsible for understanding the threats, defining the right strategies, implementing the right tactics, and sometimes leading the operations to keep their company or entity safe from cyber risk.
It is true that solution publishers, suppliers, and experts in the field have developed technical tools to meet the challenges, and a certification and labelling process to qualify the most reliable solutions for military or state use, or for the categories of companies likely to participate in the resilience of the nation. Finally, for some working in a collective approach, norms, best practices, methods, and standards have become essential.
With everyone being aware of the risk, having taken the measure of the threat, and having implemented (as much as possible) the best practices, is everything perfect?
Everything should be perfect, like the work of a craftsman who, with the passage of time, refines his skills and achieves excellence. Unfortunately this is not the case. In a competitive environment that is becoming global and tougher, crisis after crisis, the situation is changing. Among other points of weakness that facilitate cyber threats, companies are becoming more complex, larger, or are merging, their vigilance may be lowered, their risk appetite may be too high, and IT tools may become obsolete (they are not always reliable but are increasingly vulnerable).
Just as the Maginot Line did not have the expected decisive effect, here, the sharpest security policy, the best practices, the most innovative security tools, and the most expert teams are no longer enough in this changing environment. One only has to look at current events to understand that this is necessary, but not sufficient.
If traditional means, tools, and methods are no longer enough, then a change of posture and paradigm is needed to adopt new, more collaborative methods.
Collaboration in cybersecurity is not a new idea. Guillaume Poupard, Director General of ANSSI (French National Agency for Information Systems Security) has called for collaboration in cybersecurity on numerous occasions. This was the case in Monaco during the 2017 Security Conferences (called “Les Assises”) with his speech “Acting together”, a call that was reiterated during this same event in 2018 and the speech “Anticipate to stop suffering.”
The President of the French Republic, Emmanuel Macron, drove the point home and launched the Paris Call for Trust and Security in Cyberspace in November 2018 at the UNESCO meeting of the Internet Governance Forum (IGF).
This notion also appears in the report entitled “Cybermenace: avis de tempête” published in November 2018 by Institut Montaigne, which stresses “a vital need for cooperation and solidarity between private actors on the one hand, and public actors on the other.”
Finally, Guillaume Poupard formally renewed and extended his goals to a collective commitment at the FIC (International Cybersecurity Forum) in January 2019.
An African proverb says: “It takes a village to raise a child.” The idea is expressed and the principle is there: to collaborate to protect from cyber risk while companies are isolated in the face of a diffuse, omnipresent threat that can impact their production facilities at any time.
Attackers share malicious code and sell attack services to each other. In short, they already collaborate with each other.
This principle is also used in whistleblower or bug bounty programmes. Anyone who knows about a vulnerability informs the potential victim or a trusted third party.
This is now also the case for the Cyber Campus, where the major publishers and cyber service companies are grouped together.
For the past 3 years, CIX-A has been offering a complementary approach to cybersecurity. Together.
Collaboration is obviously not intended to replace all the traditional methods that are absolutely essential, nor is it intended to make one company contribute directly to the protection of a weaker one.
It aims to create a circle of trust to share critical operational or tactical information and tactical or strategic analysis—which is not usually shared and therefore only benefits those who have it—to prevent, detect, remediate, and improve the resilience of a company and its extended perimeter against cyberattacks.
In its main principles, choosing to join CIX-A means choosing:
- To be an actor and to change the paradigm in order to engage and respond to today’s cybersecurity challenges;
- To act together and chart new ways to help improve the situation in cyberspace and the capabilities of each member;
- To build a circle of trust and build collaborative tools to meet the challenge of sharing critical information to defend against cyberattacks.
It is a project that also allows the sharing of strengths, technical progress for each member, and the sharing of information within their supply chain.
Since our creation, we have equipped the channels of exchange for the sharing of operational data (indicators, attack paths, detection opportunities) and of strategic and tactical means (tools, methods, and procedures), and we have worked together for the cyber defence of each of our members.
About the Cyber Intelligence X sectors Alliance (CIX-A)
CIX-A is a French association founded in December 2018 that aims to bring together CISOs and their teams—working for various private or public companies—to enable them to share operational, tactical, or strategic information and feedback in a circle of trust.
The association meets on a regular basis for video conferences. It collaborates securely—in compliance with Traffic Light Protocol rules—in exchange channels and shares threat intelligence through a secure ThreatQuotient CTI platform, fed by various sources—including the members themselves—in addition to its website.
The association believes that information security teams are stronger when they work together and that sharing the strengths of one team improves the effectiveness of the others. Difficulties encountered are shared and discussed, and together the members find the best way to respond.
The association also hosts and trains cyber analyst trainees, thus fostering the development of various talents that are so rare in this field.
According to its statutes, the association can be joined as a member, an expert or a partner.
To read also
To read also
- Cyber industrial safety
- Security and Stability in Cyberspace
- Cyber risks
- Operational security
- Antifraud action
- Digital identity & KYC
- Digital Sovereignty
- Digital transition