Cyber Crisis: Foundations of Multi-Stakeholder Coordination


In recent years, policymakers throughout the world have recognized the need for international cooperation and coordination to address the growing epidemic of cyber-attacks, particularly those that can rise to the level of a catastrophe.

We cannot afford to waste time when a power plant has stopped working, a financial system has been disrupted, or people lose access to healthcare services. The response in these kinds of situations must be swift and well-orchestrated.

By leveraging the private sector’s distinct capabilities and relationships on a voluntary and mutually beneficial basis, governments can achieve their goal of a secure digital ecosystem through the leadership of global ICT companies.

The CSDE publication Cyber Crisis: Foundations of Multi-Stakeholder Coordination identifies key resources among global ICT companies across two distinct phases. During the first phase, the CSDE identified categories of cyber threats and vulnerabilities that may require the mobilization of the ICT sector. These categories were chosen in consultation with experts and sources from industry, government, and civil society.

In the second phase, the CSDE conducted a survey of member companies, leveraging the expertise of leading cybersecurity professionals and other institutional resources, to identify (1) incident response assets and capabilities that ICT stakeholders may provide to mitigate a crisis scenario and (2) potential industry responders in select crisis scenarios.

Scenarios Explored

• DDoS Botnet Attack

• DDoS Server-based Attack

• Border Gateway Protocol (BGP) Hijacking

• Domain Name System (DNS) Hijacking

• Software Vulnerabilities: Open Source

• Software Vulnerabilities: Zero Day

• Hardware Vulnerabilities: Processor Architectures

• Injection of Malicious Code in Software and Hardware Components

• Destructive Malware

• Ransomware

• Advanced Persistent Threat (APT): Industrial Systems

• Cloud Provider Compromise

Why We Created the Guide

While individual governments and enterprises take steps to protect their own systems from cyber threats, these systems are built upon the infrastructure, products and services of companies reflected within the CSDE membership. Moreover, these major ICT companies are global in nature and have experience combating a broad variety of cyber threats that spread rapidly from one jurisdiction to another.

By contrast, government and enterprise system managers have different levels of operational capability and institutional knowledge, different definitions for key concepts and terminology, and different relationships with the private sector and other relevant stakeholders – all of which can result in very delayed responses during a crisis, where time is of the essence.

Our work builds on the recommendations in the November 19, 2014 National Security Telecommunications Advisory Committee (NSTAC) Report to the President on Information and Communications Technology Mobilization [1] and the June 2016, Homeland Security Advisory Council Final Report of the Cybersecurity Subcommittee on Incident Response, [2] as well as similar calls to action in other jurisdictions, such as European Union Agency for Network and Information Security (ENISA) publications on cyber crisis cooperation.[3]


[1] Nat’l Sec. Telecomm. Advisory Comm., NSTAC Report to the President on Internet and Communications Mobilization 12 (Nov. 16, 2017).

[2] Homeland Security Advisory Council, Final Report of the Cybersecurity Subcommittee on Incident Response, Dep’t of Homeland Sec. (June 2016).

[3] See, e.g., ENISA, Strategies for Incident Response and Cyber Crisis Cooperation (Aug. 25, 2016).