ISAC (Information Sharing and Analysis Center) is a non-profit organization that provides a central resource for gathering information on cyber threats to critical infrastructure and sharing it with its members.
The objective of an ISAC is to help organizations to protect themselves and at the same time to raise the level of resilience and protection of their sectors against cyber threats.
In many EU Member States, initiatives similar to ISACs exist. For example, in France, we have “CSIRT” (or sectoral ISAC) which are entities formed by companies operating in the same sector of activity.
These entities serve as a platform for sharing attack intelligence. All stakeholders can share incident information, including alerts on specific threats. This information is made available to all interested stakeholders. Through this process, member companies have the opportunity to join forces to better protect themselves against common risks.
They can use the knowledge produced by the CSIRT or ISAC to make informed decisions about threats. And better detect campaigns that target their industries, business entities, or other institutions.
How does an ISAC work?
The main activities of an ISAC consist of:
- Sharing information on threats (including the most recent ones) and above all making analyzes and actionable intelligence available to its members;
- Share advice on cybersecurity best practices;
- Develop new standards and technical guidelines to strengthen the intelligence cycle.
For their implementation, an executive or management committee is first set up. Its mission is to supervise the activities and provide the strategic orientations of the ISAC.
- centralize all the information collected on cyber threats
- and share best practices in security measures.
What are the benefits and challenges of an ISAC?
Cyberattacks have become more frequent and sophisticated, presenting significant challenges for organizations to defend against capable threat actors.
These actors include lone hackers, organized cyber gangs, and state-sponsored groups. They mobilize different tactics, techniques and procedures (TTP) to compromise systems, disrupt services, steal sensitive information. And their attacks are mostly motivated by financial or other goals.
Because of the risks these threats pose and their scale: at SEKOIA.IO, we believe it is increasingly important for organizations to share information about cyber threats within a community. Especially since most organizations already produce this kind of internally shared cyber threat information as part of their security operations.
In France, this model for sharing information on cyber threats has already proven itself through sectoral CSIRTs. In a column published here, François Deurty, COO at SEKOIA.IO, explains that it is “in the interest of French companies to accelerate the sharing of information on cyber threats between them…Because cyberattacks are not often aimed at a only isolated player, and helping to protect its ecosystem is first and foremost about protecting its business.”
Additionally, exchanging cyber threat information within a sharing community allows organizations to leverage the collective knowledge, experience, and capabilities that each member brings.
Indeed, it can help organizations to:
- Combine forces to better protect against common risks;
- Gain a fuller understanding of the threats they face, or a fuller awareness of the threats they may face;
- Identify the source of a cyberattack and take appropriate action;
- Improve their security posture by providing them with a better; understanding of the threats they face, enabling them to take appropriate action;
- Protect their own networks and systems against cyberthreats;
- Protect their sensitive information data from theft by ransomware groups;
- Mitigate the impact of an incident and reduce recovery time;
- Identify and respond quickly to new threats, including those targeting multiple organizations.
How to deploy an ISAC?
To deploy an ISAC, six actions are necessary:
- Establish information sharing objectives in accordance with business processes and security policies;
- Identify existing internal sources of cyber threat information;
- Specify the scope of information sharing activities;
- Establish rules for sharing information;
- Encourage member companies or stakeholders to participate on an ongoing basis in information sharing efforts.
If you want to strengthen your knowledge on the subject, we invite you to discover: the way in which SEKOIA.IO TIP supports companies in accelerating their intelligence cycle (from discovery to intelligence sharing through sorting qualifications).