Information Sharing and Analysis Centers (ISACs)

---

Information Sharing and Analysis Centers (ISACs) is a not-for-profit group set up to share sector-specific threat intelligence and security best practices among its members.

• provide critical infrastructure owners and operators with cybersecurity information and services
• facilitate the sharing of threat information and best practices between the public and private sectors
• provide advice on current and emerging cyber threats
• setup for each critical industry
• produce data from their members’ systems,
  • so the data is highly industry-specific and relevant
• Information shared within an ISAC is given legal protections by the PCII program
  • operated by the Department of Homeland Security (DHS)
• more info: https://www.nationalisacs.org/
• list of all US-based ISACs: nationalisacs.org/member-isacs-3
• In the UK, the Cyber Security Information Sharing Partnership serves similar purpose

Threat Intelligence Sharing Benefits

• helps improve several aspects of cybersecurity:
  • incident response
    • can help organizations respond to security incidents more effectively by providing information about threat actors’ tactics, techniques, and procedures (TTPs)
    • incident responders can better understand the threat landscape and develop more effective incident response plans
  • vulnerability management
    • can help organizations identify and prioritize vulnerabilities more effectively
    • quickly identify and mitigate potential risks by sharing information about emerging threats and vulnerabilities before attackers exploit them
  • risk management
    • can help organizations manage risk more effectively by providing insight into emerging threats and attack trends
    • can make more informed decisions about where to allocate resources and which security controls to implement to reduce risk
  • security engineering
    • By understanding the TTPs threat actors use, security engineers can design and implement more effective security controls to prevent and detect attacks

Critical Infrastructure

• DHS identifies 16 critical infrastructure sectors
  • dhs.gov/cisa/critical-infrastructure-sectors
• Each sector is supported by its own ISAC

Government

The Multi-State ISAC (cisecurity.org/ms-isac) serves nonfederal governments in the US, such as state, local, tribal, and territorial governments.

• one key concern is interference in the electoral process and the security of electronic voting mechanisms
  • is an ISAC dedicated to election infrastructure security issues
    • cisecurity.org/ei-isac

Healthcare

• Health ISAC (h-isac.org)
• Healthcare providers are targeted by criminals seeking blackmail and ransom opportunities by compromising patient data records or by interfering with medical devices

Financial

•  Financial Services ISAC  (fsisac.com)
• target for fraud and extortion
• Serious financial shocks, such as major trading platform or ATM outages, can also pose a national security risk

Aviation

• Aviation ISAC (a-isac.com)
• targeted for fraud and by terrorists or hostile nation-state actors seeking to disrupt services or cause casualties