WASHINGTON, DC – The National Council of Information Sharing and Analysis Centers (NCI) is celebrating its 15th anniversary in 2018. Consisting of critical infrastructure sector-based information sharing and analysis centers (ISACs), the Council is a cross-sector partnership for sharing cyber and physical threats and mitigation strategies.
ISACs have their roots in the 1998 Presidential Decision Directive 63, which directed federal agencies to encourage industry sectors to establish organizations to share security threat and vulnerability information with owners and operators and federal partners. The role of ISACs was subsequently reinforced in the 2013 National Infrastructure Protection Plan and Executive Order 13691 - Promoting Private Sector Cybersecurity Information Sharing.
The first ISAC was established in 1999 and several followed soon after. In 2003 the National Council of ISACs was formed. Today, the Council comprises 23 member organizations, which provide their stakeholders with trusted forums for sharing alerts and analysis, subject matter expertise, best practices and mitigation resources.
These ISACs specialize in either cybersecurity or physical security, or both, and many are the designated operational arms of their sectors, working in coordination with the Sector Coordinating Councils. Member ISACs serve a range of sectors, from automotive to emergency responders and from financial services to water, with energy, telecommunications, retail and many others in between. Some ISACs have global operations and memberships.
“NCI is a true cross-sector partnership,” said Denise Anderson, NCI’s chair and the president of the National Health ISAC. “Critical infrastructure sectors supported by the ISACs are crucial to the well-being of the United States, and NCI’s goal is to support them by bringing the ISACs together and working collaboratively with the Department of Homeland Security and our many other federal partners.”
“I am honored to serve the NCI and work with such an outstanding group of organizations and individuals,” Anderson added.
At NCI, member ISACs confer and collaborate with each other daily, weekly and monthly via conference calls, list-servers and in-person meetings on cyber and physical threats seen in their sectors. During incidents requiring cross-sector response, member ISACs work together and with government partners to facilitate response and recovery.
The Council also conducts and participates in cross-sector exercises, works with the National Infrastructure Coordinating Center (NICC) and the National Cybersecurity and Communications Integration Center (NCCIC) during steady-state and incidents, hosts emergency calls as needed and develops joint white papers on threats. NCI also has been a leader in promoting the use of automated cyber threat indicator sharing.
In more recent years, through NCI’s Operational Coordination Forums, member ISACs, federal agencies and other partners join together to identify actions that can be taken to improve coordination during steady-state and incidents to better support cross-sector critical infrastructure security and resilience.
“The fact that NCI is celebrating 15 years goes a long way toward showing how important ISACs are to their communities,” Anderson said. “NCI’s membership will continue to grow as new ISACs form, and NCI’s capabilities will continue to evolve to meet growing security threats.”