research-article

Barriers and Incentives to Cybersecurity Threat Information Sharing in Developing Countries: A Case Study of Saudi Arabia

Authors:

Waleed Alkalabi,

Leonie Simpson,

Hasmukh MorarjiAuthors Info & Claims

ACSW '21: Proceedings of the 2021 Australasian Computer Science Week Multiconference

Article No.: 2, Pages 1 - 8

https://doi.org/10.1145/3437378.3437391

Published: 01 February 2021 Publication History

Abstract

Threat information sharing practices have the potential to improve cyber security. However, participation in sharing communities is not widely adopted. The existing literature finds a variety of benefits and challenges that either promote or deter organisations from engaging in such practices. Many of these findings relate to developed countries. A gap exists between developed and developing countries in terms of cyber threat information sharing. In this paper, we describe a case study to identify the barriers and incentives for implementing threat information sharing in a developing country: Saudi Arabia. Our results offer insight into the successful implementation of threat information sharing initiatives in Saudi Arabia, showing that socio-cultural barriers and technological incentives for sharing threat information are important factors. Our survey tool can be applied in other countries both developed and developing.

References

[1]

Oosthoek, Kris and Doerr, Christian, 2020. Cyber Threat Intelligence: A Product Without a Process? International Journal of Intelligence Counter Intelligence, 1-16.

[2]

Skopik, Florian, 2017. Collaborative Cyber Threat Intelligence : Detecting and Responding to Advanced Cyber Attacks at the National Level. Auerbach Publications, Milton.

[3]

Johnson, Chris, Badger, Lee, Waltermire, David, Snyder, Julie, and Skorupka, Clem, 2016. NIST Special Publication 800-150: Guide to Cyber Threat Information Sharing. NIST.

[4]

Tosh, Deepak K., Shetty, Sachin, Sengupta, Shamik, Kesan, Jay P., and Kamhoua, Charles A., 2017. Risk Management Using Cyber-Threat Information Sharing and Cyber-Insurance Springer International Publishing, Cham, 154-164.

[5]

Bakis, Bruce and Wang, Edward, 2017. Building a National Cyber Information-Sharing Ecosystem. MITRE.

[6]

Ring, Tim, 2014. Threat intelligence: why people don't share 2014, 3, 5-9.

[7]

Eichensehr, Kristen E, 2016. Public-private cybersecurity 95, 467.

[8]

Gilbert, Connor, Hellman, Martin E, and Berson, Thomas A, 2014. Scalable security: Cyber threat information sharing.

[9]

Bossong, Raphael and Wagner, Ben, 2017. A typology of cybersecurity and public-private partnerships in the context of the EU. Crime, Law and Social Change 67, 3, 265-288.

[10]

Hulme, George V., 2017. Tackling cybersecurity threat information sharing challenges CSO.

[11]

Abu, Md Sahrom, Selamat, Siti Rahayu, Ariffin, Aswami, and Yusof, Robiah, 2018. Cyber threat intelligence–issue and challenges 10, 1, 371-379.

[12]

Koepke, Priscilla, 2017. Cybersecurity Information Sharing Incentives and Barriers. In Cybersecurity Interdisciplinary Systems Laboratory (CISL)Massachusetts Institute of Technology (MIT), Cambridge, MA (USA).

[13]

CSRIC, 2016. Reliability and Interoperability Council V Cybersecurity Information Sharing Working Group Barriers Report The Communications Security, Reliability and Interoperability Council V.

[14]

Maisikeli, Sayyed, 2020. UAE Cybersecurity Perception and Risk Assessments Compared to Other Developed Nations. In 2020 3rd International Conference on Information and Computer Technologies (ICICT) IEEE, 432-439.

[15]

Mutemwa, Muyowa, Mtsweni, Jabu, and Mkhonto, Njabulo, 2017. Developing a cyber threat intelligence sharing platform for South African organisations. In 2017 Conference on Information Communication Technology and Society (ICTAS) IEEE, 1-6.

[16]

ITU, 2018. Global Cybersecurity Index (GCI) 2018. ITU Publications.

[17]

Kshetri, Nir, 2019. Cybercrime and Cybersecurity in Africa. Journal of Global Information Technology Management 22, 2 (Apr 3), 77-81. DOI= http://dx.doi.org/10.1080/1097198X.2019.1603527.

[18]

Pawlak, Patryk and Barmpaliou, Panagiota-Nayia, 2017. Politics of cybersecurity capacity building: conundrum and opportunity. Journal of Cyber Policy 2, 1, 123-144. DOI= http://dx.doi.org/10.1080/23738871.2017.1294610.

[19]

Kabanda, Salah, Tanner, Maureen, and Kent, Cameron, 2018. Exploring SME cybersecurity practices in developing countries. Journal of Organizational Computing and Electronic Commerce 28, 3, 269-282. DOI= http://dx.doi.org/10.1080/10919392.2018.1484598.

[20]

Bada, Maria and Nurse, Jason, 2019. Developing cybersecurity education and awareness programmes for small-and medium-sized enterprises (SMEs). Information and Computer Security 27, 3 (Jul 8), 393-410. DOI= http://dx.doi.org/10.1108/Ics-07-2018-0080.

[21]

Muller, Lilly Pijnenburg, 2015. Cyber security capacity building in developing countries: challenges and opportunities.

[22]

Wanglai, Gao, 2018. BRICS cybersecurity cooperation: Achievements and deepening paths 68, 124.

[23]

Garousi, Vahid, Felderer, Michael, and Mäntylä, Mika, 2019. Guidelines for including grey literature and conducting multivocal literature reviews in software engineering. Information and Software Technology 106 (Feb), 101-121. DOI= http://dx.doi.org/10.1016/j.infsof.2018.09.006.

[24]

Gong, Nicole, 2019. Barriers to Adopting Interoperability Standards for Cyber Threat Intelligence Sharing: An Exploratory Study Springer International Publishing, Cham, 666-684.

[25]

Zibak, Adam and Simpson, Andrew, 2019. Cyber threat information sharing: Perceived benefits and barriers. In Proceedings of the 14th International Conference on Availability, Reliability and Security, 1-9.

Digital Library

[26]

Duguay, Raphael, 2020. Challenges and Opportunities for Sharing Threat Information with Radioactive Materials Operators 6, 1, 8.

[27]

ENISA, 2015. Incentives and Challenges for Information Sharing in the Context of Network and Information Security. In ENISA.

[28]

Waqas, Muhammad, Dong, Qian-li, Ahmad, Naveed, Zhu, Yuming, and Nadeem, Muhammad, 2018. Critical barriers to implementation of reverse logistics in the manufacturing industry: a case study of a developing country. Sustainability 10, 11 (Nov), 4202. DOI= http://dx.doi.org/ARTN 4202

[29]

Moher, David, Liberati, Alessandro, Tetzlaff, Jennifer, and Altman, Douglas G, 2009. Preferred reporting items for systematic reviews and meta-analyses: the PRISMA statement. PLoS medicine 6, 7, e1000097.

[30]

Auger, Peter, 2017. Information sources in grey literature. Walter de Gruyter GmbH & co KG.

[31]

Levene, Howard, 1960. Contributions to probability and statistics, 278-292.

[32]

Shapiro, Samuel Sanford and Wilk, Martin B, 1965. An analysis of variance test for normality (complete samples). Biometrika 52, 3/4, 591-611. DOI= http://dx.doi.org/Doi 10.2307/2333709.

[33]

Mermoud, Alain, Keupp, Marcus Matthias, Ghernaouti, Solange, and Percia David, Dimitri, 2017. Using Incentives to Foster Security Information Sharing and Cooperation: A General Theory and Application to Critical Infrastructure Protection. In Critical Information Infrastructures Security, G. HAVARNEANU, R. SETOLA, H. NASSOPOULOS and S. WOLTHUSEN Eds. Springer International Publishing, Cham, 150-162.

[34]

Quintana, Frankie, 2016. Cybersecurity Capabilities in a Critical Infrastructure Sector of a Developing Nation, G. MORGAN, D. SICKER, L. CRANOR and D. THOMPSON Eds. ProQuest Dissertations Publishing.

[35]

Vigliarolo, Brandon, 2017. NIST Cybersecurity Framework: A cheat sheet for professionals.

[36]

Skopik, Florian, Settanni, Giuseppe, and Fiedler, Roman, 2016. A problem shared is a problem halved: A survey on the dimensions of collective cyber defense through security information sharing. COMPUTERS & SECURITY 60 (Jul), 154-176. DOI= http://dx.doi.org/10.1016/j.cose.2016.04.003.

Digital Library

[37]

Laube, Stefan, B, Rainer, #246, and hme, 2017. Strategic Aspects of Cyber Risk Information Sharing. ACM Comput. Surv. 50, 5, 1-36. DOI= http://dx.doi.org/10.1145/3124398.

Digital Library

[38]

Christou, George, 2017. The EU's Approach to Cybersecurity.

[39]

Skopik, F., Wurzenberger, M., Settanni, G., and Fiedler, R., 2015. Establishing national cyber situational awareness through incident information clustering. In2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), 1-8. DOI= http://dx.doi.org/10.1109/CyberSA.2015.7166126.

[40]

ENISA, 2013. Solutions for Improving Threat Data Exchange among CERTs.

[41]

Fedorowicz, Jane, Gogan, Janis L., and Culnan, Mary J., 2010. Barriers to Interorganizational Information Sharing in e-Government: A Stakeholder Analysis. The Information Society 26, 5, 315-329. DOI= http://dx.doi.org/10.1080/01972243.2010.511556.

Digital Library

[42]

Harwood, Deanne, 2014. Barriers to cyber information sharing Naval Postgraduate School, California.

[43]

Zwilling, Moti, Klien, Galit, Lesjak, Dušan, Wiechetek, Łukasz, Cetin, Fatih, and Basim, Hamdullah Nejat, 2020. Cyber Security Awareness, Knowledge and Behavior: A Comparative Study. Journal of Computer Information Systems (Feb 16), 1-16. DOI= http://dx.doi.org/10.1080/08874417.2020.1712269.

[44]

Lewis, James, 2016. Advanced Experiences in Cybersecurity Policies and Practices: An Overview of Estonia, Israel, South Korea, and the United States. Inter-American Devlopment Bank.

[45]

Kapellmann, Daniel and Washburn, Rhyner, 2019. Call to action: Mobilizing community discussion to improve information-sharing about vulnerabilities in industrial control systems and critical infrastructure. In 2019 11th International Conference on Cyber Conflict (CyCon) IEEE, 1-23.

[46]

Kampanakis, Panos, 2014. Security automation and threat information-sharing options. IEEE Security & Privacy 12, 5 (Sep-Oct), 42-51. DOI= http://dx.doi.org/Doi 10.1109/Msp.2014.99.

[47]

Zheng, Denise and Lewis, James, 2015. Cyber threat information sharing Recommendations for Congress and the Administration. In Center for Strategic and International Studies (CSIS) Center for Strategic and International Studies (CSIS), USA.

[48]

Hendry, Justin, 2019. ACSC to replace cyber threat sharing platform. IT NEWS.

[49]

Jasper, Scott, 2017. US cyber threat intelligence sharing frameworks. International Journal of Intelligence and CounterIntelligence 30, 1, 53-65.

[50]

Alsmadi, Izzat, 2019. The NICE Cyber Security Framework Cyber Security Intelligence and Analytics. Springer International Publishing, Cham.

[51]

Pham, Hiep Cong, Nguyen, Thanh-Thuy, Mcdonald, Scott, and Tran-Kieu, Nhu Quynh, 2019. Information Sharing in Logistics Firms: An Exploratory Study of theVietnamese Logistics Sector. The Asian Journal of Shipping Logistics 35, 2, 87-95.

[52]

ENISA, 2017. Exploring the opportunities and limitations of current Threat Intelligence Platforms.

[53]

Nweke, Livinus Obiora and Wolthusen, Stephen, 2020. Legal Issues Related to Cyber Threat Information Sharing Among Private Entities for Critical Infrastructure Protection. In 2020 12th International Conference on Cyber Conflict (CyCon) IEEE, 63-78.

[54]

ENISA, 2015. Cyber Security Information Sharing: An Overview of Regulatory and Non-regulatory Approaches, ENISA Ed. ENISA.

[55]

Albakri, Adham, Boiten, Eerke, and De Lemos, Rogério, 2019. Sharing Cyber Threat Intelligence Under the General Data Protection Regulation. In Annual Privacy Forum Springer, 28-41.

[56]

Jasper, Scott E., 2017. U.S. Cyber Threat Intelligence Sharing Frameworks. International Journal of Intelligence and CounterIntelligence 30, 1, 53-65. DOI= http://dx.doi.org/10.1080/08850607.2016.1230701.

[57]

Enisa, 2016. NCSS Good Practice Guide.

[58]

Rosenzweig, Paul Rosenzweig and Inserra, David, 2014. Cybersecurity Information Sharing: One Step Toward U.S. Security, Prosperity, and Freedom in Cyberspace The Heritage Foundation.

[59]

Barnum, Sean, Martin, Robert, Worrell, Bryan, and Kirillov, Ivan, 2012. The cybox language specification. The MITRE Corporation.

[60]

Barnum, Sean, 2012. Standardizing cyber threat intelligence information with the Structured Threat Information eXpression (STIX). The MITRE Corporation 11, 1-22.

[61]

Connolly, Julie, Davidson, Mark, and Schmidt, Charles, 2014. The trusted automated exchange of indicator information (taxii). The MITRE Corporation, 1-20.

[62]

Mallinder, Jason and Drabwell, Peter, 2014. Cyber security: A critical examination of information sharing versus data sensitivity issues for organisations at risk of cyber attack. Journal of Business Continuity & Emergency Planning 7, 2 (//), 103-111.

[63]

QGCIO, 2018. Information sharing authorising framework.

[64]

Homeland Security, 2016. Critical Infrastructure Threat Information Sharing Framework, H. SECURITY Ed. Homeland Security, USA.

[65]

Shouse, Kurt, 2015. Actionability of cyber threat intelligence, C. RIDDELL and L. SNYDER Eds. ProQuest Dissertations Publishing.

[66]

Roccetti, Paolo, 2019. HERMENEUT-Enterprises intangible Risks Management via Economic models based on simulation of modern cyber-attacks 2019, 5, 26-28.

[67]

Pala, Ali and Zhuang, Jun, 2019. Information Sharing in Cybersecurity: A Review. Decision Analysis 16, 3 (08/06), 172-196. DOI= http://dx.doi.org/10.1287/deca.2018.0387.

Digital Library

[68]

Gordon, Lawrence A., Loeb, Martin P., Lucyshyn, William, and Zhou, Lei, 2015. The impact of information sharing on cybersecurity underinvestment. Journal of Accounting and Public Policy 34, 5 (01/09/2015), 509-519. DOI= http://dx.doi.org/10.1016/j.jaccpubpol.2015.05.001.

Cited By

Alhejaili M(2024)Securing the Kingdom’s e-commerce frontier: Evaluation of Saudi Arabia’s cybersecurity legal frameworksJournal of Governance and Regulation10.22495/jgrv13i2siart413:2, special issue(275-286)Online publication date: 28-May-2024
https://doi.org/10.22495/jgrv13i2siart4
Dunnett KPal SJadidi ZDedeoglu VJurdak R(2024)Priv-Share: A privacy-preserving framework for differential and trustless delegation of cyber threat intelligence using blockchainComputer Networks10.1016/j.comnet.2024.110686252(110686)Online publication date: Oct-2024
https://doi.org/10.1016/j.comnet.2024.110686
Fischer DSauerwein CWerchan MStelzer D(2023)An Exploratory Study on the Use of Threat Intelligence Sharing Platforms in Germany, Austria and SwitzerlandProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3600185(1-7)Online publication date: 29-Aug-2023
https://doi.org/10.1145/3600160.3600185
Show More Cited By

Index Terms

Barriers and Incentives to Cybersecurity Threat Information Sharing in Developing Countries: A Case Study of Saudi Arabia

Index terms have been assigned to the content through auto-classification.

Recommendations

Cyber Threat Information Sharing: Perceived Benefits and Barriers
ARES '19: Proceedings of the 14th International Conference on Availability, Reliability and Security

The literature on cyber security information sharing enumerates an extensive list of potential benefits for organisations in both the public and private sectors. However, despite the potential benefits, successful cyber security information sharing has ...
Barriers and enablers to adoption of cyber insurance in developing countries: An exploratory study of Malaysian organizations
Abstract
Cyber insurance presents a compelling value proposition for organizations wanting to reduce risk exposure and recover losses from incidents. However, the adoption rate of cyber insurance outside first-world countries has been ...
Drivers, Enablers and Barriers of Developing Commercialisation in an Oil-Dependent Economy : the Case of Saudi Arabia

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ACSW '21: Proceedings of the 2021 Australasian Computer Science Week Multiconference

February 2021

211 pages

ISBN:9781450389563

DOI:10.1145/3437378

Editors:
Nigel Stanger
University of Otago
,
Brendon Woodford
University of Otago
,
Michael Winikoff
Victoria University of Wellington
,
David Eyers
University of Otago
,
Veronica Liesaputra Joachim
University of Otago
,
Daniel Alencar da Costa
University of Otago
,
Andrew Trotman
University of Otago
,
Nigel Stanger
University of Otago
,
Veronica Liesaputra Joachim
University of Otago

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 February 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ACSW '21

ACSW '21: 2021 Australasian Computer Science Week Multiconference

February 1 - 5, 2021

Dunedin, New Zealand

Acceptance Rates

Overall Acceptance Rate 61 of 141 submissions, 43%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
398
Total Downloads

Downloads (Last 12 months)74
Downloads (Last 6 weeks)6

Reflects downloads up to 14 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Alhejaili M(2024)Securing the Kingdom’s e-commerce frontier: Evaluation of Saudi Arabia’s cybersecurity legal frameworksJournal of Governance and Regulation10.22495/jgrv13i2siart413:2, special issue(275-286)Online publication date: 28-May-2024
https://doi.org/10.22495/jgrv13i2siart4
Dunnett KPal SJadidi ZDedeoglu VJurdak R(2024)Priv-Share: A privacy-preserving framework for differential and trustless delegation of cyber threat intelligence using blockchainComputer Networks10.1016/j.comnet.2024.110686252(110686)Online publication date: Oct-2024
https://doi.org/10.1016/j.comnet.2024.110686
Fischer DSauerwein CWerchan MStelzer D(2023)An Exploratory Study on the Use of Threat Intelligence Sharing Platforms in Germany, Austria and SwitzerlandProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3600185(1-7)Online publication date: 29-Aug-2023
https://doi.org/10.1145/3600160.3600185
Irfan AChuprat SMahrin MAriffin A(2022)Taxonomy of Cyber Threat Intelligence Framework2022 13th International Conference on Information and Communication Technology Convergence (ICTC)10.1109/ICTC55196.2022.9952616(1295-1300)Online publication date: 19-Oct-2022
https://doi.org/10.1109/ICTC55196.2022.9952616
Tsoeu Mda Veiga A(2022)A Cyber4Dev Security Culture ModelAdvanced Research in Technologies, Information, Innovation and Sustainability10.1007/978-3-031-20316-9_26(339-351)Online publication date: 25-Nov-2022
https://doi.org/10.1007/978-3-031-20316-9_26
Pawlicki MKozik RPuchalski DChoraś M(2021)Towards AI-Based Reaction and Mitigation for e-Commerce - the ENSURESEC EngineIntelligent Computing Theories and Application10.1007/978-3-030-84532-2_3(24-31)Online publication date: 12-Aug-2021
https://dl.acm.org/doi/10.1007/978-3-030-84532-2_3

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents