Empowering cyber resilience: How a nonprofit CERT safeguards mission-critical infrastructure
"Nothing seemed to work as well as Mattermost — Mattermost just looked like the perfect choice for what we needed to do."Nonprofit CERT CEO
This nonprofit computer emergency response team (CERT) helps local organizations stay abreast of the latest developments in the realm of cyber incidents, cyberattacks, and cyber threat actors. While the nonprofit has a relatively small team, it maintains a digital community of 1,000 cyber professionals who come from hundreds of organizations across a range of different critical sectors to discuss cybersecurity tips, strategies, and best practices.
For example, in the event a vendor gets compromised by a cyberattack, the community will come together to determine the best course of action for those impacted.
Looking for a secure & self-sovereign collaboration solution
When the founding team began planning to launch the CERT, they knew building a robust, highly collaborative online community was most important to mission success.
“We do a lot to help collaboration between many different infrastructure providers, so getting a digital platform to facilitate this was really important for us to begin with,” the CERT’s CEO says.
Since members of the founding team were familiar with Slack and had used it at previous organizations, they initially considered the cloud-based SaaS collaboration solution.
“However, because we are the CERT for critical infrastructure, one of the requirements for people to feel at ease with sharing information was that it was kept within our country,” the CEO continues. “So we needed something that could be hosted locally and wasn’t being controlled by another entity and started looking for a Slack alternative.”
Selecting Mattermost, ‘the perfect choice,’ for open source nature & self-hosting capabilities
The nonprofit began asking other peer CERT groups what they were using for collaboration, and many of them recommended that the organization look into Mattermost. Based on these recommendations and their own due diligence searching for potential solutions online, the CERT ultimately decided to choose Mattermost for collaboration.
“There were a few options, but nothing seemed to work as well as Mattermost — Mattermost just looked like the perfect choice for what we needed to do,” the CEO explains. “The primary reason was getting something that could be hosted locally, which left out a lot of the cloud-only providers. We also needed something that could scale not just from a technical perspective but also from a management perspective.”
Additionally, the nonprofit was drawn to Mattermost’s open source nature — which is “great in itself.”
“There’s also a really strong community around Mattermost, so in the event you run into certain issues, there’s a robust community to tap into to get ideas about how to solve various problems,” the CEO says. “That’s also a really strong case for Mattermost, at least for us.”
Building a collaborative community of cyber professionals working toward a common goal of protecting mission-critical infrastructure
With Mattermost as a central collaboration hub, the CERT has enabled roughly 1,000 professionals from hundreds of organizations — many of which are infrastructure providers — to build a tight-knit, supportive community built on a foundation of cybersecurity and knowledge-sharing.
“Our members are companies within critical infrastructure,” the CEO says.
Since a small team can only do so much, the CERT has leveraged Mattermost’s advanced permissions to make certain community members administrators.
“We let other people be team admins or channel admins in some of the channels we have so that the community can help manage this with us,” the CEO continues. “That’s definitely something that works well and allows it to scale a little bit larger than what our own team could handle. A thousand people obviously know a lot more than a small team does, so when we can activate our community because of Mattermost, there’s a whole lot more value to be had from our organization than what we would be able to provide on our own.”
Minimizing reliance on email while facilitating ongoing discussions
While email is an inherent part of any business, it’s far too easy to get overwhelmed by too many messages. At the same time, while emails may be perfectly fine for disseminating information, they’re not the best medium for facilitating lively conversations.
“Email is not a very secure way of communicating,” the CEO says. “Email is also communication that is broadcasted and received. When we post something on Mattermost, it’s the start of a discussion. Instead of an email just being information that we put in the hands of other people, when we take the same information and post it in Mattermost, it spawns a discussion thread where people ask questions and get answers, and they collaborate about how to deal with this new threat and what to do about it. A lot of different people can pitch in and give ideas and show others how their experience has been in dealing with a certain threat. Suddenly, instead of us pushing information, the information now triggers a whole community in terms of how to work together to overcome these challenges.”
Without Mattermost, this collaborative approach to digital communication wouldn’t be possible.
“We’d have to figure out some other way of sharing information, and we’d lose the whole collaborative aspect of what we do,” the CEO says. “It’s hard to imagine what this would look like without an online collaboration platform at all.”
Accelerating onboarding with a persistent messaging history
Since Mattermost preserves chat history, it’s easy for newcomers to the community to get up to speed with what everyone’s talking about and see how the proverbial sausage is made.
“One of the things that’s great about Mattermost is that when a new person gets onboarded, all of the historical discussions are there,” the CEO continues. “So you can scroll back and see what’s been going on before you were onboarded.”
To make onboarding even easier, the CERT also uses Mattermost as an archiving service of sorts. At regular intervals throughout the year, the nonprofit creates a report about threat actors, the threat landscape, or something similar.
“We create PDF reports and post those inside of Mattermost and then we cross-post them to a specific channel,” the CEO says. “In there, you can very quickly scroll back up and see the latest reports that we’ve come up with. We do this because if we only posted in the main discussion thread, three months later there will have been thousands of discussions, and it would be pretty hard to come back and find those reports.”
A platform that’s well-received by the community
As a solution that’s available across mobile, desktop, and web apps and various platforms, Mattermost can be accessed in whatever way is most comfortable to users.
“Our users are very happy with Mattermost because everything looks very familiar to them, there are apps for their preferred platforms, and it’s easily accessible over the web,” the CEO says. “Our community uses both the iPhone and Android apps as well as the Windows and Mac apps.”
Looking ahead, the CERT is exploring Mattermost Calls and plans to start using the feature to collaborate via voice calls with the ability to share screens.