Cyber threat information sharing is essential to thwarting successful hacks and minimizing consequences should a breach occur. For many years large organizations have had opportunities to work with the Department of Homeland Security (DHS) to share indicators of compromise to ensure the protection of critical infrastructure and major business entities. There is an opportunity now for every company to participate and it was institutionalized through Executive Order 13691 in 2015. Now, any business or organization can create an Information Sharing and Analysis Organization (ISAO) and access sharing programs established by DHS and managed by the International Association of Certified ISAO (IACI).
As the lead federal department for the protection of critical infrastructure and the furthering of cybersecurity, DHS has developed and implemented numerous information sharing programs. IACI partners with DHS to build and provide guidance for emerging and existing ISAOs. The National Cybersecurity and Communications Integration Center (NCCIC), within the CISA Office, serves as a centralized location where operational elements are coordinated and integrated. NCCIC partners include all federal departments and agencies; state, local, tribal, and territorial governments; the private sector; and international entities. The NCCIC’s activities include providing greater understanding of cybersecurity and communications situation awareness vulnerabilities, intrusions, incidents, mitigation, and recovery actions.
Working With The DHS NCCIC
Neither a formal information-sharing agreement nor a security clearance is a prerequisite to share information with or receive information from the NCCIC, and entities take advantage of NCCIC’s resources at a variety of levels. However, ISAO are afforded limited liability protection for the information they share. The ISAO can’t be regulated based on the information and have some court protections. ISAOs have the opportunity to sign a Cyber Information Sharing and Collaboration Agreement (CISCA) with DHS that affords them even more access.
There are four levels of agreements in which partners engage and are integrated with the NCCIC:
- Level 1 – Entities have the ability to share information with the NCCIC, as well as to collaborate in both ongoing and incident response situations. This can include a physical, day-to-day, presence of designated representatives in the NCCIC watch floor. These participants are actively involved in daily NCCIC operations and are closely coordinated with the NCCIC’s personnel. The agreement for this is the Cooperative Research and Development Agreement.
- Level 3—Private entities can access our products online, including NCCIC and US-CERT bulletins, educational and training resources, and best practices. Coordination is virtual and communication is electronic, through the NCCIC’s information sharing mechanisms, to include reports, advisories, and bulletins with threat and mitigation information. No agreement is necessary for this type of sharing, and many entities of various sizes make use of the NCCIC’s resources.
- Level 4- Private entities can engage with each other using a DHS forum to share best practices, share mitigation techniques and manage risk in a trusted environment.
Start an ISAO
Taking advantage of information sharing program does not require a direct relationship with DHS. The ISAO offers a barrier between the company and the government. Smart companies join ISAOs to know if something is happening in networks of their partners. Truth is if it is happening to them – you are probably next. Go to www.certifiedisao.org for more information.