Solutions

ISAOs & ISACs

ISAOs & ISACs

Encouraging the formation of communities that share information across a region or in response to a specific emerging cyber threat.Resources for Information Sharing & Analysis Organizations On February 13, 2015 Executive Order (EO) 13691 promoting private sector cybersecurity information sharing was issued.  Among other things, this EO established new Information Sharing and Analysis Organizations (ISAOs) as organizational tools for managing this sharing. In encouraging the creation of ISAOs, the Executive Order expands information sharing by encouraging the formation of communities that share information across a region or in response to a specific emerging cyber threat.  An ISAO could be a not-for-profit community, a membership organization, or a single company facilitating sharing among its customers or partners.Below are links to some government and non-profit resources for the formation of ISAOs. Promoting Private Sector Cybersecurity Information SharingDHS ResourcesNational Cybersecurity Communications and Integration CenterInformation Sharing EnvironmentCyber Resilience Institute Below are links to some of the existing ISAOs:Forum for Incident Response and Security TeamsIndustrial Control Systems Information Sharing and Analysis CenterPacific Northwest Economic RegionInformation Sharing and Analysis CentersInformation Sharing and Analysis Centers (ISACs), as defined by EO 12472 and the national critical infrastructure protection goals of Presidential Decision Directive 63 (PDD-63), were already essential drivers of effective cybersecurity collaboration for specific industrial sectors such as banking and financial services, energy, telecommunications and defense, as examples. ISACs are trusted entities established by Critical Infrastructure Key Resource (CI/KR) owners and operators to provide comprehensive sector analysis, which is shared within the sector, with other sectors, and with government. ISACs take an all-hazards approach and have strong reach into their respective sectors, with many reaching over 90 percent penetration. Services provided by ISACs include risk mitigation, incident response, alert and information sharing. The goal is to provide users with accurate, actionable, and relevant information. Member benefits vary across the ISACs and can include: access to a 24/7 security operations center, briefings, white papers, threat calls, webinars, and anonymous CIKR Owner/Operator reporting.Below is a current listing of the ISACs as defined by the National Council of ISACs.Aviation – Information Sharing and Analysis Center (A-ISAC)Defense Industrial Base – Information Sharing and Analysis Center  (DIB-ISAC)Downstream Natural Gas – Information Sharing and Analysis Center (DNG-ISAC)Emergency Services – Information Sharing and Analysis Center (EMR-ISAC)Electricity Sector – Information Sharing and Analysis Center (ES-ISAC)Financial Services – Information Sharing and Analysis Center (FS-ISAC)Maritime – Information Sharing and Analysis Center (Maritime-ISAC)Multi-State – Information Sharing and Analysis Center (MS-ISAC)National Coordinating Center for Communications (NCC)National Health – Information Sharing and Analysis Center (NH – ISAC)Oil & Gas – Information Sharing and Analysis Center (O&G – ISAC)Public Transit – Information Sharing and Analysis Center (PT – ISAC)Real Estate – Information Sharing and Analysis Center (RE – ISAC)Supply Chain – Information Sharing and Analysis Center (SC – ISAC)Surface Transportation – Information Sharing and Analysis Center (ST – ISAC)Water – Information Sharing and Analysis Center (W – ISAC)