Critical Infrastructure Information Sharing Successes & Opportunities
WASHINGTON, D.C., September 27, 2021 – The National Council of ISACs (NCI) hosted a Congressional briefing on Thursday, September 23 at 1:00pm ET to highlight the critical role Information Sharing and Analysis Centers play in national cybersecurity protection. The briefing covered how the 27 members of NCI support national areas of critical infrastructure and how Congress can help them be even more successful.
Congressman John Katko, (R - New York’s 24th District), began the briefing by urging Congress to continue to foster the public / private collaboration of ISACs. “I firmly believe ISACs play a key role in defending critical infrastructure, the Federal Government, and private and public sector networks.” Katko called ISACs a “cornerstone for our nation’s multipronged approach to sharing information on cyber and physical security threats.”
Denise Anderson, NCI Chair and President and CEO of Health-ISAC, reiterated the valuable role of the ISACs, “We have strong reach into our sectors. If an incident happens, we can quickly share information as well as assess any impact to owners and operators.”
NCI, formed in 2003, is a cross-sector partnership, providing a forum for sharing cyber and physical threats and mitigation strategies among the various critical infrastructure ISACs. The ISAC threat sharing model - based in the private sector and collaborating with government and law enforcement - helps shield American enterprises from threat actors.
During the update, Congress learned ISACs continue to closely monitor the increase of ransomware on the current threat landscape, and NCI recently published Statement on Ransomware, a multi-ISAC collaboration outlining security best practices enterprises can use.
Expounding on various methods of sharing, Erin Miller, Executive Director of Space ISAC, described 13 different communities of interest where companies in her sector share between one another around specific topics, such as the Supply Chain Risk Management working group. Miller explained how the newer Space-ISAC sought out collaboration opportunities with other ISACs. “We ran an extremely successful Value of Space Summit with FS-ISAC, Maritime Transportation System ISAC, and Communications ISAC, around how they could assist Space ISAC if the Space system went down.”
Scott Algeier, Executive Director, IT-ISAC, brought attention to The Principles of Mandatory Reporting, recently created by an NCI working group to help companies understand their reporting responsibilities. The paper also contains suggested areas where CISA can help support industry efforts around reporting.
Sharing some NCI success stories, Josh Poster, Auto ISAC Intelligence and Analysis Operations Manager and Vice Chair for NCI, brought up a 2021 NCI tabletop exercise series, where ISAC-member companies practiced their collaborated response to critical infrastructure events, and “how we would operate together in an area of national significance from today’s virtual environment.”
Executive Director of MTS-ISAC, Scott Dickerson, explained how “threat information is critical to share because it can stave off attacks from becoming full blown incidents with cascading effects across critical infrastructure.”
In conclusion, Miller re-emphasized that the ISAC sharing model is very strong and well understood and contains opportunities to be even further utilized. Dickerson pointed out how “private sector enterprises would greatly benefit from a more streamlined approach to Federal reporting requirements.” Algeier added that information sharing between ISACs has never been stronger and could be better leveraged by government.
For more information on NCI, go to https://www.nationalisacs.org/.