Submitter:

Name:Owen Ambur

Email:Owen.Ambur@verizon.net

Organization:

Name:National Council of ISACs

Acronym:NC-ISAC

Description:
The National Council of ISACs, formerly known as the ISAC Council, was formed in 2003 when a volunteer group of ISAC representatives decided to meet monthly to develop trusted relationships among the sectors, and address common issues and concerns.

Stakeholder(s):

• Information Sharing and Analysis Centers (ISAC): ISACs are trusted entities established by Critical Infrastructure Key Resource (CI/KR) owners and operators to provide comprehensive sector analysis, which is shared within the sector, with other sectors, and with government. ISACs take an all-hazards approach and have strong reach into their respective sectors, with many reaching over 90 percent penetration. Services provided by ISACs include risk mitigation, incident response, alert and information sharing. The goal is to provide users with accurate, actionable, and relevant information. Member benefits vary across the ISACs and can include: access to a 24/7 security operations center, briefings, white papers, threat calls, webinars, and anonymous CIKR Owner/Operator reporting.


• NC-ISAC Officers


• Denise Anderson: Financial Services ISAC, Chair


• Scott Algeier: Information Technology ISAC, Vice-Chair


• Josh Poster: Surface Transportation ISAC, Secretary


• NC-ISAC Committees


• NC-ISAC Education and Outreach Committee


• Sam Lombardo: EMR ISAC, Co-Chair


• NC-ISAC Operations Committee


• Scott Algeier: IT-ISAC - Co-Chair


• Denise Anderson: FS-ISAC, Co-Chair


• Member ISACs


• Communications ISAC: The Communications ISAC mission is to facilitate voluntary collaboration and information sharing among government and industry in support of Executive Order 12472 and the national critical infrastructure protection goals of Presidential Decision Directive 63 (PDD-63); to gather information on vulnerabilities, threats, intrusions, and anomalies from multiple sources and perform analysis with the goal of averting or mitigating impact upon the telecommunications infrastructure.


• ES-ISAC: The ES-ISAC serves the Electricity Sector by facilitating communications between electricity sector participants, federal governments, and other critical infrastructures. It is the job of the ES-ISAC to promptly disseminate threat indications, analyses, and warnings, together with interpretations, to assist electricity sector participants take protective actions.


• EMR ISAC: The mission of the EMR ISAC is to collect and analyze critical infrastructure protection and resilience information having potential relevance for Emergency Services Sector departments and agencies and to synthesize and disseminate the information to leaders, owners, and operators of the emergency services.


• FS-ISAC: The FS-ISAC is the only industry forum for collaboration on critical security threats facing the financial services sector. When attacks occur, early warning and expert advice can mean the difference between business continuity and widespread business catastrophe. Members of the Financial Services Information Sharing and Analysis Center (FS-ISAC) receive timely notification and authoritative information specifically designed to help protect critical systems and assets from physical and cyber security threats.


• NH-ISAC: The NH-ISAC serves to protect the nation's healthcare and public health critical infrastructure against security threats and vulnerabilities. The mission of the NH-ISAC is to ensure and preserve the public trust by advancing the integrity and cybersecurity protection of the nation's healthcare and public health sector's critical infrastructure.


• IT-ISAC: The Information Technology Information Sharing and Analysis Center (IT-ISAC) is a trusted community of security specialists from companies across the Information Technology industry dedicated to protecting the Information Technology infrastructure that propels today's global economy by identifying threats and vulnerabilities to the infrastructure, and sharing best practices on how to quickly and properly address them. The IT-ISAC also communicates with other sector specific ISACs, enabling members to understand physical threats, in addition to cyber based threats. Taken together, these services provide members a current and coherent picture of the security of the IT infrastructure


• Maritime Security ISAC: The Maritime Security ISAC, is a non-profit, member driven organization representing ocean carriers, cruise lines, port facilities and terminals, logistics providers, importers, exporters and related maritime industries throughout the world. Our mission is to advance the security of the United States and the international maritime community by representing maritime interests before government bodies; acting as liaison between industry and government; disseminating timely information; encouraging and assisting in the development of industry-specific technologies; and convening educational and informational conferences for our membership and government partners.


• MS-ISAC: The Multi-State Information Sharing and Analysis Center (MS-ISAC) is a collaborative state and local government-focused cyber security entity that is significantly enhancing cyber threat prevention, protection, and response and recovery throughout the states of our nation. The mission of the MS-ISAC is to provide a common mechanism for raising the level of cyber security readiness and response in each state/territory and with local governments. The MS-ISAC provides a central resource for gathering information on cyber threats to critical infrastructure and providing two-way sharing of information between and among the states, territories and with local government.


• Nuclear Energy Institute: The Nuclear Energy Institute (NEI) is the policy organization of the nuclear energy and technologies industry and participates in both the national and global policy-making process. NEI's objective is to ensure the formation of policies that promote the beneficial uses of nuclear energy and technologies in the United States and around the world.


• PT-ISAC: The PT-ISAC is a trusted, sector-specific entity which provides to its constituency a 24/7 Security Operating Capability that established the sector's specific information/intelligence requirements for incidences, threats and vulnerabilities. Based on its sector-focused subject matter analytical expertise, the ISAC then collects, analyzes, and disseminates alerts and incident reports It provides to its membership and helps the government understand impacts for their sector. It provides an electronic, trusted ability for the membership to exchange and share information on all threats, physical and cyber, in order to defend public transportation systems and critical infrastructure. This includes analytical support to the Government and other ISACs regarding technical sector details and in mutual information sharing and assistance during actual or potential sector disruptions, whether caused by intentional or natural events.


• Real Estate ISAC: Since the World Trade Center Attacks in September 2001, high-profile office properties, apartment buildings, shopping malls and hotels all have been identified as potential terrorist targets at one time or another. In response, industry organizations have worked with government officials to prevent, detect and respond to terrorist threats and malicious incidents. The Real Estate ISAC, a not-for-profit organized by The Real Estate Roundtable and announced in February 2003, represents both a coordinated and an elevated response to these issues. The ISAC is a public-private partnership between the U.S. real estate industry and federal homeland security officials. The partnership facilitates information sharing on terrorist threats, warnings, incidents, vulnerabilities and response planning - to counter terrorism and protect buildings and the people who occupy and use them.


• REN-ISAC: The REN-ISAC mission is to aid and promote cyber security operational protection and response within the higher education and research (R&E) communities. The mission is conducted within the context of a private community of trusted representatives at member institutions, and in service to the R&E community at-large. REN-ISAC serves as the R&E trusted partner for served networks, the formal U.S. ISAC community, and in other commercial, governmental, and private security information sharing relationships.


• SC-ISAC: The Supply Chain ISAC offers the most comprehensive forum for collaboration on critical security threats, incidents and vulnerabilities to the global supply chain. Its mission is to facilitate communication among supply chain dependent industry stakeholders, foster a partnership between the private and public sectors to share critical information, collect, analyze and disseminate actionable intelligence to help secure the global supply chain, provide an international perspective through private sector subject matter experts and help protect the critical infrastructure of the United States.


• ST-ISAC: The ST-ISAC was formed at the request of the Department of Transportation. The ISAC provides a secure cyber and physical security capability for owners, operators and users of critical infrastructure. Security and threat information is collected from worldwide resources, then analyzed and distributed to members to help protect their vital systems from attack. The ISAC also provides a vehicle for the anonymous or attributable sharing of incident, threat and vulnerability data among the members. Members have access to information and analytical reporting provided by other sources, such as the U.S. and foreign governments; law enforcement agencies, technology providers and international computer emergency response teams (CERTs).


• WaterISAC: The Water Information Sharing and Analysis Center (WaterISAC) was authorized by Congress in 2002 and created and managed by the water sector. Its mission is to keep drinking water and wastewater utility managers informed about potential risks to the nation's water infrastructure from contamination, terrorism and cyber threats. The mission has been expanded to help utilities respond to and recover from all hazards. Funded by subscriber fees and matching federal funds, WaterISAC links members through a secure online portal. The subscriber base includes water utilities and state and federal agencies dealing with security, law enforcement, intelligence, the environment and public health.