Recent cyber attacks have highlighted the need for industry to share threat and vulnerability information, and Information Sharing and Analysis Centers (ISACs) provide a way to do that while helping members stay out in front of threats and vulnerabilities. These centralized organizations foster and facilitate the secure sharing of vetted, actionable, and timely information among members to provide private sector owners and operators a way to strengthen their organizations and the resiliency of the industry.
Pulling from its experience in standing up several ISACs, Booz Allen Hamilton created the ISAC Blueprint to outline the common building blocks necessary to create successful information sharing and analysis organizations. Whether yours is a new ISAC or an existing one looking to mature, these five building blocks ensure the solid foundation required for successful implementation:
- Governance—The environment influencing sharing: How will the ISAC be governed? Does it have strong leadership with the right industry and functional cybersecurity skills to oversee day-to-day operations?
- Policy—The rules for sharing: Who is eligible for membership?
- Technology—The “capability” to ensure sharing: What mechanisms exist to manage identities, authorize and authenticate users, ensure confidentiality, and foster information sharing?
- Culture—The “will” to share: Has the ISAC created a trusted environment in which members feel comfortable sharing information?
- Economics—The “value” of sharing: How will the ISAC be funded and measure success? How do we ensure that the necessary initial- and build-value are present to create a sound economic model?
Each industry faces a unique set of challenges, including but not limited to challenges such as malware, data breaches, cyber espionage, and physical threats. And each set of challenges has become more aggressive and sophisticated, with companies realizing that it's not a question of if an attack will happen, but when. ISACs are a proven way for companies within an industry to collectively defend against such attacks and achieve strength in numbers.
The ISAC Blueprint is the first step. The next step begins with you.