ISC 2016: How To Improve Global Cooperation In Cybersecurity

John Davis


I recently gave the opening keynote presentation at China’s Internet Security Conference (ISC) 2016. ISC is China’s largest international cybersecurity conference and was held from 16–17 August in Beijing. The conference was open to the Chinese media and covered by CCTV and Xinhua. It was attended by roughly 8,000 people from several countries (mostly China, Korea, Russia, the U.S. and some European nations). This blog post will provide insight into what I shared with the international audience during my keynote address.

One of the topics that ISC asked me to address in my remarks was “Global Cooperation in Cybersecurity.”

During the keynote, I discussed three important factors that I believe can help to improve global cooperation in cybersecurity. These factors apply to global cooperation, that is government to government, company to company, and between governments and companies.

First factor: Transparency

The first factor is transparency. Better transparency is critical to improving cooperation at all levels. I provided the audience with an example of how an increase in transparency between the cyber units of international militaries contribute to increased stability, reduced uncertainty, and a smaller chance of misperception, miscalculation, or even making a mistake in the cyber environment that might escalate into something even more problematic in the physical environment.

I shared an example about transparency from my experience in my current role at Palo Alto Networks and talked about how we share cyberthreat information among competing companies. Palo Alto Networks is one of eight companies, all competitors, which have formed an organization called the Cyber Threat Alliance (CTA).

In the CTA, cyberthreat information is considered a public good to be shared rather than an individual commercial commodity to be hoarded. To become a member of the CTA, each company must agree to do two things. First, they must agree to contribute unique malicious code or signatures, not found in existing published reports, into a common database that all eight companies can access. Second, and even more important and unique, they must agree to do something with the information that is put into the database. They must agree to load this cyberthreat information into their own internal security controls and defensive posture, as well as that of the clients that they serve.

What is the result of this kind of transparency between competing companies?  Using Palo Alto Networks as an example, what this means is that not only are our customers protected from the cyberthreats we see on a global basis, but they are also protected from the cyberthreats that the other seven CTA member companies see globally on a daily basis. This demonstrates an amazing dynamic that creates a growing, global ecosystem that stretches a self-learning, self-healing protective fabric across all organizations involved.

To be clear, both of my examples are just strong first steps. We must be realistic and practical. We may never achieve full transparency, but in my experience, that is okay because even limited transparency can help to improve cooperation.  The examples I provided demonstrate that increased transparency is a good first step in improving cooperation on a more global basis.

Second factor: Trust

Improving trust is essential to improving cooperation across the public and private sectors and between nations. I readily admit this can be very difficult. In many cases it will take a great deal of time and patience and, in most cases, cannot occur without the strong support of any organization’s leadership.

It’s important to note that trust does not even begin to build without the “good faith” first attempts to demonstrate increased transparency. In the CTA example shared above, progress in building trust was only possible because of senior leadership’s emphasis and support.

Third factor: Teamwork

With better transparency comes better trust, and with better trust comes the opportunity for teamwork and effective partnerships. This is the final ingredient to successful cooperation, whether government to government, company to company, or between governments and companies. While complete alignment and teamwork on all issues is an unrealistic expectation, there is an opportunity to foster teamwork based on the common self-interests of the various entities involved.

This is a process that takes time and must be carefully built step by step. I believe there is a real possibility of building toward a team approach to cybersecurity because, in my experience, it truly takes teamwork and effective partnerships to win against modern cyberthreats. Some may doubt this is possible, and I have no illusions of the level of difficulty, but I explained why I believe there is cause for action.

Will Global Cooperation in Cybersecurity Become the Standard?

In the same way that many countries around the world have taken a team approach to countering piracy, child pornography, proliferation of dangerous weapons, and terrorism, I believe that the seriousness of the cyberthreat trend will catch up to, and even possibly eclipse, all of these other global problems in which a team approach across most of the world’s responsible nations has already happened. Why would global cooperation in our collective approach to the cyberthreat problem be any different if – or when – we get to that stage?

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42


SUBSCRIBE TO RSS