Developing a National Cybersecurity Threat Information Sharing Framework

Abstract

Cyber risks are increasing as industries undergo digital transformation. Therefore, employing advanced countermeasures to protect information assets against these risks is crucial. Cyber threat information sharing enables public, private, and government organisations to coordinate efforts to enhance national cybersecurity resilience. This is done by identifying, assessing, monitoring, and responding to newly discovered cyber threats. Allowing one organisation’s detection to become another’s prevention. Many developing and less developed countries in Africa, the Americas, Asia-Pacific, and the Arab states have not yet implemented national cybersecurity strategies and lack the necessary technologies to address cyber threats. Therefore, this study aims to promote cyber threat information sharing and facilitate the sharing of cyber threat information in developing countries. This thesis examines cyber threat information sharing practices in two case study countries: (i) Saudi Arabia and (ii) Australia. This thesis explores the challenges and benefits of cyber threat information sharing. It utilises them to successfully build a framework for implementing cyber threat information sharing in developing countries. This multiple case study approach investigates similarities and differences in cyber threat information sharing practices between a developed and a developing country to determine the optimal method for implementing cyber threat information sharing. This research presents a Multivocal Literature Review (MLR) to identify the barriers and incentives related to sharing cyber threat information. It then explores the most important factors for sharing cyber threat information in each case study country. This research conducts surveys with cybersecurity experts to determine critical success factors (CSFs) for cyber threat information sharing for each country. Then, the total interpretive structural modelling (TISM) technique was employed to build the relationships between the CSFs and develop a cyber threat information sharing model for each case study country. Finally, cybersecurity experts in the respective countries validated both developed models. The findings will be helpful for national authorities and cybersecurity professionals to successfully plan and implement effective national cyber threat information sharing practices. The developed TISM models can assist decision-makers in Saudi Arabia and Australia in implementing and improving current cyber threat information sharing practices.