The groundswell of available data and computation power to learn from data has produced advanced automation across many domains, but cybersecurity has lagged these trends. Cybersecurity data sharing comes primarily in the form of indicators of compromise (IoCs) that describe patterns or artifacts that have already been classified as associated with malicious activity. Identifying malicious activity and distilling one or more IoCs from it, however, is often a manual process that is slowed and/or decayed by the siloed viewpoints of different organizations. This project's broader significance and importance are in pioneering a new approach to organizational data sharing that prioritizes support for targeted queries on the operational states of other organizations to overcome these siloed viewpoints. This project's novelties are in identifying opportunities for organizations to diagnose events by posing and responding to such queries and in developing technologies to do so, while simultaneously protecting operational privacy for the organizations. The technical core of this project is a new approach to intrusion detection enabled by cross-organization queries, supported by specialized cryptographic protocols to pose queries and receive responses in a way that minimizes collateral leakage. The project also contributes novel mechanisms to motivate participation in these data exchanges, and to prioritize the partners to which queries should be posed to receive the highest-q