Efficient collective action for tackling time-critical cybersecurity threats-Reference-Cited by-同舟云学术

Efficient collective action for tackling time-critical cybersecurity threats

Published:2023-01-01 Issue:1 Volume:9 Page:
ISSN:2057-2085
Container-title:Journal of Cybersecurity
language:en
Short-container-title:

Author:

Gillard Sébastien¹²^ORCID,Percia David Dimitri¹³⁴^ORCID,Mermoud Alain³^ORCID,Maillart Thomas¹⁵^ORCID

Affiliation:

1. Information Science Institute, Geneva School of Economics & Management, University of Geneva , Boulevard du Pont-d’Arve 40, 1211 Geneva , Switzerland

2. Chair of Defense Economics, Military Academy at ETH Zurich , Kaserne Reppischtal, 8903 Birmensdorf , Switzerland

3. Cyber-Defence Campus, armasuisse Science and Technology , Feuerwerkstrasse 39, 3602 Thun , Switzerland

4. Institute of Entrepreneurship & Management, University of Applied Sciences of Western Switzerland (HES-SO Valais-Wallis) , Techno-Pôle 1, Le Foyer, 3960 Sierre , Switzerland

5. Citizen Cyber Lab, University of Geneva , Avenue de Sécheron 15, 1202 Geneva , Switzerland

Abstract

Abstract The latency reduction between the discovery of vulnerabilities, the build-up, and the dissemination of cyberattacks has put significant pressure on cybersecurity professionals. For that, security researchers have increasingly resorted to collective action in order to reduce the time needed to characterize and tame outstanding threats. Here, we investigate how joining and contribution dynamics on Malware Information Sharing Platform (MISP), an open-source threat intelligence sharing platform, influence the time needed to collectively complete threat descriptions. We find that performance, defined as the capacity to characterize quickly a threat event, is influenced by (i) its own complexity (negatively), by (ii) collective action (positively), and by (iii) learning, information integration, and modularity (positively). Our results inform on how collective action can be organized at scale and in a modular way to overcome a large number of time-critical tasks, such as cybersecurity threats.

Funder

Military Academy

Publisher

Oxford University Press (OUP)

Subject

Law,Computer Networks and Communications,Political Science and International Relations,Safety, Risk, Reliability and Quality,Social Psychology,Computer Science (miscellaneous)

Link

https://academic.oup.com/cybersecurity/article-pdf/9/1/tyad021/52980726/tyad021.pdf

Reference76 articles.

1. Cybersecurity information sharing: analysing an email corpus of coordinated vulnerability disclosure;Sridhar,2021

2. The economic incentives for sharing security information;Gal-Or;Inf Syst Res,2005

3. Given enough eyeballs, all bugs are shallow? Revisiting Eric Raymond with bug bounty programs;Maillart;J Cybersecur,2017

4. Hacking for good: leveraging HackerOne data to develop an economic model of bug bounties;Sridhar;J Cybersecur,2021

5. Back to the roots: information sharing economics and what we can learn for security;Böhme,2016

Cited by 4 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Understanding enterprise cybersecurity information sharing: a theoretical model and empirical analysis;Enterprise Information Systems;2024-01-31

2. Building Collaborative Cybersecurity for Critical Infrastructure Protection: Empirical Evidence of Collective Intelligence Information Sharing Dynamics on ThreatFox;Critical Information Infrastructures Security;2023

3. Trends in Open Source Software for Data Protection and Encryption Technologies;Trends in Data Protection and Encryption Technologies;2023

4. Improving the Effectiveness of Cyberdefense Measures;International Series in Operations Research & Management Science;2023