2017 Year In Review – ISAO Standards Organization

The ISAO Standards Organization

2017

YEAR IN REVIEW

Click Here to Begin

Navigation

Download PDF Version

ABOUT THE ISAO SO

In October 2015, the U.S. Department of Homeland Security selected a team led by The University of Texas at San Antonio, with support from LMI and the Retail Cyber Intelligence Sharing Center (R-CISC), to form the Information Sharing and Analysis Organization Standards Organization (ISAO SO), a non-governmental organization, to facilitate the implementation of Presidential Executive Order 13691.

EXECUTIVE ORDER

Provide guidelines for robust and effective information sharing and analysis related to cybersecurity risks, incidents, and best practices.

MISSION

Improve the Nation’s cybersecurity posture by identifying standards and guidelines for robust and effective information sharing related to cybersecurity risks, incidents, and best practices.

Navigation

Download PDF Version

A LETTER FROM THE EXECUTIVE

DIRECTOR

2017 has been a landmark year for the Information Sharing and Analysis Organization Standards Organization (ISAO SO).

After a successful 2016 featuring the publication of our four initial guideline documents, the focus of the ISAO SO has shifted beyond

After a successful 2016 featuring the publication of our four initial guideline documents, the focus of the ISAO SO has shifted beyond the initial documents. This year has seen incredible growth in information sharing organizations and the outreach of the ISAO SO.

the initial documents. This year has seen incredible growth in information sharing organizations and the outreach of the ISAO SO.

Our efforts at engaging with the community are at an all-time high. With the success of this fall's inaugural International Information Sharing Conference, we have a renewed sense of progress and vision for this meaningful project. Hearing from practitioners from across the globe provided critical feedback that the work we are doing is making an impact in the daily efforts of industry leaders.

Seeing the support from the public and private sector underscored that information sharing is an issue for both. Cybersecurity impacts everyone and information sharing is a critical component of any cybersecurity strategy.

One of our biggest takeaways of 2017 has been that cybersecurity is a team sport. Everywhere we travel, we've heard how information sharing organizations lean on their members and other organizations to drive forward.

I'd like to thank our staff, working group leadership, working group members, and the community at large for their dedication to this project and for their efforts in increasing the security and resiliency of our nation.

Sincerely,

Gregory B. White, Ph.D.

Executive Director
ISAO Standards Organization

Navigation

Download PDF Version

INFORMATION SHARING

ECOSYSTEM

ECOSYSTEM OVERVIEW

The ISAO SO's information sharing community now contains over 50 registered information sharing groups.

The graphic below demonstrates how the flow of incoming and outgoing information could look as the ecosystem expands from dozens to hundreds of information sharing groups.

• Advanced Cyber Security Center
• Arizona Cyber Threat Response Alliance (ACTRA)
• Automotive ISAC
• Aviation ISAC
• Cybersecurity Analysis, Intelligence and Information Research Institute (CAIIRI)
• California Cybersecurity Information Sharing Organization (CalCISO)
• Center for Model Based Regulation
• Columbus Collaboratory
• Communications ISAC
• Cyber Information Sharing and Collaboration Program (CISCP)
• Defense Industrial Base ISAC
• Defense Security Information Exchange (DSIE)
• Downstream Natural Gas ISAC (DNG ISAC)
• Electricity ISAC
• Emergency Management and Response ISAC
• Energy Analytic Security Exchange (EASE)
• EnergySec
• Financial Services ISAC
• GICSR Global Situational Awareness Center (GSAC)
• Global Resilience Federation (GRF)
• Healthcare Ready
• HITRUST
• Hospitality Technology Next Generation
• Indiana ISAC
• Information Technology ISAC
• InfraGard
• International Association of Certified ISAOs (IACI)
• IoT ISAO
• Legal Services ISAO
• Maritime and Port Security ISAO
• Maritime ISAC
• Maryland ISAO
• Medical Device ISAO
• Mid-Atlantic Cyber Center (MACC)
• Multi-State ISAC
• National Council of ISACs
• National Credit Union ISAO
• National Cybersecurity Society
• National Health ISAC (NH-ISAC)
• Northeast Ohio CyberConsortium
• Oil and Natural Gas ISAC
• Real Estate ISAC
• Regional Information Sharing Systems
• Research and Education Network ISAC
• Retail Cyber Intelligence Sharing Center
(R-CISC)
• Retail Industry ISAO – National Retail Federation
• Small and Mid-Sized Business ISAO (SMB ISAO)
• Southern California ISAO
• Sports ISAO
• Supply Chain ISAC
• Surface Transportation, Public Transportation, and Over-The-Road Bus ISACs
• Texas CISO Council
• Trustworthy Accountability Group (TAG)
• Water ISAC

DIGEST OF INFORMATION SHARING GROUPS

Navigation

Download PDF Version

THE VALUE OF ISAOs

An ISAO is a group created to gather, analyze, and disseminate cyber threat information; they offer a more flexible approach to self-organized information sharing activities among communities of interest.

What makes the ISAO construct so powerful is its potential to widely and rapidly propagate critical cybersecurity threat and incident response information across numerous communities of interest that are currently underserved from a cybersecurity perspective.

The ISAO SO is now in a position to create a national network of ISAOs that could rapidly share information about threats at a pace and scale that would dramatically reduce the effective lifespan of an adversary exploit and alter the balance between offense and defense.

Navigation

Download PDF Version

ISAO SO LEADERSHIP MEETING

SAN ANTONIO, TX

The ISAO SO hosted an in-person meeting with working group leadership in San Antonio, TX in July of 2017. The meeting was the first of two in-person events the group planned for the year and was meant to reinforce guidance provided by the ISAO SO to the working groups.

Working Group leaders shared details of the current documents in development, timelines, and topics for future documents based on the needs of the information sharing community.

Dr. Greg White also lead robust discussions on the importance of small business and organization involvement, the ISAO SO's continued document development, and the International Information Sharing Conference.

NEW WORKING GROUPS LAUNCHED

The ISAO SO added two new working groups in 2017.

INTERNATIONAL

Objective: Develop guidelines for ISAOs and companies who plan to share cybersecurity information internationally. Provide ISAOs with the knowledge required to make informed decision regarding the sharing of cybersecurity information across national borders. Discuss and address the advantages, obstacles, and global restrictions that may impact how ISAOs operate.

ANALYSIS

Objective: Identify and address methods and associated issues regarding analyzing indicators with respect to Information Sharing and Analysis Organizations.

Navigation

Download PDF Version

DOCUMENT DEVELOPMENT

NEW PUBLISHED PRODUCTS

The ISAO SO published three new documents this past year:

CURRENT DOCUMENTS IN DEVELOPMENT FOR 2018

• ISAO 200-1: Foundational Services and Capabilities

• ISAO SP 2000: Crisis Action Playbook

• ISAO 300-2: Automated Information Sharing

• ISAO 500-1: U.S. Transnational Cybersecurity Information Sharing

• ISAO 700-1: Introduction to Analysis

• ISAO SP 6000: A Famework and Model for State-Level ISAOs

• ISAO SP 6001: State-Level Enabling and Partnering with Private Sector ISAOs

VOLUNTARY CONSENSUS

STANDARDS DEVELOPMENT

Navigation

Download PDF Version

CONNECTING WITH THE

COMMUNITY

RSA CONFERENCE

The ISAO SO team traveled to San Francisco in February of 2017 to exhibit at RSA, one of the largest info security conferences in the world.

The team talked about information sharing and support services available from the ISAO SO and also hosted a breakout meeting to discuss the value of information sharing and analysis organizations.

ISAC/ISAO TOURS

The executive team visited with ISACs and ISAOs throughout the country in 2017.

The team learned about the history of each organization they visited, including how they got started, organizational structure, services and capabilities being offered, primary reason for sharing, and what key strategies they use for building trust with members.

ON THE ROAD

The team also participated in events and conferences including the National Governor's Association (NGA) meeting, the Illinois Chamber of Commerce 2nd Annual Cybersecurity Conference in Chicago, the Cyber Resilience Institute in Colorado Springs, and the 6th Annual Cybersecurity Summit in Washington, D.C. to name a few.

Navigation

Download PDF Version

GROWING AND SUPPORTING

THE ECOSYSTEM

NATIONAL LIST OF ISAOs

The ISAO SO created a national list of information sharing groups in 2016 and used 2017 to significantly expand the number of groups included. The list provides the names of the groups, a brief synopsis, a link to their website, and contact information. The purpose of this initiative is to provide the community with a comprehensive list of information sharing groups and their services. The listing has proven to be especially helpful to new and emerging ISAOs as they begin to navigate the information sharing ecosystem.

ISAO SO MARKETPLACE

The Marketplace serves as a one-stop shop for information sharing organizations to discover services, tools, and capabilities to assist growing their organizations.

This resource helps ISAOs to establish their operations, meet the needs of their membership, and grow to be a successful information sharing organization.

NEW AND EMERGING ROUNDTABLE DISCUSSIONS

In 2017, the ISAO SO hosted five online roundtable discussion calls open to registered information sharing organizations and those interested in starting a new ISAO. The roundtables provided an opportunity for the sharing of knowledge regarding challenges and potential solutions.

Navigation

Download PDF Version

The ISAO SO created a national list of information sharing groups in 2016 and used 2017 to significantly expand the number of groups included. The listing has proven to be especially helpful to new and emerging ISAOs as they begin to navigate the information sharing ecosystem.

INTERNATIONAL INFORMATION

SHARING CONFERENCE (IISC)

The ISAO SO hosted nearly 200 participants from across the globe in Washington D.C. for the inaugural International Information Sharing Conference. The two-day event, held with participation from the Department of Homeland Security (DHS) and the U.S. Chamber of Commerce, brought together the public and private sector to discuss the future of information sharing efforts.

The conference was highlighted by high-profile keynote addresses from Thomas Schreck, Chairman of the international Forum of Incident Response and Security Teams (FIRST), Ed Harris, Senior Manager, Global Security Ops, Risk & Compliance for VF Corporation, and Jeanette Manfra, Assistant Secretary of Cybersecurity and Communications at DHS.

Breakout sessions throughout the conference included presentations from industry representatives such as MITRE, Surevine, TruSTAR Technology, Global Resilience Federation (GRF), and Johns Hopkins University Applied Physics Laboratory, among others, as well as leaders from several information sharing organizations, including the National Credit Union ISAO, Trustworthy Accountability Group (TAG), Arizona Cyber Threat Response Alliance (ACTRA), regional ISAOs, the Financial Services ISAC, and the Electricity ISAC.

Finally, sponsor NC4 delivered a technology demonstration displaying solutions to help ISAOs provide more value to their members with two platforms.

The conference was highlighted by high-profile keynote addresses from Thomas Schreck (FIRST), Ed Harris (VF Corporation), and Jeanette Manra (DHS). Additionally, the conference included breakout sessions lead by several information sharing organizations and industry representatives and a technology demo by sponsor NC4.

Navigation

Download PDF Version

IISC 2017 TESTIMONIALS

“I want to thank the ISAO SO for the work they put in to making the inaugural International Information Sharing Conference a success. The efforts of the ISAO SO and all of those involved to strengthen the information sharing ecosystem is truly making a difference. I also have to thank all the fantastic speakers and panelist for providing such wonderful and thought-provoking information. I look forward to attending future conferences.”

—NICK STURGEON,
SECURITY OERATIONS CENTER DIRECTOR,
PONDURANCE (FORMERLY OF THE IN-ISAC)

—NICK STURGEON, PONDURANCE (FORMERLY OF IN-ISAC)

“The Conference was a valuable opportunity to connect with people representing many different parts of the information sharing community and deepen relationships.”

—DAVID TURETSKY,
CO-CHAIR WORKING GROUP 4,
PRIVACY AND SECURITY

—DAVID TURETSKY, CO-CHAIR WORKING GROUP 4

“The First Annual ISAO Conference brought together the information sharing leaders from across the country to increase the dialogue and continue to elevate the cyber threat sharing ecosystem. I was honored to participate in the program. It was immensely valuable and I hope it continues each year.”

—CARL ANDERSON
CHIEF LEGAL OFFICER & SENIOR VICE PRESIDENT
OF GOVERNMENTAL AFFAIRS, HITRUST

—CARL ANDERSON, HITRUST

Navigation

Download PDF Version

HALL OF FAME AWARDS

The ISAO SO presented the inaugural Information Sharing Hall of Fame Awards at the International Information Sharing Conference on October 31, 2017.

The awards recognized those individuals and companies who have demonstrated the highest standards of professional competence and selflessness and have contributed significantly to the promotion of the information sharing ecosystem.

Nominations were accepted on the isao.org website and considered and approved by an awards panel comprised of ISAO SO Directors and members of the Cybersecurity Information Sharing Community at large.

Full bios for the winners can be found on our Information Sharing Hall of Fame page.

2017 INFORMATION SHARING HALL OF FAME
INDUCTEES:

INDIVIDUAL

David Powell,
CyberUSA and
Federal Business Council

ORGANIZATION

The MITRE Corporation

Navigation

Download PDF Version

GISLA AWARDS

Nominated by the Department of Homeland Security, the ISAO SO was selected as a finalist for the Most Valuable Industry Partner (MVIP) – Team Category at the 2017 U.S. Government Information Security Leadership Awards (GISLA) in May of this year.

”We are honored to have the ISAO Standards Organization team recognized as a finalist for the GISLAs. This accolade as a finalist in the Team Category speaks to the hard work of the entire ISAO SO staff and working group volunteers. Our work would not be possible without the incredible suppport, dedication ,and tenacity of the whole team.”

—Dr. Gregory B. White,
Executive Director, ISAO SO

Navigation

Download PDF Version

The GISLA program was established in 2004 to recognize government information security leaders, individuals or teams, whose commitment to excellence is advancing the nation’s cybersecurity program.

COMMUNICATIONS HIGHLIGHTS

2017 SPEAKING ENGAGEMENT HIGHLIGHTS

• FS-ISAC Fall Summit

• Cross-Sector Leadership Forum

• Defense Transportation Fall Conference

• Midwest Cyber Center

• MS-ISAC Annual Meeting

• IT and Communications Sector Annual Meeting

• San Antonio Cyber Committee

• Integrated Cyber

• National Governor's Association Summit on Cyber Challenges

• Western Regional FBI InfraGard Information Sharing Initiative

Navigation

Download PDF Version

A MORE SECURE NATION

2017 has been a landmark year for the ISAO SO. Thank you for your continued support and partnership as we look forward to another successful year in 2018.

Click here to download the full version of this report. Click on the images below to navigate back to a specific slide.

Download PDF Version

First Slide

NAVIGATION

2017 Year in Review

About the ISAO SO

A Letter From the Executive Director

Information Sharing Ecosystem

The Value of ISAOs

ISAO SO Leadership Meeting

Connecting With the Community

Document Development

Growing and Supporting the Ecosystem

International Information Sharing Conference

First Slide

Download PDF Version

IISC 2017 Testimonials

Hall of Fame Awards

GISLA Awards

Communications Highlights