Stronger Together

Posted on by Michael Daniel

On the surface, “Stronger Together” seems unassailable as a theme. It provides plenty of breadth for different presentations and can serve as a jumping-off point for many different talks. Further, writing about this theme seems easy, too, at least at first glance. After all, who is going to argue the opposite, that we are “Weaker Together” or “Stronger Alone”?

Yet, if you stop to think about it, selecting “Stronger Together” is not an obvious choice. Questions start to pop up. Why does RSA Conference need to have this theme? Why organize a conference around a concept and have speakers discuss an idea that is so obviously right? Doesn’t everyone agree with this idea already? What’s there to talk about?

The answer is that while everyone says they agree, the industry does not always act like it. Many factors drive this disconnect, ranging from the economic to the cultural. As an industry, cybersecurity is highly competitive, with a huge number of companies vying for attention and market share. Companies have an imperative to stand out among their competitors, making a case for why buyers should choose their product or service as opposed to anyone else’s. Technical complexity and product incompatibility impede collaboration, making “together” a difficult state to achieve. Culturally speaking, the cybersecurity industry partially descends from the technology industry, which often focuses on the Next Big Idea, the Killer App, or being first to market, not necessarily how everyone can work together to achieve a goal. As a result, saying that we are stronger together turns out to be much easier than acting upon that idea.

As the industry gathers in San Francisco, the challenge will be to identify some specific ways to make Stronger Together not just a slogan but a workable concept. Based on CTA’s experience, three lines of effort hold promise: reducing complexity, enabling collaboration, and creating incentives. The foundations for all three already exist in the cybersecurity community, but we need to expand and build on them.

Complexity often inhibits effective cybersecurity. In this context, complexity comes from the vast number of security companies that generate a bewildering array of products, use dozens of technical formats, and produce mountains of data. Applying technical solutions to this complexity at the surface level, such as building data translators between every different possible data structure, is neither feasible nor economically practical. Instead, we need to reduce the complexity at its root. The industry has started down this path, developing and adopting common data formats such as the Structured Threat Information Expression (STIXÔ) model. However, more standardization, dedicated tools, and optimized platforms would reduce the complexity even further and make Stronger Together an easier state to reach.

Beyond the technical capabilities, if we want to be Stronger Together, we also need the ability to collaborate on a human scale. Yet, collaboration does not just happen by chance. It requires several ingredients, including leadership support, trust relationships, safe spaces, and legal structures. Of course, collaboration already exists in the industry, but it often seems to occur despite the barriers rather than because industry leaders actively seek to combine these ingredients to enable effective collaboration. Further, since trust does not scale, we need an array or matrix of collaboration hubs with established relationships between them if we want to have a measurable impact on our security.

Finally, we need to create incentives for being Stronger Together. Such incentives can come in the form of appropriate exemptions to anti-trust laws or business rules that balance access with equity. An example of such a business rule would be to allow researchers at collaborating companies to receive pre-publication copies of papers, blogs, or threat reports from group members, as long as the recipients strictly adhere to an embargo. The embargo allows the original author to get the credit, but the sharing allows others to be prepared to act on the findings as soon they are released. All the participants are better off, and the ecosystem is better off too. If the business rules are enforced, such as by losing access to the early sharing if you violate the embargo, everyone has the incentive to follow them.

In the end, having RSA Conference 2023 choose Stronger Together as a theme is beneficial and necessary. As an industry, we need the reminder that we are, in fact, better off when we collaborate. We need a counterbalance to the purely competitive side of the business. We need to reinforce the part of the cybersecurity industry culture that emphasizes collaboration across physical boundaries and collective defense.

CTA is looking forward to RSA Conference in April 2023. We will be there, serving as an example of what Stronger Together looks like in practice. See you in San Francisco. 

Michael Daniel

President and Chief Executive Officer, Cyber Threat Alliance

Human Element

incident response security intelligence security operations threat intelligence

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs