View More guides on Cyber Threat Intelligence
What is an ISAC or ISAO? What role does it play in Information Sharing?
Posted on: August 22, 2018
Information Sharing and Analysis Centers (ISACs) were first established in the US in 1998. ISACs were created to address US’ critical infrastructure vulnerabilities and facilitated the sharing of actionable cybersecurity intelligence among trusted organizations within an industry and between sectors. Typically, an Information Sharing and Analysis Center is a nonprofit organization that provides a central resource for gathering information on cyber threats to critical infrastructure and provides two-way sharing of information between the private and public sector.
ISACs were essentially upgraded with the introduction of Information Sharing and Analysis Organizations (ISAOs). These organizations were set up after President Barack Obama signed the executive order passing the Cybersecurity Information Sharing Act, 2015. ISAOs adopt ISACs collaborative approach to cybersecurity and information sharing. The section 3 of Executive Order 13691, defines ISAOs as non-governmental organizations selected through an open and competitive process that engage with existing information-sharing organizations, owners and operators of critical infrastructure, relevant agencies, and other public and private sector stakeholders to develop a set of voluntary standards and guidelines for the creation and functioning of ISAOs.
The primary role of both ISACs and ISAOs is the analysis and sharing of information regarding cybersecurity risks and incidents. In the case of ISACs, the information is shared only with the members in the critical infrastructure industry. However, information sharing across other industries occurs through ISAOs, thereby expanding the reach of the threat intelligence shared. What is more, ISAOs can also customize the specific communications needs by offering a more flexible approach to self-organized information sharing activities amongst communities of interest such as small businesses across sectors: legal, accounting, and consulting firms that support cross-sector clients, etc.
The cybersecurity intelligence data shared by both ISACs and ISAOs is relevant, real-time and context-driven. This data is shared rapidly and regularly, which in turn, can be critical in helping organizations protect themselves from cyber threats.
Although ISAOs can be structured to support the industry-based, location-based and other special interests of its members, it essentially embodies the same concept that ISACs do - “Security Matters.” The creation of both ISACs and ISAOs highlights the importance of collaborative efforts and cybersecurity intelligence sharing in improving the security posture of individual organizations and America’s as a whole. In fact, the abilities of organizations to share and receive actionable threat information with peers in pursuit of protection of their own networks offers an inherent and intrinsic benefit of participating in ISACs and ISAOs. As information sharing deepens, real-time awareness of cyber threat information allows participating organizations to share learnings and effectively implement mitigation strategies thereby reducing the frequency and impact of cyber attacks.