Cyber Security Sharing & Analytics (CSSA)

CSSA was founded in November 2014 by seven major German companies as an alliance for jointly facing cyber security challenges in a proactive, fast and effective manner. Contrary to cyber attackers who obviously have an incentive to collaborate, commercial enterprises originally have had little interest in sharing information on attacks and damages with others. This information asymmetry needed to be overcome.

CSSA creates a secure space for a coordinated, efficient and confidential information exchange allowing organizations to benefit from the knowledge of their peers, mutually support and learn from each other. CSSA focuses on sharing and analyzing cyber threat intelligence in a collaborative approach. Objectives are to better detect and understand threats and enhance response actions.

Images

Members and Organization

CSSA is open for European enterprises with appropriate internal cyber security resources who are willing and capable to actively support CSSA and to share security-related incidents and information with peers. This demands a strong commitment of all members and a very high degree of confidentiality.

Founding members of the association are: Airbus Group, Allianz, BASF, Deutsche Bank, Deutsche Telekom, Henkel and Infineon. Currently, CSSA has 13 member companies. All members contribute the same membership fee and have the same rights.

Please find CSSA’s statutes here.

Bodies:

General Assembly

Two members per member company

Board of Management

elected by general assembly:
Dr. Ralf Schneider (Chair)
Stefan Beck
Dr. Silke Lechtenberg
Dr. Elmar Pritsch

Managing Director:

Ursula Schürmann

Working Groups:

Threat Exchange

Data Analytics

Staff Awareness

Images

Activities

Exchange in CSSA works on three levels:

  • the confidential expert exchange on incidents, threats and vulnerabilities at member companies
  • the technical exchange of Threat Intelligence via the CSSA sharing platform
  • the monthly CSSA Situation Report for the CISOs and IT Security teams at member companies

An important prerequisite for the efficient collaboration within CSSA is a secure, technical exchange platform to share indicators, observables and analyses among members. CSSA currently uses MISP as the main sharing interface and tool.

A key success factor for CSSA is the trusted exchange and dialog among its members. Currently, approximately 80 people are connected within the association.

Several working groups ensure the operational implementation of CSSA’s objectives. All participants work on the basis of personal confidentiality agreements including a CSSA-specific adaptation of the Traffic Light Protocol (see https://www.first.org/tlp/).

Images

Benefits

  • Managed and secure space for confidential exchange backed by strong statutes
  • Close and trustworthy network through limited number of selected member companies
  • High commitment of company representatives
  • Hands-on collaboration through active cooperation of experts
  • Development of capabilities through exchanging and benchmarking with peers
  • Sustainable support from central and shared CSSA resources

Contact

Do you have questions regarding CSSA?

Are you interested in a collaboration?

Then do not hesitate to contact us!