Metrics for Measuring the Efficacy of Critical-Infrastructure-Centric Cybersecurity Information Sharing Efforts
57 Pages Posted: 17 Jan 2013
Date Written: November 15, 2012
Efforts to secure and defend public- and private-sector cyber systems rely in part on information sharing. Information sharing strengthens the nation’s cybersecurity posture by allowing participating entities to have the broadest possible understanding of the tactics, techniques, and procedures of cyber threat actors and the vulnerabilities of cyber systems. Armed with this understanding, cyber defenders can better deter, prevent, disrupt, and recover from malicious cyber activity. Cybersecurity information sharing occurs in various fora in the public and private sectors. Within the Department of Homeland Security, the Office of Cybersecurity and Communications (CS&C) facilitates the sharing of actionable raw indicators and finished analytic products among entities in critical infrastructure sectors and the federal government. To ensure that such critical-infrastructure-centric cybersecurity information sharing efforts succeed in their missions, CS&C asked the Homeland Security Studies and Analysis Institute to develop a holistic, theory-driven suite of performance-measurement metrics. Taken together, metrics within this suite can serve to suggest whether efforts are 1) functioning as anticipated; and 2) having the desired impact. This paper presents the suite of metrics and associated findings of the research, including its theoretical foundations. Guided by first principles and literature on information, information theory, decision theory, and uncertainty (as well as best practices in performance measurement), the paper recommends using a suite of metrics that measure various relevant inputs, processes, outputs, and outcomes of critical-infrastructure-centric cybersecurity information sharing efforts.
Suggested Citation: Suggested Citation