摘要:This paper extends the literature on the economics of sharing cybersecurity information by and among profit-seeking firms by modeling the case where a government agency or department publicly shares unclassified cyber threat information with all organizations. In prior cybersecurity information sharing models a common element was reciprocity—i.e., firms receiving shared information are also asked to share their private cybersecurity information with all other firms (via an information sharing arrangement). In contrast, sharing of unclassified cyber threat intelligence (CTI) by a government agency or department is not based on reciprocal sharing by the recipient organizations. After considering the government’s cost of preparing and disseminating CTI, as well as the benefits to the recipients of the CTI, we provide sufficient conditions for sharing of CTI to result in an increase in social welfare. Under a broad set of general conditions, sharing of CTI will increase social welfare gross of the costs to the government agency or department sharing the information. Thus, if the entity can keep the sharing costs low, sharing cybersecurity information will result in an increase in net social welfare.
关键词:Cyber Threat IntelligenceEconomics of Information Sharing