Results and Discussion
The study identifies nine important barriers to information sharing
during CDX events.
Factor 1: Factor 1: Teams tend to prioritize active defense and
technical mitigation duties above reporting and information-sharing
(RIS) tasks due to a restricted concentration on technical jobs. [1]
Factor 2: Reporters face difficulties due to the need for a variety of
technical skills since they must assemble information from members of
different teams with varying levels of experience to compile thorough
attack reports. [1]
Factor 3: The lack of a standard terminology and taxonomy makes it
difficult for team members to grasp attack descriptions, which can cause
ambiguity and miscommunication. [1]
Factor 4: Lack of training and inconsistent reporting standards lead to
uncertainty and inconsistent reporting practices because of fragmented
knowledge of legal documents relating to reporting procedures. [1, 2,
37]
Factor 5: Lack of understanding of data exchange standards makes it
difficult to provide threat intelligence in an organized manner and
raises the possibility of reporting errors, like the mixing of text and
numeric data in report forms. [1]
Factor 6: The effectiveness of information exchange is limited by the
insufficient use of information-sharing platforms created for CDX events
and the reliance on other communication methods. [1]
Factor 7: An overabundance of communication channels combined with the
reporting officers’ enormous multitasking demands causes delays,
insufficient information, and decreased quality of shared data. [1]
Factor 8: The size of the team has an impact on how well RIS tasks are
completed; smaller teams sometimes have jobs that overlap, while larger
teams need more coordination to acquire data, which makes it difficult
to share information efficiently. [1]
Factor 9: The motivation and understanding of the usefulness of
reporting skills in real-world cybersecurity scenarios are undermined by
a hazy perspective of the advantages of information-sharing abilities
outside of CDX events. [1]
The effectiveness of information sharing in cybersecurity defense can be
improved by addressing these factors, such as prioritizing RIS tasks,
fostering a common language, offering training on data exchange
standards and information-sharing platforms, and outlining the
advantages of information-sharing abilities.