CSSA was founded in November 2014 by seven major German companies as an alliance for jointly facing cyber security challenges in a proactive, fast and effective manner. Contrary to cyber attackers who obviously have an incentive to collaborate, commercial enterprises originally have had little interest in sharing information on attacks and damages with others. This information asymmetry needed to be overcome.
CSSA creates a secure space for a coordinated, efficient and confidential information exchange allowing organizations to benefit from the knowledge of their peers, mutually support and learn from each other. CSSA focuses on sharing and analyzing cyber threat intelligence in a collaborative approach. Objectives are to better detect and understand threats and enhance response actions.
CSSA is open for European enterprises with appropriate internal cyber security resources who are willing and capable to actively support CSSA and to share security-related incidents and information with peers. This demands a strong commitment of all members and a very high degree of confidentiality. The association has not set itself growth objectives but is above all targeting at qualitative advancement.
Founding members of the association are: Airbus Group, Allianz, BASF, Deutsche Bank, Deutsche Telekom, Henkel and Infineon. Currently, CSSA has 13 member companies (as of Jan. 2020). All members contribute the same membership fee and have the same rights.
Please find CSSA’s statutes here.
Exchange in CSSA works on three levels:
An important prerequisite for the efficient collaboration within CSSA is a secure, technical exchange platform to share indicators, observables and analyses among members. CSSA currently uses MISP as the main sharing interface and tool.
A key success factor for CSSA is the trusted exchange and dialog among its members. Currently, approximately 80 people are connected within the association.
Several working groups ensure the operational implementation of CSSA’s objectives. All participants work on the basis of personal confidentiality agreements including a CSSA-specific adaptation of the Traffic Light Protocol (see https://www.first.org/tlp/).
In case of questions regarding CSSA please do not hesitate to contact us: