Terrorists constantly change their tactics to stay one step ahead; the cyber criminals and nation-states that infiltrate computer systems are no different. As soon as cybersecurity experts resolve one major security flaw, adversaries will exploit another. Unlike counterterrorism, robust cybersecurity depends on much more than intelligence agencies and law enforcement. Securing the nation against cyberattacks requires sharing information between agencies at all levels of government, Fortune 500 companies, small businesses, civil society, academia, and everyday citizens.
Information Sharing and Analysis Centers (ISACs)
Official ISACs are members-only bodies that correspond to designated critical infrastructure sectors—banks belong to the Financial Services ISAC, water utilities to the Water ISAC and health insurers to the National Health ISAC.
Information Sharing and Analysis Organizations (ISAO)
More informal than ISACs, ISAOs may organize based on region or interests, instead of economic sector. This flexibility allows partners to choose the right forums for sharing, given their goals.
Multi-State Information Sharing and Analysis Center (MS-ISAC)
This remains the only national cyber information sharing body dedicated to state-specific threats.
National Cybersecurity and Communications Integration Center (NCCIC)
Created in 2015 and operated by DHS, the NCCIC is intended to be the nation’s primary center for cybersecurity information sharing, linking all sectors of government and private industry.
Set up a single body for collecting and sharing cybersecurity information that is relevant to your state.
Many private sector entities possess information that can help the state defend its own networks, conduct proper oversight of regulated sectors and prepare for major cyberattacks. Such companies often express reluctance to collaborate due to concerns that sensitive data might become public record. North Dakota and Iowa recently amended their open records laws to fix this. Of course, cybersecurity needs must be balanced against the need for government transparency.
Overcoming these obstacles requires sustained, high-level attention from executives—a culture of information sharing starts at the top.