Not-So-Bold Predictions: ISACs Continue Close Collaboration in 2019…

by Andy Jabbour


Too many cookies, another Detroit Lions loss, and a slew of predictions for next year… it must be that wonderful time between Thanksgiving and New Year’s! From what will be trending to what the big headlines will be, as many experts (and everyone else with a Twitter account) take time and share reflections on the year that was, many will share their insights into what to expect next year – and that is certainly true for security as well.

A number of recent security posts have shared experts’ ideas on what 2019 will bring, such as McAfee, Exabeam, Symantec, Radware, and recently, Nozomi Networks. We can all debate who got it right and who is selling FUD, but they’re mostly good posts with at least a few good nuggets each. One item that caught my eye was this prediction, via well-respected and appreciated former DHS Under Secretary Suzanne Spaulding, writing for Nozomi.

Critical infrastructure organizations will more fully embrace a cross-sector approach.

The DHS established the National Infrastructure Advisory Council (NIAC), which is made up of leaders from private sectors like electricity, transportation, communication and others. The council has done a lot of good work.

While at the DHS, we conducted several tabletop exercises that resulted in some surprising realizations. For example, at one session it became clear just how interdependent electricity and financial services organizations would be in the face of a critical infrastructure attack. If the electric grid were taken down by a cyber attack, financial services organizations would be vital to help finance an industry response.

The sectors are developing ways of working together before an attack occurs to understand how their organizations are interconnected and plan out how a cross-sector approach could lead to a smoother response should an attack occur.

That is all good and true but as we all hope for “ever closer union,” except maybe the British… (c’mon, Brexit humor!) it’s important to note that the critical infrastructure community working closely together in cross-sector coordination is something that has been ongoing for many years, and, since 2003, largely via the coordination of the National Council of ISACs (NCI).

  • Back in 2008, shortly after starting support to DHS, this post’s author remembers leading a workshop among a small gathering of executives from several of the ISACs to discuss how they could further enhance their ability to collaborate with one another and with the government.
  • Later that year, the Partnership for Critical Infrastructure Security, now the Critical Infrastructure Cross Sector Council, held a workshop in Northern Virginia with senior leaders from across the country and representing each sector of critical infrastructure to address similar ideas with a broader group and including government participants.
  • In a joint collaboration between the Real Estate ISAC and the Financial Services ISAC, in 2014 the NCI conducted the first “Operational Coordination Forum,” an exercise consisting of three scenarios: a catastrophic earthquake, an international pandemic, and a nationally significant cyber incident.
  • That was followed by follow-on workshops in 2015 and two workshops in January and February of this year, all focused on further maturing the “cross-sector approach” ISACs could support to “lead to a smoother response should an attack occur” addressing both physical and cyber threats.

In addition to ongoing preparedness activities among the members, the NCI and individual ISACs have participated in DHS national exercises including the National Level Exercises and Cyber Storm events for over ten years. ISACs have maintained routine and incident liaison and presence with DHS operational entities including the National Infrastructure Coordinating Center and the National Cybersecurity & Communications Integration Center, where several ISACs maintain a physical presence on a daily basis. ISACs maintain ongoing means for daily coordination, routine monthly meetings (that also include US government and fusion center partners), incident coordination calls, and special working groups and other activities to support and further develop cross-sector coordination.

A slide from the initial OCF workshop, conducted in Arlington, Virginia on 21 Aug 2014 

There is always room for improvement and the ISACs, voluntarily and collaboratively via the NCI and via other joint efforts and coordination, continue to work to enhance their capabilities and coordination, with one another, with members, and their public sector partners. Ms. Spaulding is exactly right in her prediction, “Critical infrastructure organizations will more fully embrace a cross-sector approach,” – because that is exactly what they’ve been doing for at least the last fifteen years, seeking continuous improvement, and with no intention of being content with where things are today, or ever.

In other safe bets, this post’s author is willing to venture that the Bears will make the playoffs, there will be more reports of Russian hacking and Chinese intellectual property theft, and international terrorist groups will continue to put out hostile propaganda…


Andy is Gate 15’s co-founder and Managing Director.