Establishing market based mechanisms for CYBer security information EXchange (CYBEX)
Role: Principal Investigator
Funding Amount: $329,658
Robust cybersecurity information sharing infrastructure is required to protect the firms from future cyber attacks which might be difficult to achieve via individual effort. The United States federal government clearly encourage the firms to share their discoveries on cybersecurity breach and patch related information with other federal and private firms for strengthening the nation's security infrastructure. The goal of this project is to develop an interdisciplinary research platform to investigate the framework and benefits of breach-related vulnerability information sharing and analyze the effect of not participating in the process of information exchange. The outcome of this project has a profound impact on the evolution of CYBer security information EXchange (CYBEX) architecture and the level of interaction desired among firms (private, public or federal) to defend proactively in the ever-growing cyberspace. The research has both direct and indirect impact on mentoring, hands-on learning, education and training. Graduate and Undergraduate students (including minority and women) participating in this project are involved in interdisciplinary research and learning problem solving skills taking into account different viewpoints, namely, cybersecurity, information-exchange, economics, decision analysis and practical system implementation. By using micro and macro-economic theory as a substrate, this project establishes market based mechanisms for enabling cyber security information exchange (CYBEX) among firms to protect the cyberspace proactively against cyber attacks. This research investigates how cyberinsurance can be modeled and thereafter can be augmented with the information sharing format and framework to encourage firms to participate in CYBEX more effectively. The transformative nature of the proposed research lies in its potential to identify, model, and analyze the multi-dimensional robust cybersecurity information sharing infrastructure along with development of CYBEX emulator environment. The information sharing framework is also extended to the cloud domain that carries challenges to model the cloud attackers and incentive mechanisms to motivate the firms toward such sharing behavior. More Specifically, the outcomes of the project demonstrate: a) the potential of CYBEX in sharing the burden of cybersecurity and making the cyberspace more robust; b) multi-layer competitions and dynamics among CYBEX entities infiltrated with malicious entities; c) necessity of cyberinsurance and market oriented approach for better cybersecurity information utilization; and, d) the far-reaching impacts of interdisciplinary CYBEX research in terms of socio-economic value, technology and educational outreach programs.