Information Sharing for CIP
This chapter describes and contrasts policy, economic theory, and insights concerning the establishment and operation of Information Exchanges (IE). In the context of this chapter, IEs are specific mechanisms meant to stimulate the exchange and sharing (aside from pure disclosure) of a range of confidential information relating to security between owner-operators of critical infrastructure. Information shared in IEs may be of varying types but is reported to generally be of a non-technical nature. In the Supervisory Control and Data Acquisition (SCADA) community, a number of nations have established IEs; for example, European SCADA and control systems exchange has been operating since 2005. The chapter primarily considers these issues through the perspective of efforts to address the security of the Critical Information Infrastructures (CII). Despite IEs being seen by policy-makers as important to tackle CIP issues, limited empirical operational evidence exists to suggest that IEs constitute a useful mechanism to successfully overcome the economic incentives governing the disclosure of information. The chapter concludes by identifying opportunities to further explore the disparities and reasons for the indicative disjuncture between economic theory, policy, and practice. The chapter is thus aimed primarily at managers, policy-makers, and non-technical personnel considering participation in an IE.