Information Sharing and Analysis Centers (ISACs)
Information Sharing and Analysis Centers (ISACs) are non-profit organizations that provide a central resource for gathering information on cyber threats (in many cases to critical infrastructure) as well as allow two-way sharing of information between the private and the public sector about root causes, incidents and threats, as well as sharing experience, knowledge and analysis. In many EU Member States, ISAC or similar initiatives exist.
European legislations like the NIS Directive and the Cybersecurity Act nourish the creation of sectoral ISACs and PPPs within the EU. The NIS Directive among others separates the operators of essential services in sectors and tasks the operators to implement requirements on incident reporting. The creation of sectorial ISACs at national level could further assist with the implementation of these provisions. During the transposition of such European legislation to national law, these communities could be further informed and advised by policy makers.
Information sharing between national stakeholders but even in cross country cases is one important aspect for cyber security. Knowledge on tackling cyber attacked, incident response, mitigation measures and preparatory controls can be shared between the relevant stakeholders.
ENISA invested on this objective and provides good practices and recommendations:
- Information Sharing and Analysis Center (ISACs) - Cooperative models
- Incentives and Barriers to Information Sharing
- Good Practice Guide on Information Sharing
Cooperative Models for Information Sharing and Analysis Centers (ISACs)
In 2017, ENISA published a study on Cooperative Models for Information Sharing and Analysis Centers (ISACs), collating information on best practices and common approaches. ISACs are trusted entities to foster information sharing and good practices about physical and cyber threats and mitigation.
In this report the most common approaches are categorized in three different models: the country focused, the sector specific and the international structures.
According to the study the main objectives are:
- To provide information about the ISACs in Europe through collecting information on the current status of ISACs and to identify main models of this type of collaboration;
- To identify current challenges that both the private and the public sector face in the process of setting up and developing ISACs;
- To formulate and propose recommendations to enhance the sophistication of ISACs in Europe;
- To investigate the potential role of ENISA in the creation of Pan European ISAC.
Incentives and Barriers to Information Sharing
In 2010, ENISA worked on a report that analyses barriers and incentives for information sharing in the field of Critical Information Infrastructure Protection (CIIP). Findings indicate that many of the barriers and incentives commonly identified in the available literature are of relatively low importance to security officials working in Information Exchanges (IEs).
According to the study the most important are:
- Economic incentives stemming from cost savings;
- Incentives stemming from the quality, value, and use of information shared;
As most important barriers were identified:
- Poor quality of information;
- Misaligned economic incentives stemming from reputational risks;
- Poor management.
Good Practice Guide on Information Sharing
In 2009, ENISA issued its Good Practice Guide (GPG) on Information Sharing. It aims at assisting Member States and other relevant stakeholders in setting up and running Network Security Information Exchanges in their own countries.
The main characteristics of such a platform are:
- Regular, face-to-face meetings comprising 20 and 30 high level security experts;
- Government role is instrumental in setting up and running an NSIE together with industry;
- Addresses strategic issues (e.g. major/critical disruptions) rather than operational ones;
- Participation is free of charge, new members require unanimous agreement from existing members;
- It should provide incentives to members to participate;
- It should respect members commercial sensitivities related to the disclosure of information to competitors and/or regulators;
- Emphasis is on information exchange rather than on information transfer.