As we begin a New Year, we wanted to take a couple minutes to provide a summary of some key IT-ISAC accomplishments and achievements in 2018. Of course, a key part of what we do is share threat indicators with our members and facilitate the sharing of information among our members. However, the IT-ISAC is about much more than just indicator sharing. Our mission is to “grow a diverse community of companies that leverage information technology and share a common commitment to cyber-security; to serve as a force multiplier that enables collaboration and sharing of relevant, actionable cyber threat information and effective security policies and practices for the benefit of all.” To demonstrate how we implement this mission, below are some key achievements for the IT-ISAC in 2018 that go beyond indicator sharing. These are grouped into two general buckets, “Operational” and “Organizational,” but otherwise are listed in no particular order.
Select Operational Successes
Established the Election Industry-Special Interest Group (EI-SIG): In the fall, we worked with the Elections Infrastructure Sector Coordinating Council to create a Special Interest Group within the IT-ISAC for elections industry companies. This Special Interest Group is open to companies that produce, provide, manufacture, service or secure voting systems. SIG members are full IT-ISAC members with full member benefits. However, the IT-ISAC is also providing them with a private, industry-only forum to collaborate on common challenges and issues. We supported the SIG throughout the midterm elections by sharing indicators, providing industry specific analytical products, hosting SIG member-only calls, and participating in the election day “war room” hosted by DHS. We are thrilled that these companies have entrusted us to work with them on critical security issues and to enhance the integrity of elections. You can learn more about the EI-SIG here and read the blog from Kay Stimson, Vice President of Dominion Voting Systems and Chair of the Elections Infrastructure Sector Coordinating Council here.
Transitioned to TruSTAR Technologies TIP: In early 2018, the Board accepted the recommendation of a member-led task force to transition our TIP platform to TruSTAR Technologies. The TruSTAR TIP provides a user-friendly way to leverage STIX/TAXII to share information with members. As part of our agreement with TruSTAR, all members have full access to TruSTAR’s analytical capabilities, and API integrations are available for Silver and Gold level members. The transition to TruSTAR has increased the collective analytical capabilities of the IT-ISAC by providing members and staff a robust analytical platform and freeing up IT-ISAC analytic resources to produce enhanced analytical products.
Developed the Vulnerability and Exploitation Action Report (VEAR): In response to member requests for additional analytical product, we began producing the Vulnerability and Exploitation Action Report (VEAR) and distribute to members on a weekly basis. The VEAR identifies and analyzes new, unique, and under-reported exploitations. The VEAR explores vulnerabilities and exploitations through code samples, visual media (pictures, gifs, and video), and expert commentary. The report promotes awareness and dissection among members of various vulnerabilities and exploitations.
Participated in Cyber Storm VI: The IT-ISAC continued our participation in the Cyber Storm exercise series with our engagement in Cyber Storm VI. We are among a select few organizations that have participated in all six exercises in the Cyber Storm series. Cyber Storm VI provided us the opportunity to test our internal operating procedures, as well as the opportunity to review how we collaborate with our partner ISACs through the National Council of ISACs and government. It also provided the opportunity to identify policy changes that would enhance a response to a cyber incident of national significance. A key finding from Cyber Storm VI is the need to consistently integrate industry into the National Cyber Incident Response Plan through designated representation on the Cyber Unified Coordination Group.
Support Incident Analysis and Response: Like everyone else in the field, the IT-ISAC operations team was busy responding to multiple incidents in 2018. A key value our team provides members is to serve as a “truth detector” to help identify false or inconsistent reporting about high profile incidents. We also provide a trusted forum in which analysts from member companies can collaboratively analyze incidents and threats. In 2018, we facilitated a collaborative response among members and developed member analytical reports on various high level incidents including WannaCry, SamSam, Spectre/Meltdown and BleedingBit, among others. These reports are imported to our TIP so that the report indicators can be easily pulled by our members into their enterprises. We also assisted with business continuity support to our members during wildfires, hurricanes and other disasters by providing members incident reports from government and other trusted partners.
Helped Strengthen the Operational Collaboration Across the ISAC Community: To enhance collaboration among the ISAC Community, the IT-ISAC participated in the Operations Coordination Forum (OCF) exercise, sponsored by the National Council of ISACs. The OCF identified specific actions to enhance coordination among the ISAC community, and the responsibility for implementing these action items was divided among volunteering ISACs. Although the ISACs have been working together for fifteen years or more, the OCF is an important way for ISACs to further improve collaboration.
Select Organizational Successes
Named to ICT Supply Chain Task Force Executive Committee: The IT-ISAC is honored to have been selected as a member of the Executive Committee of the ICT Supply Chain Risk Management Task Force. Co-Chaired by the IT Sector Coordinating Council, the Communications Sector Coordinating Council, and DHS, the ICT Supply Chain Risk Management Task Force is charged with developing consensus recommendations to identify and manage risk to the global ICT supply chain. We are committed to constructive engagement and active participation in the task force.
Sustained Membership Growth: The IT-ISAC continued its steady growth by adding companies of all sizes and various technology fields. From global technology leaders to small enterprises, each member company adds additional capabilities, resources and perspectives to the IT-ISAC, which brings additional value to the larger membership. There is no regulatory requirement for any company to be an IT-ISAC member. Each member joins and contributes voluntarily. Our consistently sustained growth demonstrates the value members receive from their collaboration with others through their IT-ISAC membership.
Expanded International Engagement: We were fortunate to have the opportunity to present at RSA APJ in Singapore and at the HK CERT Summit in Hong Kong. Our message at both events focused on the business case for sharing information among competitors. In addition to presenting at these conferences, we also met with local industry leaders to raise awareness about the IT-ISAC and the value of collaborating with industry peers. In partnership with the industry members of the Communications ISAC, we also hosted a meeting with the ICT-ISAC Japan and officials from the Japanese government to discuss improving the existing relationship between the IT-ISAC, Communications ISAC, and the ICT-ISAC Japan.
Awarded the Information Sharing Hall of Fame Award: In September, the ISAO Standards Organization recognized the totality of the contributions made by the IT-ISAC as an organization since its founding to the information sharing community by presenting the IT-ISAC with its “Information Sharing Hall of Fame Award.” IT-ISAC President Peder Jungck accepted this award on behalf of the IT-ISAC. You can view the press release here. We very much appreciate this recognition.
Established a Training Partnership with the EC-Council: As a means of adding additional value to IT-ISAC Membership, the IT-ISAC entered into a non-exclusive partnership with the International Council of E-Commerce Consultants, also known as EC-Council. The EC-Council is the world's largest cyber security technical certification body. Together with EC-Council, we carefully determined the most relevant content and offerings available to IT-ISAC members. Examples of offerings include discounts on training, opportunities for members to host training sessions, workshop discounts and more. We look forward to enhancing this partnership further throughout the year.
Increased Internal and External Communications: The IT-ISAC Board expanded its investment in marketing and communications to help communicate the IT-ISAC’s value and story to members and non-members. Our full time communications assistant has helped us rebuild our website, create a LinkedIn page, and launch the FireWall Chats series of blog posts and podcast episodes. The feedback from members and partners to our communications program has been tremendous, and we look forward to continuing to keep members and partners informed of all the IT-ISAC happenings in 2019!
Clearly, we have a lot going on, and accomplished much in the last year. This represents only some of what we have done and have been able to achieve working with our members, partner ISACs and government partners. We are very excited for continued growth and success in 2019. If you want to learn more even more about what the IT-ISAC is up to, or would like to touch base on anything, please send me an email.
Scott C. Algeier is the Executive Director of the IT-ISAC.