The term ‘Collaborative Cyber Security’ has been borrowed from Richard Hackman’s book Collaborative intelligence. In this book he describes the lessons learned from researching the CIA in the aftermath of 9/11. The CIA wanted to solve hard problems with teams instead of individual Analysts. Hackman present strategies for creating an environment that supports the success of a team.
Parallels
The Cyber Security domain and Intelligence domain has many parallels. First of all many of the threats to nations can be directly felt on the internet. Recents attacks on the Democratic Party or the hack of U.S. Office of Personnel Management (OPM) show the overlap. Second nations and companies invest more and more in the intelligence agencies or in Cyber Security giving them more manpower and capabilities to monitor and detect intruders. Third both domains have the disadvantage of being the defender. Studies show in sport defending is more difficult then to attack. Johan Cruijff is famous for his statement the best defense is to attack. Defending against an unknown attacker makes it more difficult and forces you to setup massive monitoring capabilities to detect attacks (anomalies).
Resilience
Having a monitoring capability in place you find out you missed an attack vector and your team is caught off guard. It will take significant time to recover. Resilience thinking is a new paradigm in which managers accept they will confront unpredicted threats. Rather then investing in strong specialized defenses we should create a system that roll with the punches or even benefit from them. General Stanley McChrystal explains in his book team of teams how resilience thinking can help Special Ops team to react on Al Qaida in Iraq. He describes how enabling teams can help respond on a threat actor a traditional defense system could not.
Need to know or need to share?
In most Intelligence or Cyber Security settings information is shared on a need to know basis. General Stanley McChrystal explained that complete transparency and active information sharing enables team to self organize. The need to know paradigma has big impact on the team and it’s development because it impacts trust.
Self organizing teams
For the last 10 years I am coaching scrum teams and the insight from General Stanley McChrystal and Richard Hackman sounded very familiar to me. I also got the opportunity to coach multiple security operation teams for a year. I trained teams in Scrum, Devops and Kanban in Netherlands and the US. The teams used scrum during multiple sprints and learned to improve and adopt it to their way of working. The result was teams visualize their work in a Scrumban way. Helping to prioritize between incident handling and implementing improvements. The teams matured and some individual team members made unexpected developments. Changing from defensive behavior to embracing scrum and surprising management.
Towards resilient teams
Both Hackman and McChrystal give handles for resilient teams. Based on my experience creating a self organized team based on scrum principles is a first step in creating resilient teams. A focussed team improvement approach with simulations and training will make teams able to react on new threats. Changing the need to know to a need to share culture will accelerate this.
Team of Teams: New Rules of Engagement for a Complex World, General Stanley McChrystal
Collaborative Intelligence – Using Teams to Solve Hard Problems, J. Richard Hackman
