Despite billions invested in regulations, hackers remain undeterred. What the world truly lacks is operational collaboration.
One of the critical components of protecting cyberspace is collaboration in prevention, disruption, and recovery from cyber incidents. When we examine global defense strategies, it becomes clear that most countries are currently focused on regulation.
Regulation is a necessary foundation for building a cybersecurity culture, but it is insufficient to stop hackers, certainly not advanced, sophisticated, and well-coordinated attacks.
The need for a coalition
For years, I have argued that to confront hackers, state-sponsored cybercrime, and cyber terrorism, we must establish a cyber coalition. Such a coalition must be based not only on research, sharing information, and creating a methodology that is the foundation, but also primarily on intelligence sharing and operational collaboration.
Indeed, we occasionally see such collaborations between countries or partners around specific projects or operations. We are familiar with the strong cooperation frameworks between European and American organizations, which are an essential step forward. However, as long as the information shared does not originate from operational domains, the achievements will remain limited – constrained to regulation and methodology.
Something much broader is truly needed: a Global CERT – a supranational coalition of countries, industries, and technology companies working together, in real time, against emerging threats.
Cybercrime is projected to cost the world $10.5 trillion annually by 2025 – a threat no single nation can face alone.
The primary advantage of such a coalition lies in its ability to assist with large-scale incidents. The stronger the global resilience among coalition members, the faster, more efficient, and less damaging the recovery process will be.
What holds us back
From my personal experience, one of the main challenges is the reluctance of states to share sensitive information. Often, the data that enables effective defense originates from offensive bodies, making it highly classified.
In recent years, we have seen encouraging collaboration between states and major technology companies – an essential and positive trend. We also recognize the regulatory and methodological advances driven by Europe and the US.
Yet again, these frameworks will remain insufficient without operational intelligence sharing. States must step out of the old paradigm and begin sharing operational and sensitive intelligence to reduce the attack surface. This requires taking risks – sometimes because of losing sources, methods, or doctrines. However, the gain is far greater: faster disruption, more effective prevention, and shorter recovery.
Until the world embraces such an initiative, we will continue to see familiar patterns: Too few collaborations; measures taken too late; tightening regulation – but hackers remain undeterred; and a cyber domain where adversaries thrive.
A call to action
I have repeatedly offered to advise and support the establishment of a true international operational coalition.
The future of cybersecurity cannot rely solely on laws, regulations, and methodology. It must be built on a coalition of trust, intelligence, and cross-border operational collaboration.
The first nation to take the lead will not only enhance its own security but will also shape the future of global cyber defense. The time to act is now.
The writer is CEO of Code Blue Ltd., and a former deputy director-general of INCD, the Israel National Cyber Directorate.