In recent months, ARC Advisory Group generated several reports that address opportunities for industrial asset owners and end users to share information and experiences with their peers. The common theme was a need to define specific objectives and manage how the information is shared. This is particularly important when sharing industrial cybersecurity-related information.
End users must overcome several potential barriers to such sharing, particularly with respect to revealing details of cybersecurity risks, incidents, and responses. Most companies consider this information to be sensitive and confidential and prefer to avoid revealing too much. The irony here is that the same companies that tend to be reluctant about sharing information about vulnerabilities, potential consequences, and incidents will often advocate strongly for more access to details about potential threats from government and other external sources.
Only by addressing these and other barriers will it be possible to promote more sharing. Rather than making decisions about what information may be shared and with whom on a case by case basis, asset owners should have broad policies that balance the benefits of sharing with the need for confidentiality.
From Awareness to Action
Cybersecurity remains a popular subject in the business, technical, and popular press. A steady stream of articles, editorials, and other commentary describe recent incidents and offer advice on possible responses. Awareness continues to grow with each new incident reported, but this is only the first step; increasing awareness of risk without also giving guidance about what can be done to address it leads to apprehension and frustration.
If you would like to buy this report or obtain information about how to become a client, please Contact Us
Keywords: Cybersecurity, Industrial Cybersecurity, Information Sharing, Barriers, Standards and Guidelines, ARC Advisory Group.