Information Sharing in Cybersecurity: A Review

Abstract

In this survey, we review the cybersecurity information-sharing literature, categorizing the identified papers based on their main focus and methodological approaches implemented to the cybersecurity information-sharing problem. We constitute our research framework on the major considerations of firms, governments, citizens, and adversaries. This includes actors involved, types of information to be shared, current legal baseline, information-sharing organizations/policies/architectures, benefits of sharing, and concerns/costs/barriers of sharing. We observe that both qualitative and quantitative approaches are implemented in the literature. In general, quantitative approaches have been dedicated to discuss the challenges and barriers of public/private collaboration in information sharing, such as privacy and liability, and to propose secure and effective sharing mechanisms. On the other hand, quantitative approaches have been more interested in developing models that balance cybersecurity investment and information sharing as well as provide effective incentive mechanisms. This review summarizes the academic efforts in cybersecurity information sharing by analyzing 82 identified papers with their methodological approaches. The papers using game-theoretical models are dominant in the literature as we spend more time summarizing those efforts. We conclude the review by providing potential research gaps and future research directions.