Cyber Security Sharing & Analytics (CSSA)

CSSA was founded in November 2014 by seven major German companies as an alliance for jointly facing cyber security challenges in a proactive, fast and effective manner. Contrary to cyber attackers who obviously have an incentive to collaborate, commercial enterprises originally have had little interest in sharing information on attacks and damages with others. This information asymmetry needs to be overcome.

CSSA creates a secure space for a coordinated, efficient and confidential information exchange allowing organizations to benefit from the knowledge of their peers and mutually support and learn from each other. CSSA focuses on sharing and analyzing cyber threat intelligence in a collaborative approach. Objectives are to better detect and understand threats and enhance response actions.


Members and Organization

CSSA is open for commercial enterprises with appropriate internal cyber security resources who are willing and capable to actively support CSSA and to share security-related incidents and information with peers. This demands a strong commitment of all members and a very high degree of confidentiality.

Founding members of the association are: Airbus Group, Allianz, BASF, Deutsche Bank, Deutsche Telekom, Henkel and Infineon. Currently, CSSA has 13 member companies. All members contribute the same membership fee and have the same rights.

Please find CSSA’s statutes here.


General Assembly
of Members:

Two members per member company

Managing Board

elected by general assembly:
Dr. Ralf Schneider (Chair)
Wiebe van der Horst
Dr. Silke Lechtenberg
Dr. Elmar Pritsch

Managing Director:

Ursula Schürmann

Working Groups:

Threat Exchange

Data Management & Analytics

Employee / Staff Awareness



Exchange in CSSA works on three levels:

  • the personal exchange on incidents, threats and vulnerabilities among experts
  • the platform-based, technical exchange of Threat Intelligence via the CSSA Portal
  • the monthly CSSA Situation Report

A key success factor for CSSA is the lively exchange and dialog among its members. Currently, approximately 50 people are connected within the association.

Several working groups ensure the operational implementation of CSSA’s objectives. They work on the basis of a confidentiality agreement including a CSSA-specific adaptation of the Traffic Light Protocol.

An important prerequisite for the efficient collaboration within CSSA is a secure, technical exchange platform to share indicators, observables and analyses among members. CSSA currently uses MISP as the main sharing interface and tool. Additionally, a STIX-TAXII-interface is provided.

The CSSA platform offers several reporting and data analytics features, including malware analysis. This functionality is constantly being evolved.



  • Managed and secure space for confidential exchange backed by strong statutes
  • Close and trustworthy network through limited number of highly committed member companies
  • Hands-on collaboration through active cooperation of experts
  • Fast access to threat intelligence through automated exchange on CSSA platform
  • Reporting and analytics tools and capacity provided by CSSA
  • Solid foundation of activities by continuous investment into CSSA resources


Do you have questions regarding CSSA?

Are you interested in a collaboration?

Then do not hesitate to contact us!