The Role of The ISACs in Critical Infrastructure

Protection and Resiliency

Denise AndersonVice Chair-National Council of ISACs

Vice President FS-ISAC, Government and Cross Sector Programs

Financial Services Information Sharing & Analysis Center (FS-ISAC)

National Council of ISACs

• Critical Infrastructure• What is an ISAC?• Sample descriptions of the various ISACs and

capabilities/reach• What is the National Council of ISACs?• Brief Overview of the FS-ISAC and Recent

Incidents• Three Initiatives To Enhance Critical Infrastructure

Protection and Resilience

Agenda

• 18 Defined Sectors:

Critical Infrastructure

What is an ISAC?

•Relationship to sectors

•Funding/Structure/Operations

•Functions

Why ISACs?

Trusted entities established by CI/KR owners and operators.

Comprehensive sector analysis

Reach-within their sectors, with other sectors, and with government to share critical information.

All-hazards approach

Threat level determination for sector

Why ISACs? Operational services such as risk mitigation, incident response, and information sharing

Fast response on accurate, actionable and relevant information

Empower business resiliency through security planning, disaster response and recovery execution. Most ISACs, by definition, have 24/7 threat warning, incident reporting capabilities

ISACs• Communications ISAC• Electricity ISAC• Emergency Management & Response ISAC• Financial Services ISAC• Highway ISAC• Information Technology ISAC• Maritime ISAC• Multi-State ISAC

ISACs• National Health ISAC• Public Transit ISAC• Real Estate ISAC• Research and Education ISAC• Supply Chain ISAC• Surface Transportation ISAC• Water ISAC

Other Operational Entities• Defense Industrial Base (DIB)

• Nuclear

• Oil & Gas

• Chemical

• Airline

• The only industry forum for collaboration on critical security threats facing the financial services sector

• Over 4,200 direct members and 30 member associations

• Ability to reach 99% of the banks and credit unions and 85% of the securities industry, and nearly 50% of the insurance industry

• www.fsisac.com

Financial Services ISAC

• Includes all 50 States, the District of Columbia, five U.S. Territories, one local governments per state and all state homeland security offices

• The MS-ISAC continues to broaden its local government participation to include all of the approximate 39,000 municipalities and fusion centers

• www.msisac.org

Multi-State ISAC

• Created by the Association of American Railroads in 2002 at the request of the Secretary of Transportation

• The ST-ISAC supports 95% of the North American freight railroad infrastructure

• www.surfacetransportationisac.org

Surface Transportation ISAC

National Council of ISACs Mission

• The mission of the National Council of Information Sharing and Analysis Centers Council (ISACs) is to advance the physical and cyber security of the critical infrastructures of North America by establishing and maintaining a framework for valuable interaction between and among the ISACs and with governments.

National Council of ISACsBegan meeting in 2003 to address common

concerns and cross-sector interdependencies

Volunteer group of ISACs who meet monthly to develop trusted working relationships among sectors on issues of common interest and work on initiatives of value to CI/KR

National Council of

ISACs

Information Sources Communications

Briefings

Best Practice Sharing -

Joint Statements

-White Papers

Monthly Meetings

Daily & Weekly ISAC Calls

CIP Congress

ENS Calls And Crisis

Calls

ListServ and

Trusted Relations

hips

ISAC Ops Centers

ISACs & Other Sectors

DHS & Other Government PartnersPrivate Sector Liaison At The NICC Other

Sources(Hundreds

)

PCIS

Brief Overview and Recent Incidents in 2011

Financial Services ISAC

FS-ISAC Background

The Financial Services Information Sharing and Analysis Center is:

• A nonprofit private sector initiative• Designed/developed/owned by financial

services industry• Lead agency: U.S. Treasury• Founded in 1999

17

18

FS-ISAC Membership Growth

0

500

1000

1500

2000

2500

3000

3500

4000

4500

1/1/20041/1/20051/1/20072/1/2009

FS-ISAC Information Sharing and Analysis Tools for Members

• Cyber & Physical alerts from 24/7 Security Ops Center

• Briefings/white papers• Risk Mitigation Toolkit• Document Repository• Anonymous Submissions• Committee Listservs• Member surveys

• Bi-weekly Threat calls• Special info sharing

member conference calls• Crisis Management

process– CMLT, CINS• Semi-annual conferences• Webinars• Regional Program• Viewpoints

2011 YTD: Recent Incidents

• US companies experienced 662 reported data breaches in 2010• March: RSA Open Letter reveals Advanced Persistent Threat

(APT) attack against its two-factor authentication product (SecurID)

• April 1: Epsilon data breach divulged email addresses for

unknown number– 2,500 corporate clients– 112 potential companies

2011 Breaches

Data Breaches

(Identity Theft Resource Center)

March 11, 2011-Breach detected not public– Thursday March 17, 2011 story broke

• Threat Intelligence Committee Call– Friday March 18, 2011

• Cyber UCG call • NCI call with DHS• Threat Intelligence Committee Call w/RSA• FS-ISAC Membership Call w/RSA• NCI call

– Mitigation Report Working Group Calls– Mitigation Report– FS-ISAC, BITS Annual Summit – May 2011

RSA Breach

Three Major Initiatives To Enhance Critical Infrastructure Protection and Resilience

1. Liaison Programs1. NICC2. NCCIC

2. Information Sharing Frameworks1. Directorate2. CSISF3. GISF

3. Classified Information Sharing

Who Is The NCCIC?DHS Office of

Cybersecurity and Communications (CS&C)

US CERT

NCCICS-

CERTDHS I&A

NCSC

Liaisons

UCG

NCCIC

CLICK

• National Security Telecommunications Advisory Council-NSTAC

• Cross-Sector Cyber Security Collaboration and Analysis

• Pilot project initially involving the FS-ISAC; IT-ISAC; Defense Security Information Exchange (DSIE) and Communications ISAC.

Joint Coordination Center - CSISF

CONTACT

Denise AndersonVP FS-ISAC, Government & Cross-Sector Programs - FS-ISAC

Vice Chair-National Council of ISACsdanderson@fsisac.us