Defending Critical Infrastructures Against Cyber Attacks: Cooperation through Data-Exchange Infrastructure and Advanced Data Analytics

Abstract

In the United States government, executive and legislative branches have taken several steps to outline a new initiative for cyber security and information sharing. For instance, section four of the Executive Order — Improving Critical Infrastructure Cyber Security (2013) stipulates that ‘it is the policy of the United States Government to increase the volume, timeliness, and quality of cyber security information shared with US private sector entities so that these entities may better protect and defend themselves against cyber threats.’¹ More precisely, the federal government, through the Department of Justice (DoJ), Department of Homeland Security (DHS), and the Director of National Intelligence (DNI), has issued directives to promote the timely production and release of unclassified reports on cyber threats to the United States. Also, the executive order calls for the development of a Cyber Security Framework, which should include ‘a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks.’² As a part of the Cyber Security Framework, DHS is required to establish a voluntary program to support the adoption of the framework by owners and operators of critical infrastructure. DHS has also been mandated to establish a set of incentives in order to promote participation of the private sector in the voluntary program.