Commercial sector shares threat information
Connecting state and local government leaders
The Information Sharing and Analysis Centers, established in key commercial sectors to help protect the nation's critical infrastructure, have evolved over the last year, developing a structure to share threat information among ISACs.
The Information Sharing and Analysis Centers, established in key commercial sectors to help protect the nation's critical infrastructure, have evolved over the last year, developing a structure to share threat information among ISACs.
'Code Red was the turning point,' said Pete Allor, operations director for the IT ISAC. 'We realized how useful we could be. That's also the first time we reached out to government, and government reached back.'
Allor, who also is manager of the threat intelligence service'the X Force'for Internet Security Systems Inc. of Atlanta, spoke about the role of ISACs during an interview yesterday at the Networld+Interop/Comdex trade show.
ISACs were created with the government's blessing over the past several years as vehicles for sharing information about threats and vulnerabilities within commercial sectors, such as financial services, utilities and IT. Each group is autonomous, and although they often cooperate with government they have no formal relationships with agencies. Developing closer ties with government is one of the next steps in the evolution of ISACs.
The outbreak of several varieties of the Code Red virus in July of 2001 spurred cooperation between ISACs. The events of Sept. 11 and the appearance of NIMDA in quick succession brought them together in a more formal way. ISACs for the IT, telecommunications, financial services, oil and gas, electrical utility and ground transportation industries created the Inter-ISAC Information Exchange.
'No ISAC was looking for a super-ISAC,' Allor said. 'There is no hub-and-spoke configuration.' Information about threats is shared on an as-needed basis.
As the name implies, the exchange does not include the government. 'Sometimes we had things we wanted to talk to each other about that we weren't ready to talk with the government about,' Allor said.
That does not mean information is not shared with government. 'As ops director of the IT ISAC, I talk with the National Infrastructure Protection Center at least once a day,' Allor said. 'We have a good relationship.'
But concerns about confidentiality and liability put restrictions on private-public information sharing. 'The biggest problem most companies see is the Freedom of Information Act,' Allor said. The fear that information about threats provided to the government could be released under FOIA is keeping companies quiet. 'If I feel I'm not protected, I have no incentive to talk.'
Several bills have been introduced to shield information about infrastructure threats from FOIA, but critics have complained they are too broad and could let companies hide information to forestall prosecution or regulatory oversight.
The ISACs will meet again in October to further their own relationship and explore ways to improve relations with government.
'We are working on some more functional things,' Allor said. This includes developing a common XML format for exchanging information within an ISAC. The next step would be developing formats for exchange between ISACs.