To devise an effective model with commercial incentives and global reach, we need to rethink the game. With an ecosystem of companies that operate across many borders and regulatory systems, and with the advent of initiatives such as the Pall Mall Process, the NCSC are setting out what responsible behaviour looks like.

Irresponsible behaviour is increasingly difficult to detect and respond to alone. Borrowing a reference from the book (and movie) Moneyball, “creating in the aggregate”, we can capitalise on an emerging approach of assembling a distributed team of teams – vulnerability researchers, developers, forensic investigators, CTI analysts, and policy leaders – whose combined strengths outmatch any single superstar. Together, we can create an outsized impact drawn from decentralized work across the cyber community.

Recently, A group of highly capable investigators and analysts in various companies produced a near simultaneous tranche of reporting highlighting a US-sanctioned entity, shining a light on their advanced intrusion capability.

The Pall Mall Process, now in its third year, has encouraged wide participation and offered a framework on which to build. What if we purposely, deliberately planned and combined these distinct capabilities?

Victim support, threat modelling, shared telemetry, technical implementations, are just a few of the areas in which government, civil society and industry could collaborate making cross-sector partnerships not just productive but essential.

Please attend if you are from government, industry, and civil society organisations.