Results and Discussion
The study identifies nine important barriers to information sharing during CDX events.
Factor 1: Factor 1: Teams tend to prioritize active defense and technical mitigation duties above reporting and information-sharing (RIS) tasks due to a restricted concentration on technical jobs. [1]
Factor 2: Reporters face difficulties due to the need for a variety of technical skills since they must assemble information from members of different teams with varying levels of experience to compile thorough attack reports. [1]
Factor 3: The lack of a standard terminology and taxonomy makes it difficult for team members to grasp attack descriptions, which can cause ambiguity and miscommunication. [1]
Factor 4: Lack of training and inconsistent reporting standards lead to uncertainty and inconsistent reporting practices because of fragmented knowledge of legal documents relating to reporting procedures. [1, 2, 37]
Factor 5: Lack of understanding of data exchange standards makes it difficult to provide threat intelligence in an organized manner and raises the possibility of reporting errors, like the mixing of text and numeric data in report forms. [1]
Factor 6: The effectiveness of information exchange is limited by the insufficient use of information-sharing platforms created for CDX events and the reliance on other communication methods. [1]
Factor 7: An overabundance of communication channels combined with the reporting officers’ enormous multitasking demands causes delays, insufficient information, and decreased quality of shared data. [1]
Factor 8: The size of the team has an impact on how well RIS tasks are completed; smaller teams sometimes have jobs that overlap, while larger teams need more coordination to acquire data, which makes it difficult to share information efficiently. [1]
Factor 9: The motivation and understanding of the usefulness of reporting skills in real-world cybersecurity scenarios are undermined by a hazy perspective of the advantages of information-sharing abilities outside of CDX events. [1]
The effectiveness of information sharing in cybersecurity defense can be improved by addressing these factors, such as prioritizing RIS tasks, fostering a common language, offering training on data exchange standards and information-sharing platforms, and outlining the advantages of information-sharing abilities.