Industry Groups Coordinate Cyber Threat Information Sharing

Lock Image

Last fall, Cradlepoint CSO Kent Woodruff wrote a blog post about Adam Shostack’s theme for his opening address at 2014 BSidesLV.  Shostack spoke at length about “information sharing as the ultimate act of self-preservation.”

The exponential rise in criminal intrusions into public and private databases in the recent past has precipitated the creation of a number of information sharing organizations by both the private and public sectors.

On the industry side, organizations have been formed by the retail, financial, oil and gas, and industrial control system security sectors. The overall goals of these organizations are to:

+ Encourage the sharing and analysis of data breach related information

+ Verify and alert members to imminent or active threats

+ Provide solutions and best practices

The federal government is still trying to overcome critics and pass legislation that it hopes would make it easier for government and private companies to work together to thwart cybercrime.

Here are a few of these organizations:

Private Sector Organizations

Retail Cyber Intelligence Sharing Center (R-CISC) at rila.org was formed in March 2014 when more than 30 retail companies came together with retail trade associations. Its goal was to create an information sharing and analysis center specifically for the retail industry. Through the R-CISC, retailers of all sizes share cyber intelligence on incidents, threats, vulnerabilities, and associated threat remediation.  Components of the organization include the Retail Information Sharing and Analysis Center (ISAC), education and training, and research.

Financial Services Information Sharing and Analysis Center (FS-ISAC) at fsisac.com was created back in 1999 in response to a 1998 Presidential order. Directive 63 mandated that the public and private sectors share information about physical and cyber security threats and vulnerabilities to help protect the U.S. critical infrastructure. FS-ISAC operates as a member owned non-profit entity, with active members and partners from across countries and regions throughout North and South America, Europe, the Middle East, and Asia/Pacific. It enables anonymous information sharing, threat verification and analysis, recommended solutions, and best practices.

Oil and Natural Gas Information Sharing and Analysis Center (ONG-ISAC) at ongisac.org noted that in the first half of 2013 alone, the federal government responded to more than 200 incidents across all critical infrastructure sectors, “with the highest percentage of incidents reported from the energy sector at 53%.” This industry owned and operated organization coordinates information sharing and provides protection from Freedom of Information disclosure and anti-trust violations.

Industrial Control Systems Information Sharing and Analysis Center (ICS-ISAC) at http://ics-isac.org represents companies whose electronic systems are used to operate physical processes ranging from power generation and distribution to building operations, healthcare, transportation, manufacturing, and agriculture. It was established with the support of industry organizations including Amor Group, IBM, SAIC, Yokogawa, Invensys, Emerson, and others.

We have also seen the rise of information-sharing organizations formed by individual companies, such as the Lockheed Martin Cyber Security Alliance.

Public Sector

Just last week, the U.S. Senate Intelligence Committee approved the Cybersecurity Information Sharing Act (CISA) that's designed to help companies and the federal government better defend against the growing threat of data breaches. According to CNET, the committee passed a similar bill in 2104, “but the measure stalled after privacy advocates raised concerns that it would reinforce government powers to conduct surveillance on US citizens, particularly after former NSA contractor Edward Snowden released details of the secret spying programs.” A number of high-ranking members of Congress continue to voice similar concerns about the new bill.

Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) at https://ics-cert.us-cert.gov is a government organization that works with a host of entities and organizations around the world to share control systems related security incidents and mitigation measures to reduce risks within and across all critical infrastructure sectors. IVS-CERT operates within the National Cybersecurity and Integration Center, a division of the Department of Homeland Security's Office of Cybersecurity and Communications.