Enhancing Resilience through Cyber Incident Data Sharing and Analysis

This document outlines the benefits of a trusted cyber incident data repository that enterprise risk owners and insurers could use to anonymously share sensitive cyber incident data and is the first in a series of white papers. This paper outlines the potential benefits of a trusted cyber incident data repository that enterprise risk owners and insurers could use to anonymously share, store, aggregate, and analyze sensitive cyber incident data. Optimally, such a repository could enable a novel information sharing capability among the Federal government, enterprise risk owners, and insurers that increases shared awareness about current and historical cyber risk conditions and helps identify longer-term cyber risk trends. This information sharing approach could help not only enhance existing cyber risk mitigation strategies but also improve and expand upon existing cybersecurity insurance offerings. Rooted in rich repository data, new analytics products could help inform more effective private and public sector investment in these complementary cyber risk management categories. Specifically, such products could help promote greater understanding about the financial and operational impacts of cyber events, the effectiveness of existing cyber risk controls in addressing them, and the new kinds of products and services that cybersecurity solutions providers should develop to meet the evolving risk mitigation needs of their customers. These developments, in turn, could help drive the critical infrastructure protection and national resilience goals outlined in White House Executive Orders 13636 and 13691 and advance the risk-based approach of the National Institute of Standards and Technology's (NIST) Cybersecurity Framework. To develop the repository concept more fully – and to assess the challenges and opportunities that the concept entails – the Department of Homeland Security's (DHS) National Protection and Programs Directorate (NPPD) established the Cyber Incident Data and Analysis Working Group (CIDAWG) under Critical infrastructure Partnership Advisory Council (CIPAC) auspices. The CIDAWG aims to generate key findings and conclusions about the following issues: (1) the value proposition of a repository; (2) the type and scope of non-personally identifiable cyber incident data that should be shared into a repository; (3) how repository participation should be incentivized; and (4) how a repository should be structured. The CIDAWG is comprised of cyber risk mitigation experts (chief information security officers (CISOs), cybersecurity solutions providers, and other cybersecurity professionals), cyber risk transfer experts (insurers), and other cybersecurity subject matter experts from the academic and scientific communities. During the first stage of their work, the CIDAWG participants agreed that …