CIOReview
| | January 20158CIOReviewopinionin myBuilding a Community Defense Model to Protect Critical AssetsBy William B. Nelson, President and CEO, FS-ISAC Today's cyber threats don't stop at country borders. They don't stop at corporate thresholds. And they can't be stopped by just a single vendor solution. It takes constant vigilance. And it takes a community coming together. Threat information sharing and trust groups have helped protect the financial sector for years. Soon they will protect many others. What happens when a community collaborates? Or many communities share? Community-driven defenses may just be the future of cyber security.The Value of Information SharingAbout 14 years ago, the financial services sector realized that many threats could be prevented or minimized by carefully and properly sharing threat information with each other. Say that large Bank A gets attacked by cyber criminals and lets Bank B know that the attack is underway. Bank B can take immediate action to prevent a similar attack. Cyber criminals often practice their attacks on small community institutions or on regional banks before they take their attacks more broadly. And in many cases, once they perfect their attacks, they go after many financial institutions at once. Information sharing is the cornerstone to a Community Defense model so that a specific sector can start to turn the tables on attackers and make it more difficult and costly to attack, and reduce the cost and effort to defend. For example in the financial sector, sharing real-time, actionable information helps protect and preserve critical assets including, funds, customer account data and payment processes. For other sectors, it means the protection of lives, of intellectual property and of continuity of critical systems that keep an economy running strong.Best Practices Developed by Information Sharing and Analysis CentersBut there have to be processes, best practices and safeguards as information is shared. A Presidentially mandated construct, called an Information Sharing and Analysis Center, or ISAC, is available in nearly every critical sector in order to help facilitate sharing. There are ISACs for Healthcare, Technology, Transportation, Energy and many more. One of the best known is the Financial Services Information Sharing and Analysis Center, or FS-ISAC. FS-ISAC is a non-profit, member-created and member-owned organization that has perfected information sharing between financial institutions of all sizes, all over the world. With over 5000 members, FS-ISAC shares threat intelligence and distills it down into actionable information for institutions of any size.Each ISAC uses its sector's vast resources (people, processes, and technology) to aid the entire sector with situational awareness and advance warning of new physical and cyber security threats, incidents, and vulnerabilities. Those that are active with their sector, ISAC are able to share relevant details of an attack, even as the attack unfolds. While members often digest the information available, they find increased value in ISACs when they also contribute information back to other members. Members learn to trust other members, and hence share more and more information. Sharing can occur via electronic means, live meetings, and special interest groups. ISACs have helped develop core processes, for example Circles of Trust. With this concept, members earn each other's trust. They share detailed threat i n f or m a t i on most frequently with those they trust the most and with those that can most
< Page 7 | Page 9 >