Introduction
Information Sharing and Analysis Centers (ISACs) are industry-specific organizations focusing on gathering data on technology vulnerabilities, risks, and solutions. ISACs are formed by the owners and operators of critical infrastructures. ISACs gather, analyze, and disseminate information associated with these infrastructures (National Council of ISACs, 2020).
The Goals of ISACs
ISACs should have a range of characteristics that allow them to protect information concerning a certain infrastructure. For example, it provides 24/7 protection from threats and has a reporting system (Radvanovsky & McDougall, 2013). It collects data from different sources and promotes sharing this information between the ISAC members. According to the European Union Agency for Network and Information Security (2017), ISACs can be divided into three groups: country-focused, sector-specific, and international. Moreover, they can refer to such fields, as maritime, nuclear, health, automotive, and others.
Electricity Information Sharing and Analysis Center
The first ISAC that will be analyzed in this paper is the Electricity Information Sharing and Analysis Center (E-ISAC). E-ISAC “provides its members and partners a protection against various threats to the North American electricity industry” (North American Electric Reliability Corporation, n.d.). The ISAC is operated by the North American Electric Reliability Corporation (NERC) and has a portal allowing the data exchange between the members who report on physical threats, such as vandalism, gunfire damage, meteorological events, and eco-terrorist, among other dangers.
Oil and Natural Gas Information Sharing and Analysis Center
Another ISAC is the Oil and Natural Gas Information Sharing and Analysis Center. It protects the critical infrastructure against insider threats, malware, and data breaches. In 2016, it responded to 290 cyber attacks, 59 of which were within the energy sector (ONG-ISAC, n.d.). It uses the Traffic Light Protocol to share the information between members, which makes the sharing secure. Only the members of ONG-ISAC receive the information classified as Red, Amber, and Green. Others can receive information marked as TLP White.
Conclusion
Both ISACs reviewed aim to protect specific energy infrastructures against cyber threats. They seem to be successful, as they are reported to have a wide range of functions that provide an ISAC’s efficiency. Both of them are concerned about an opportunity for a secure data exchange between the members. Both ISACs hold webinars and have bulletins for their members. However, E-ISAC seems to have a wider range, as it reports not only on cyber attacks but on physical threats as well.
References
American Public Transportation Association. (2013). Information Sharing and Analysis Center. Web.
European Union Agency for Network and Information Security (ENISA) (2017). Information sharing and analysis centers (ISACs). Web.
National Council of ISACs (2020). ISACs are member-driven organizations, delivering all-hazards threat and mitigation information to asset owners and operators. Web.
North American Electric Reliability Corporation (n.d.). Electricity information sharing and analysis center. Web.
Radvanovsky, R. S., & McDougall, A. (2013). Critical infrastructure: Homeland security and emergency preparedness (3rd ed.). CRC Press.
Oil and Natural Gas Information Sharing Center (n.d.). Protecting critical infrastructure. Web.