Discussions with Information Sharing and Analysis Centers (ISACs) for Infrastructure Security Month
By Jennifer Lyn Walker, The Cybersecurity Evangelist
For the November episode of TCE (listen here!) I’ve decided to take on
National Critical Infrastructure Security and Resilience Month, Critical Infrastructure Security and Resilience Month, Critical Infrastructure Month, Infrastructure Security Month, whew! Actually, I’ve been almost as overwhelmed with responses from people wanting to be a part of this edition as I am with the litany of names given to this critical observance. That said, this edition/theme is likely to be in three or four parts so we can evangelize as many ISAC’s (and ISAO’s) as we can!
What’s an ISAC, you say? If you don’t already know, I’m glad you asked. ISAC stands for Information Sharing and Analysis Center. And if you think it’s just some arbitrary idea, you’d be wrong. 😉
There was actually a “mandate” of sorts created through Presidential Decision Directive 63 in 1998 that requested the public and private sectors create a partnership to share information about threats, vulnerabilities, and other events to help protect the critical infrastructure of the United States. As such, the “ISACs” were born. Some were not inseminated as quickly as others, but after “9/11,” many ISACs were born out of that necessity to share vital information so such tragic events are less likely to happen again. Since then, ISACs have continued to mature and multiply. For a reference list of many of the ISACs that support critical infrastructure, please visit the National Council of ISACs (NCI).
That said, we start off TCE – “The ISAC Edition” with a discussion from the DNG-ISAC (Downstream Natural Gas ISAC). Jim Linn and John Bryk joined me to “hear themselves talk” about DNG, the threats facing the downstream natural gas community, how they help secure the natural gas distribution/delivery pipelines in the U.S. and Canada, and how they work closely with the Oil & Natural Gas ISAC (ONG-ISAC). I even attempted to throw DNG-ISAC under the OTRB-ISAC (Over-the-Road-Bus). 😉 Despite that, John was kind enough to point TCE listeners to a new film called “The Social Dilemma” for the real deal on human factors of cyber and how the technology that connects us, also controls us. And most importantly, Jim urged those who fall into an ISAC community to please join the ISAC or other community-based information sharing group.
Next up, I talked with Cherie Burgett from the MM-ISAC (Mining & Metals ISAC) and how they take a holistic – cyber, physical, geopolitical – approach to help protect the entire mining and metals ecosystem. And while MM-ISAC doesn’t help you get more gold, silver, or copper out of the ground, it does help keep you safe while you’re doing it. Cherie discussed the biggest challenge to the mining and metals sector is the afterthought of bringing cybersecurity into the mine AFTER installing all the brand new shiny technology needed for sustainability. And if you’re wondering why you don’t see mining and metals companies in the data breach of the day headlines. That’s because, in addition to members placing cybersecurity as a top priority, MM-ISAC partners with Perch Security to leverage ISAC intelligence and automated sharing of high-confidence threat indicators and observables to give organizations a leg up on the bad guys.
I hope you enjoy this episode and learn a little something about the Information Sharing and Analysis Centers/Organizations that you didn’t already know. Have a listen here, and then join us in December for more ISAC evangelism on The
Cybersecurity ISAC Evangelist!
Resources discussed on this episode:
- Infrastructure Security Month https://www.cisa.gov/ismonth
- Critical Infrastructure Sectors https://www.cisa.gov/critical-infrastructure-sectors
- National Council of ISACs list of member ISACs https://www.nationalisacs.org/member-isacs
- Downstream Natural Gas ISAC https://www.dngisac.com/
- The Social Dilemma film https://www.thesocialdilemma.com/
- Mining & Metals ISAC http://www.mmisac.org/
- Perch Security https://perchsecurity.com/
- The Risk Roundtable, a panel discussion among our Gate 15 team
- The Cybersecurity Evangelist, with Jennifer Lyn Walker
- Nerd Out! Security Panel Discussion, moderated by Dave Pounder
- The Gate 15 Interview, a monthly interview with security and risk management leaders