By Jerry Andriessen February 20, 2023
Storytelling Workshops 2022
We have organised storytelling workshops in the two pilot sites of the project: the municipalities of Larissa and Foggia. Representatives of multiple public and private organisations came together for four days for these workshops that were organised by our project.
During the workshop, participants shared stories about their experiences with cybersecurity in their organisations, and, in addition, discussed real world examples of cyberattacks that had serious implications on a region, or, the term we like to use, on an entire ecosystem. An ecosystem is a group of organisations that live and interact together in a particular environment. Despite cybersecurity being ubiquitous, and attacks coming from anywhere, in an ecosystem, local organisations can have joint interests when it comes to cybersecurity.
For example, organisations working together (as an ecosystem) in providing resources for high quality pasta also have a joint cybersecurity interest, because if the system of one organisation is hacked, the pasta creating process in other organisations may be delayed. Or, if a healthcare organisation responsible for providing a certain medicine has a system breakdown, it may not be able to deliver its orders on time or sending its bills to the right supplier.
By engaging in storytelling, we try and capture what organisations may have in common, in order to set up a joint or collaborative cybersecurity defence. This can focus on interdependencies at the system level, as in organisations sharing the same systems, but also on supply chain interdependencies, as in organisations jointly providing essential services to deliver a final product. In the first type, cybersecurity collaboration is about joint awareness of vulnerabilities and other characteristics of the systems that are used. For the second type, the organisations should understand their interdependencies at the level of business processes. A third group of possible collaborations, and a very important one, is about sharing information, about attacks, but also about policies for handling attacks and about preventing the risks of possible attacks.
Collaboration might be a general concept, about doing something together. However, using the term does not specify at all what it is that people do together: what the roles of participants are, and how the various participants work together. In fact, the three types of interdependencies distinguished in the previous paragraph require very different kinds of actions from the people involved. In the project, together with the pilot sites, we will further develop these collaborations. This will be the topic of a future blog.