Cyber security information sharing in the United States : an empirical study including risk management and control implications, 2000-2003
A tremendous amount of change in traditional business paradigms has occurred over the past decade through the development of Electronic Commerce and advancements in the field of Information Technology. As lesser-developed countries progress and become more prosperous, traditional 'first world' countries have migrated to become strong service oriented economies (Asch, 2001). Supporting technologies have developed over the past decade which has exploited the benefits of the Internet and other information technologies. While Electronic Commerce continues to grow there is a corresponding impact on computer software and individual privacy (Ghosh and Swaminatha, 2001). Recently, the U.S. National Institute of Standards and Technology (NIST) found that software bugs cost the U.S. economy approximately $59.5 billion, or 60% of the annual Gross Domestic Product (U.S. Department of Commerce, 2003). In addition, we have witnessed a rise in the strength and impact of Denial of Service and other types of computer attacks such as: viruses, trojans, exploit scripts and probes/scans. Popular industry surveys such as the annual Federal Bureau of Investigation/Computer Security Institute (Gordon, Et. Al., 2006) confirm the growing threats in the Information Assurance field. In addition to these concerns our increased reliance on the Internet enabled systems (Loudon and Loudon, 2000), E-Commerce systems and Information Technologies an integrated suite of risks which must be managed effectively across the public and private sectors (Backhouse, Et. Al, 2005, Ghosh and Swamintha, 2001, Parker, 2001, Graf, 1995, Greenberg and Goldman, 1995). Previous research (Rumizen, 1998, Haver, 1998, Roulier, 1998) examined Inter-Organisational, Web Information Systems and Government Information Systems in order to assess how companies and other organisations can effectively design these information systems such that maximum benefits can be achieved for all participating organisations. Furthermore, Davenport, Harris and Delong (2001) and Davenport (1999) explained that collaboration is central to the results of a knowledge management system in which open, nonpolitical, non-competitive entities are involved in environments to achieve optimal individual and collective results. Before this memorable event, some related programmatic initiatives were already in-process at that time. The United States government built upon its active leadership in the areas of computer security and information assurance when it launched a number of important efforts to manage information security threats. This was clearly evident when President Clinton made the U.S. National Infrastructure (NII) a major national priority in the 1990s. One critical development occurred in 1998 when the National Infrastructure Protection Centre was established to be the central point for gathering, analysing and disseminating critical cyber security information and built upon the previous success of the national Computer Emergency Response Team (CERT). Earlier research (Rich, 2001, Soo Hoo, 2000, Howard, 1997 and Landwher, 1994) addressed various aspects of information security information and incident reporting. Also, Vatis (2001) addressed some research considerations in this area while investigating foreign network centric and traditional warfare events primarily through Denial of Service and Web Site Defacement attacks. However, areas for new exploration existed especially as they related to U.S. critical infrastructure protection (Karestand, 2003, Vatis, 2001, U.S. General Accounting Office, 2000, Alexander and Swetham, 1999). Finally, Information and Network Centric Warfare (Arens and Rosenbloom, 2003, Davies, 2000, Denning and Baugh, 2000, and Schwartau, 1997) are increasing national security issues in the War on Terrorism and Homeland Security in general.