Cybersecurity professionals information sharing sources and networks in the U.S. electrical power industry

Abstract This article describes an exploratory qualitative case study of information sharing among cybersecurity professionals in the critical U.S. electrical power industry. Drawing on organizational information processing theory, this study examined how information related to cybersecurity related threats and response alternatives was accessed and shared in the participants’ organizations and within their broader industry network. In-depth interviews of 13 participants from 10 organizations were conducted to identify the nature of information sharing, the networks used to access the information, and changes that could improve information sharing between cybersecurity professionals and their organizations. The study found that information sharing networks exist at interpersonal, company-to-company, and company-to-multicompany levels of analysis. The role of trust in forming these networks was notable, as was the role of certain communication media, particularly threat briefings, testing exercises, and cybersecurity mutual assistance planning. The study found that certain types of network actors, such as law enforcement agencies, had strong relationship ties with the utility companies, while other actor types had weak or nonexistent ties. The implications for critical infrastructure protection are discussed.