This article describes an exploratory qualitative case study of information sharing among cybersecurity professionals in the critical U.S. electrical power industry. Drawing on organizational information processing theory, this study examined how information related to cybersecurity related threats and response alternatives was accessed and shared in the participants’ organizations and within their broader industry network. In-depth interviews of 13 participants from 10 organizations were conducted to identify the nature of information sharing, the networks used to access the information, and changes that could improve information sharing between cybersecurity professionals and their organizations. The study found that information sharing networks exist at interpersonal, company-to-company, and company-to-multicompany levels of analysis. The role of trust in forming these networks was notable, as was the role of certain communication media, particularly threat briefings, testing exercises, and cybersecurity mutual assistance planning. The study found that certain types of network actors, such as law enforcement agencies, had strong relationship ties with the utility companies, while other actor types had weak or nonexistent ties. The implications for critical infrastructure protection are discussed.

本文描述了美国关键电力行业网络安全专业人员之间信息共享的探索性定性案例研究。本研究借鉴组织信息处理理论，研究了与网络安全相关的威胁和响应替代方案相关的信息如何在参与者的组织及其更广泛的行业网络中被访问和共享。对来自 10 个组织的 13 名参与者进行了深入访谈，以确定信息共享的性质、用于访问信息的网络以及可以改善网络安全专业人员与其组织之间信息共享的变化。研究发现，信息共享网络存在于人际、公司对公司和公司对多公司的分析级别。信任在形成这些网络中的作用是显着的，某些通信媒体的作用也是显着的，特别是威胁简报、测试演习和网络安全互助计划。研究发现，某些类型的网络参与者，例如执法机构，与公用事业公司有很强的关系，而其他类型的参与者则关系较弱或根本不存在。讨论了对关键基础设施保护的影响。