The Key Ingredient of CTA? Trust.
“The relationships I and my team have built with the people in other members’ intelligence teams was an unexpected benefit. CTA has enabled us to collaborate within a trusted environment and build independent relationships that make that collaboration even more effective.” – Ryan Olson, Vice President Threat Intelligence (Unit 42), Palo Alto Networks
Building a Foundation
Prior to the creation of CTA in 2017, there was no organization explicitly committed to building trust across private-sector cybersecurity companies operating in different industry verticals and geographic regions. CTA led the way in establishing automated information sharing between cybersecurity providers on a routine basis — and that foundation provides us with an opportunity to do more. From that base, we have sought to bring our members together to share additional information, analysis, and context at human speed. CTA’s progress in fostering such relationships of trust among our membership has been groundbreaking.
Trust-Building at Human Speed
Much of the hard work of trust-building has taken place through CTA’s Algorithm and Intelligence (A&I) Committee. This venue provides an opportunity for threat intelligence researchers to meet and talk on a regular basis. We began small, asking members to brief recently published research on new threats or on trends they see from their unique perspectives. Naturally, researchers did what researchers do: they asked questions of each other, challenging some assumptions and providing their various views of the problems. We also began to share information on new and emergent threats, often sharing details in real-time via collaboration channels.
These briefings, in addition to involvement in CTA-sponsored events, provided an opportunity for individual researchers from CTA’s 25-plus members companies to grow into a true community. The VPNFilter incident in May 2018 was the first sign of this trust manifesting into concrete action. Cisco’s Talos Intelligence Group chose to provide their research to members early to enable the broadest possible protections and disrupt the malicious actor’s infrastructure more holistically. Members saw the value of this collaborative approach to cybersecurity defense and began sharing more research with each other early. Since VPNFilter, CTA members have now shared over 230 reports through early sharing. You you can read more about CTA’s early sharing program in this recent blog post.
Together Towards a Common Goal
Human-speed sharing like this is just one of the many ways in which CTA helps to create an environment of trust in which member companies’ researchers and executives feel comfortable collaborating around a common goal of stronger cybersecurity for all. Coming together for industry events, active member participation in the development of CTA through our committees, and engagement through CTA on event- and threat-oriented research all play a role in creating the conditions for trust-building amongst the individuals that participate in our work.
All of CTA’s activities are rooted in our common mission and our trust in one another to share quality information, enabling better protection for our members’ customers. As CTA grows and matures, we will continue to foster collaboration between members to more expeditiously and effectively disrupt malicious actors and to elevate the overall security of our digital ecosystem.