Another View: Regional ISACs provide security coordination
- By Peter Allor
- Apr 30, 2003
State and local government officials should give serious thought to establishing regional information sharing and analysis centers, or ISACs. The need for interstate ISACs is clear. With such an operation in place, member governments could better defend against cyberattacks and coordinate responses to attacks when they occur.
An ISAC can provide early warnings about threats while helping member governments share best security practices.
Most state and local governments lack information security skills. Most also are facing severe budget constraints, so they lack the resources to research and analyze cybersecurity intelligence. Meanwhile, 300 new online vulnerabilities pop up per month.
An interstate ISAC's ultimate value stems from its ability to acquire and share information about new threats before they turn into attacks.
An interstate ISAC should serve three basic functions:
- Act as an early warning system to member governments of potential and developing threats, and recommend protection measures
- Serve as a clearinghouse for peer data and provide a data repository to which member governments contribute security data
- Offer a highly focused resource for trends and analysis. ISAC researchers would use the data to create custom reports, letting each member government focus on what is most relevant to its own environment.
For an ISAC to work, member governments must develop information-sharing relationships. They must make firm commitments to share confidential data, feeding it from their individual networks into the ISAC. In turn, the ISAC analyzes the data and provides security reports and incident alerts back to members, combining this data with information from other public and private sources, such as private security companies and federal agencies.
Collecting and coordinating this information requires skilled security specialists using powerful analytical tools. State and local officials must hold these specialists responsible for ensuring the validity of the information sources, authenticating participants and securing the ISAC itself against attack.
To set up an ISAC, state and local governments need to determine what security information is most relevant to the member governments. In the private sector, companies within a particular industry'say, IT or banking'have established their own ISACs to share security information.
States can choose ISAC members in several ways. They might form their own individual state ISAC and include counties and cities, or take a regional approach that includes contiguous states.
The first steps in creating a shared ISAC can seem overwhelming. But it is a necessary and critical part of the nation's homeland defense strategy. ISACs offer active protection for government networks and information assets. By pooling their resources, state and local governments can get significant benefits, mainly by taking a proactive approach to security and focusing efforts on the most vulnerable areas.
With ISAC operations being coordinated by dedicated security experts, members can spend their limited time on overall security strategy rather than on reactive'or too late'security fixes. Peter Allor, of Internet Security Systems Inc., is director of operations for an ISAC in Atlanta.