Incentives and Challenges for Cyber Security Information Sharing

Citation
ENISA, Incentives and Challenges for Cyber Security Information Sharing (Sept. 10, 2010) (full-text).

Overview
In 2010, ENISA worked on an analysis of barriers to and incentives for information sharing in the field of Critical Information Infrastructure Protection (CIIP). Findings indicate that many of the barriers and incentives commonly identified in the available literature are of relatively low importance to security officials working in Information Exchanges (IEs).

According to the study the most important are:

Economic incentives stemming from cost savings; Incentives stemming from the quality, value, and use of information shared; As most important barriers were identified: Poor quality of information; Misaligned economic incentives stemming from reputational risks; Poor management.

The report provides specific recommendations for both public decision-makers and private sector stakeholders.

The European Institutions and ENISA as EU body are called upon to play an active role in developing a European information sharing platform, and to encourage participation of Member States and relevant private stakeholders including existing national platforms. Member States are called upon to establish a national information sharing platform, to ensure the legal framework is conducive to information sharing, and to co-operate with other Member States. The private sector is encouraged to be more transparent and share information responsibly, use information sharing to improve security voluntarily in order to avoid regulatory interest and strong regulatory action which might be counter-productive. Academia and research could work to identify, describe, and quantify the benefits and costs of participating in such platforms,undertaking case-study research into instances where attacks might have been prevented, or their impact lessened.