Citation[]
European Network and Information Security Agency, Incentives and Challenges for Cyber Security Information Sharing (Sept. 10, 2010) (full-text).
Overview[]
This study analyzes the barriers to and incentives for information sharing in the field of Critical Information Infrastructure Protection (CIIP). Findings indicate that many of the barriers and incentives commonly identified in the available literature are of relatively low importance to security officials working in Information Exchanges (IEs).
According to the study the most important are:
- Economic incentives stemming from cost savings;
- Incentives stemming from the quality, value, and use of information shared;
- As most important barriers were identified:
- Poor quality of information;
- Misaligned economic incentives stemming from reputational risks;
- Poor management.
The report provides specific recommendations for both public decision-makers and private sector stakeholders.
- The European Institutions and ENISA as EU body are called upon to play an active role in developing a European information sharing platform, and to encourage participation of Member States and relevant private stakeholders including existing national platforms.
- Member States are called upon to establish a national information sharing platform, to ensure the legal framework is conducive to information sharing, and to co-operate with other Member States.
- The private sector is encouraged to be more transparent and share information responsibly, use information sharing to improve security voluntarily in order to avoid regulatory interest and strong regulatory action which might be counter-productive.
- Academia and research could work to identify, describe, and quantify the benefits and costs of participating in such platforms, undertaking case-study research into instances where attacks might have been prevented, or their impact lessened.