Scalable Security: Cyber Threat Information Sharing in the Internet Age

The federal government has attempted to foster cyber threat information sharing within U.S. critical infrastructure industries for at least 16 years. Such efforts have produced today’s complex constellation of threat analysis centers and sharing organizations in various industries and government agencies, but have brought inconsistent observed improvement in cybersecurity outcomes. Meanwhile, successful but limited sharing relationships have formed separately among private companies and individuals. Objections to information sharing that are raised in the literature and press fall into a limited number of categories, each of which can be refuted relatively easily; the problem is therefore better viewed as a problem of insufficient perceived benefits rather than prohibitive costs.

While history demonstrates that sharing is a powerful tool for addressing collective threats, new analysis is clearly needed to explain why effective cyber sharing seems so difficult to accomplish effectively.

The Computational Policy analytical approach defined herein brings the power of the abstractions used in computer systems design to bear on difficult policy problems, allowing new analytical insights to inform policy choices.

Using this approach and new understanding of the cybersecurity threat landscape, analyses of three archetypal sharing designs—the watch floor, social network, and high-volume data sharing models—are presented and aspects of the current system are questioned.

Cybersecurity programs centered on human analysis are at a disadvantage as networks continue to grow; approaches which harness the power of algorithmic thinking and ever-growing computational resources have better hope of succeeding in the Internet Age.