Addressing the Barriers to Sharing Cybersecurity Information

Author photo: Eric Cosman
ByEric Cosman
Category:
ARC Report Abstract

Overview

In recent months, ARC Advisory Group generated several reports that address opportunities for industrial asset owners and end users to share information and experiences with their peers. The common theme was a need to define specific objectives and manage how the information is shared. This is particularly important when sharing industrial cybersecurity-related information.

Industrial Cybersecurity ecis.PNGEnd users must overcome several potential barriers to such sharing, particularly with respect to revealing details of cybersecurity risks, incidents, and responses.  Most companies consider this information to be sensitive and confidential and prefer to avoid revealing too much.  The irony here is that the same companies that tend to be reluctant about sharing information about vulnerabilities, potential consequences, and incidents will often advocate strongly for more access to details about potential threats from government and other external sources.

Only by addressing these and other barriers will it be possible to promote more sharing.  Rather than making decisions about what information may be shared and with whom on a case by case basis, asset owners should have broad policies that balance the benefits of sharing with the need for confidentiality.

From Awareness to Action

Cybersecurity remains a popular subject in the business, technical, and popular press. A steady stream of articles, editorials, and other commentary describe recent incidents and offer advice on possible responses.  Awareness continues to grow with each new incident reported, but this is only the first step; increasing awareness of risk without also giving guidance about what can be done to address it leads to apprehension and frustration.

ARC Advisory Group clients can view the complete report at ARC Main Client Portal or at ARC Office 365 Client Portal

If you would like to buy this report or obtain information about how to become a client, please Contact Us  

Keywords: Cybersecurity, Industrial Cybersecurity, Information Sharing, Barriers, Standards and Guidelines, ARC Advisory Group.

 

Engage with ARC Advisory Group

Representative End User Clients
Representative Automation Clients
Representative Software Clients