Cybersecurity Information Sharing

The Oxford Handbook of Cyber Security Pub Date : 2021-11-04 DOI:10.1093/oxfordhb/9780198800682.013.55

Stuart Murdoch

{"title":"Cybersecurity Information Sharing","authors":"Stuart Murdoch","doi":"10.1093/oxfordhb/9780198800682.013.55","DOIUrl":null,"url":null,"abstract":"This chapter considers the impact on cyber security of a shift from voluntary coordination to mandatory incident reporting. It traces the efforts to organize collaboration for cyber security incident response back to its voluntary beginnings with the establishment of CERT/CC by DARPA in response to the Morris Worm in 1988, via the establishment of ISACs then ISAOs under successive US presidents, to the CiSP in the UK following the London 2012 Olympics. Recognizing efforts to standardize and automate information sharing, the discussion touches on how information sharing has come to form the basis of national cyber strategies, forming a foundational element of internationally recognized maturity models for those strategies, and it goes on to consider the increasing move towards more mandatory incident reporting, especially in Critical National Infrastructure sectors across the globe, from the Defence Industrial Base in the United States to the NISD throughout the European Union. It considers the impact of mandating reporting on levels of collaboration overall, concluding that regulators must be careful not to create sector-specific silos or undermine existing levels of voluntary sharing through their enforcement of such mandatory schemes.","PeriodicalId":336846,"journal":{"name":"The Oxford Handbook of Cyber Security","volume":"17 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"The Oxford Handbook of Cyber Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1093/oxfordhb/9780198800682.013.55","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

This chapter considers the impact on cyber security of a shift from voluntary coordination to mandatory incident reporting. It traces the efforts to organize collaboration for cyber security incident response back to its voluntary beginnings with the establishment of CERT/CC by DARPA in response to the Morris Worm in 1988, via the establishment of ISACs then ISAOs under successive US presidents, to the CiSP in the UK following the London 2012 Olympics. Recognizing efforts to standardize and automate information sharing, the discussion touches on how information sharing has come to form the basis of national cyber strategies, forming a foundational element of internationally recognized maturity models for those strategies, and it goes on to consider the increasing move towards more mandatory incident reporting, especially in Critical National Infrastructure sectors across the globe, from the Defence Industrial Base in the United States to the NISD throughout the European Union. It considers the impact of mandating reporting on levels of collaboration overall, concluding that regulators must be careful not to create sector-specific silos or undermine existing levels of voluntary sharing through their enforcement of such mandatory schemes.

查看原文本刊更多论文

网络安全信息共享

本章考虑从自愿协调到强制性事件报告的转变对网络安全的影响。它将组织网络安全事件响应合作的努力追溯到DARPA在1988年莫里斯蠕虫事件后自愿建立的CERT/CC，通过在历届美国总统领导下建立isac和ISAOs，到2012年伦敦奥运会后在英国建立的CiSP。认识到信息共享标准化和自动化的努力，讨论涉及信息共享如何形成国家网络战略的基础，形成国际公认的成熟度模型的基本要素，并继续考虑越来越多的强制性事件报告，特别是在全球关键的国家基础设施部门。从美国的国防工业基地到整个欧盟的NISD。它考虑了强制报告对整体合作水平的影响，得出的结论是，监管机构必须小心，不要通过执行此类强制性计划来创建特定行业的孤岛或破坏现有的自愿共享水平。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

The Oxford Handbook of Cyber Security

自引率

0.00%

发文量