Abstract
Abstract This chapter considers the impact on cyber security of a shift from voluntary coordination to mandatory incident reporting. It traces the efforts to organize collaboration for cyber security incident response back to its voluntary beginnings with the establishment of CERT/CC by DARPA in response to the Morris Worm in 1988, via the establishment of ISACs then ISAOs under successive US presidents, to the CiSP in the UK following the London 2012 Olympics. Recognizing efforts to standardize and automate information sharing, the discussion touches on how information sharing has come to form the basis of national cyber strategies, forming a foundational element of internationally recognized maturity models for those strategies, and it goes on to consider the increasing move towards more mandatory incident reporting, especially in Critical National Infrastructure sectors across the globe, from the Defence Industrial Base in the United States to the NISD throughout the European Union. It considers the impact of mandating reporting on levels of collaboration overall, concluding that regulators must be careful not to create sector-specific silos or undermine existing levels of voluntary sharing through their enforcement of such mandatory schemes.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
