Evaluating the Impact of Cybersecurity Information Sharing on Cyber Incidents and Their Consequences

36 Pages Posted: 2 Apr 2014

See all articles by Matthew Fleming

Matthew Fleming

Homeland Security Studies and Analysis Institute; Georgetown University

Eric Goldstein

Homeland Security Studies and Analysis Institute

John K Roman

The Urban Institute

Date Written: March 31, 2014

Abstract

The Department of Homeland Security (DHS) facilitates cybersecurity information sharing among federal government departments and agencies and critical infrastructure owners and operators to promote their security. Information sharing is deemed of critical importance to accomplish the department’s cybersecurity mission; indeed, information sharing is one of the central planks of Executive Order 13636: Improving Critical Infrastructure Cybersecurity, which calls for greater cybersecurity information sharing between the government — not least DHS — and the private sector. But while the importance of information sharing in cybersecurity is intuitive — information that is relevant, timely, and accurate should help cyber defenders reduce vulnerabilities and mitigate threats — the impact of information sharing has not been empirically assessed. The lack of empirical support for information sharing raises two notable issues. First, information-sharing partners, particularly those in the private sector, are sometimes reluctant to participate in government-sponsored initiatives because of concerns about liability, resource costs, and return on investment. Absent empirical demonstration of the value of cybersecurity information-sharing efforts, DHS may be unable to better incentivize participation. Second, information-sharing efforts may, for a variety of reasons, be ineffective (not least due to a lack of participation or the dissemination of irrelevant information). Without assessing the relationship between information sharing and the number and severity (i.e., consequences) of cyber incidents, DHS may be unable to identify and improve poorly performing information sharing efforts. A previous Homeland Security Studies and Analysis Institute (HSSAI) study recommended a suite of metrics to measure various relevant inputs, processes, outputs, and outcomes for cyber information-sharing efforts (Fleming and Goldstein 2012). It did not, however, seek to suggest ways to empirically test the hypothesis that information sharing reduces the number or severity of cyber incidents (it was assumed to do so, per DHS guidance). Accordingly, building on the previous HSSAI research, the present paper sets forth views on use of the dependent variable (some measure of cyber incidents), primary independent variable (some measure of information sharing), control variables, and model specifications.

Keywords: information sharing, cybersecurity, homeland security, DHS

Suggested Citation

Fleming, Matthew and Goldstein, Eric and Roman, John, Evaluating the Impact of Cybersecurity Information Sharing on Cyber Incidents and Their Consequences (March 31, 2014). Available at SSRN: https://ssrn.com/abstract=2418357 or http://dx.doi.org/10.2139/ssrn.2418357

Matthew Fleming (Contact Author)

Homeland Security Studies and Analysis Institute ( email )

5275 Leesburg Pike
Suite N-5000
Falls Church, VA 22041
United States

Georgetown University

Washington, DC 20057
United States

Eric Goldstein

Homeland Security Studies and Analysis Institute ( email )

5275 Leesburg Pike
Suite N-5000
Falls Church, VA 22041
United States

John Roman

The Urban Institute ( email )

2100 M Street, NW
Washington, DC 20037
United States

Do you want regular updates from SSRN on Twitter?

Paper statistics

Downloads
476
Abstract Views
2,384
rank
83,067
PlumX Metrics