The theory behind cybersecurity information sharing is clear and uncontroversial, even if the details of what to share, how best to do it and who to share with may sometimes result in debate and disagreement. The theory goes that organizations are better off sharing information and improving situational awareness than trying to recognize and face cyber threats and challenges on their own. Some collective and coordinated efforts can help to identify, learn about and fend off threats and would-be attackers—as compared to acting individually with less information and situational awareness. That is also a reason why armies gather intelligence, where feasible, before going to battle.
Sharing information about cyber threats, incidents and vulnerabilities has some similarities to the concepts of a “neighborhood watch.” For both, the idea is to observe, gather and share information—including about the tactics, techniques and procedures (TTPs) of attackers—to enable targets to recognize threats and defend better, reducing the likelihood that those attacks and attackers will succeed. In economic terms, we are seeking in part to raise the costs to attackers by using information…
