Cooperative models for ISACs
Information Sharing and Analysis Centres (ISACs) are non-profit organizations that provide a central resource for gathering information on cyber threats (in many cases to critical infrastructure) as well as allow two-way sharing of information between the private and the public sector. ISACs have created communities within the private sector. They could be oriented on a specific critical sector (e.g. finance, energy, health) or serve as a focal point on the national level to gather information about cyber incidents and analyse it.
Collaboration is a common objective of every European national cyber security strategy. Collaboration to enhance cyber security at all different levels i.e. information on threats sharing, awareness raising can be achieved in two formal structures: The Information Sharing and Analysis Centers (ISAC) and Public Private Partnerships (PPP). This year ENISA has conducted a study on Cooperative Models for Public Private Partnership (PPPs) and Information Sharing and Analysis Centers (ISACs), collating information on best practices and common approaches.
European ISACs are concentrated on building partnerships and trust between members. They are largely industrydriven, but governmental support is expected – not in terms of funding, but rather in facilitating functions (secretariat) and offering professional knowledge (fighting cybercrime, sharing information relevant for the industry). Participation of governmental bodies gives the ISAC an increased formality and also corroborates the public sector’s respect of industry needs and supports it in facing new challenges (e.g. NIS Directive and GDPR implementation).
For the full report, click here.