Information Sharing and Trust Between Sharing Parties: Sharing Sensitive Information With Regards to Critical Information Infrastructure Protection

Sharing sensitive, mission critical information between organisations and individuals in a secure and anonymous way is very difficult and very few effective methods and techniques exist which accomplish this task. The field of critical information infrastructure (CII) and the protection thereof is very young and requires further study and development. Cyber-attacks have been on the rise and the need for sensitive, mission critical information to be shared is of vital importance in order to protect a nation's CII. There do however exist many problems and barriers to the sharing of this sensitive, mission critical information and the sharing and privacy of this information thereof. Sensitive information such as that of viruses/attack patterns and virus signatures should be shared among the cyber community in order to increase the knowledge of the wider audience and capture the attention of companies who could be victims to similar attacks thereby helping the owners of CII to protect their infrastructure better. A solution to this problem would consist of a trusted community where a trusted, sharing centre would be established where information could be sent, analysed and distributed. A mechanism such as a software program would be put in place at both the sender and receiver's organisations and would allow these participants to send and receive this sensitive, mission critical information. This paper aims to discuss the current landscape of cyber-security information sharing, barriers to this information sharing, the current technical methods that exists in order to share sensitive information between private organizations or individuals, to create a new model and software tool for sharing sensitive information between private and public organizations in the field of CII protection, and to further the field of critical information infrastructure protection.