This white paper is the result of a series of discussions among insurers, chief information security officers (CISOs), and other cybersecurity professionals on perceived obstacles to the voluntary and anonymized sharing of cyber incident data into a trusted repository. These deliberations were conducted within the framework of the Cyber Incident Data and Analysis Working Group (CIDAWG) and facilitated by the Department of Homeland Security’s (DHS) National Protection and Programs Directorate (NPPD). The CIDAWG’s findings build upon the ideas and recommendations contained in the group’s previous white papers:
- “Enhancing Resilience Through Cyber Incident Data Sharing and Analysis: the Value Proposition for a Cyber Incident Data Repository,” published in June 2015; and
- “Enhancing Resilience Through Cyber Incident Data Sharing and Analysis: Establishing Community-Relevant Data Categories in Support of a Cyber Incident Data Repository,” published in September 2015.
This white paper: (1) identifies eight perceived obstacles to the voluntary sharing of cyber incident data; (2) describes ways in which each obstacle might manifest in terms of questions or concerns that repository participants might have; (3) suggests approaches to addressing those questions and concerns in order to overcome each obstacle; and (4) identifies possible stakeholders and subject matter experts who could help develop and implement those approaches.