Facilitating collaborative information sharing for community cyber security

At the time that the reliance of communities on critical cyber infrastructures is growing, they are also becoming more vulnerable to cyber attacks. Generally, a community consists of all of the entities within a geographical region. This includes both public and private infrastructures, including finance, utilities, health care and other important sectors. Cyber attacks and other cyber threats can cause disastrous impacts in a community, especially for a coordinated attack targeting multiple critical infrastructures in the community simultaneously. For this reason, collaborative information sharing among different sectors is becoming important, and necessary to community cyber security. Many cyber threats are difficult to detect and identify by a single organization. Collaborative information sharing can help a community detect potential risks, prevent cyber attacks at an early stage, and facilitate incident response as well as preparedness activities within a community. This research seeks to design an effective information collecting, sharing and incident collaboration and coordination process specifically designed for community cyber security. In this research, the information sharing requirements are discussed and guidance on the types of information needing to be shared is provided. A collaborative information sharing framework and a policy model that aim to improve community cyber security are proposed. The policy model is represented in formal specifications at high level, thus it enables enough flexibility for enforcement and implementation in various communities. Techniques and tools that can be used in collaborative information sharing are studied and discussed. An Information Sharing Maturity Model for community cyber security is developed as a roadmap with evolutionary procedures and incremental steps for community organizations to advance in information sharing maturity. To illustrate, examples of cyber events and information sharing that might take place in a community from maturity level 1 to level 3 are presented providing a more detailed evolution process. This research was presented to security leaders at the state and community levels to obtain initial feedback on its acceptability and feasibility.