Sharing is caring: Take advantage of ISAC

Share this article:
Risk lessons over beer and bratwurst
Risk lessons over beer and bratwurst

Sharing is an important part of life. No one should ever have to go it alone. The wild success of social networks such as Facebook, Twitter and LinkedIn provide daily proof of the importance of sharing to the human mind and spirit. The economic, professional and social advantages of having a good support network are also not to be underestimated.

Information security is a field that may not naturally lend itself to sharing. We are sometimes a secretive lot. We need to change that point of view and recognize that information sharing, within a structured framework, is especially important to security professionals. What I refer to here is the sharing of hard information among trusted peers within your chosen industry. This may make some of you uncomfortable, because what I'm recommending is that you get into the habit of sharing information about security events and observations even with competitors in your sector. Should Macy's tell Gimbels? In this case, yes.

A structure for this type of sharing has been developed within multiple sectors. If you haven't heard, the Information Sharing and Analysis Center, or ISAC, is that structure. An ISAC provides members with a private community for dispensing information about security threats, incidents and response, and critical infrastructure protection. 

If one bank, government agency or a utility company is being attacked from a certain location or using a particular methodology, it is strategically helpful to know if others are being targeted as well. 

Membership is normally open only to those organizations within that vertical sector that have agreed to contribute to and receive information from their peers, and that are willing to operate under strict confidentiality guidelines.

Some ISACs further information sharing by providing monitoring services and aggregating threat data within their sector, thus offering a holistic view. A 24/7 watch desk, an alerting function, and developmental programs and projects also can be found within a typical ISAC. 

ISACs are an effective method of sharing your information without direct attribution. If your site is under cyber attack or you become aware of an imminent threat to your sector, details can be exchanged without ever revealing your identity, thereby facilitating sharing, but maintaining confidentiality.

As a CISO of a large city, I have been engaged with the Multi-State ISAC (MS-ISAC) for a number of years. The MS-ISAC promotes information sharing among 50 state governments, participating local governments, territories of the United States and tribal governments. It operates a 24/7 cyber security operations center and is a significant intelligence source for its members. 

Can I substantiate the benefits of ISAC participation? Absolutely! The MS-ISAC has facilitated direct conversations among me and my peers in a number of cities. We have had the opportunity to exchange information about cyber attack experiences and strategies. 

Does your industry have an ISAC? Likely it does. For more details, there is a National Council of ISACs. You can visit its website at http://www.isaccouncil.org.

As proof of its importance, look for information sharing to be one of the cornerstones of any upcoming presidential executive order or congressional legislation dealing with cyber security. One of the key issues needing resolution is how to share classified information in a useful way with those who need it most – generally those without security clearances.


Dan Srebnick is the CISO of the city of New York. Opinions expressed are his own and do not necessarily reflect those of his employer.
Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in Opinions

Sign up to our newsletters

TOP COMMENTS

More in Opinions

Heartbleed, Shellshock and POODLE: The sky is not falling

Heartbleed, Shellshock and POODLE: The sky is not ...

While it may seem like 2014 is the year of the vulnerability, in reality, this year has not been much different than years past.

Technology alone isn't going to secure IoT connected devices

Technology alone isn't going to secure IoT connected ...

It's clear that vulnerabilities continue to exist, despite our best efforts to combat them. In fact, we have addressed many of the same problems before.

DDoS is the new spam...and it's everyone's problem now

DDoS is the new spam...and it's everyone's problem ...

As new solutions emerge, it's critical for organizations to protect themselves by being informed, aware, and acting whenever possible. Those that don't take action are playing a very dangerous game.