Cooperative models for ISACs

Cooperative models for ISACs


Information Sharing and Analysis Centres (ISACs) are non-profit organizations that provide a central resource for gathering information on cyber threats (in many cases to critical infrastructure) as well as allow two-way sharing of information between the private and the public sector. ISACs have created communities within the private sector. They could be oriented on a specific critical sector (e.g. finance, energy, health) or serve as a focal point on the national level to gather information about cyber incidents and analyse it.

Collaboration is a common objective of every European national cyber security strategy. Collaboration to enhance cyber security at all different levels i.e. information on threats sharing, awareness raising can be achieved in two formal structures: The Information Sharing and Analysis Centers (ISAC) and Public Private Partnerships (PPP). This year ENISA has conducted a study on Cooperative Models for Public Private Partnership (PPPs) and Information Sharing and Analysis Centers (ISACs), collating information on best practices and common approaches.

European ISACs are concentrated on building partnerships and trust between members. They are largely industrydriven, but governmental support is expected – not in terms of funding, but rather in facilitating functions (secretariat) and offering professional knowledge (fighting cybercrime, sharing information relevant for the industry). Participation of governmental bodies gives the ISAC an increased formality and also corroborates the public sector’s respect of industry needs and supports it in facing new challenges (e.g. NIS Directive and GDPR implementation).

For the full report, click here.

EE-ISAC at OECD Going Digital

The EE-ISAC was invited by OECD to partake to the Workshops on Digital Security and Resilience in Critical Infrastructure and Essential Services in Paris on February 15th and 16th.

On behalf of EE-ISAC, Johan Rambi (Board Member) joined the panel of Digital Security Risks to Government and Public Services to disseminate best practices on international collaboration and public-private partnerships (PPP). Specifically, EE-ISAC was able to contribute to governments under threat by showcasing best practices of how private companies are able to contribute to the discussion of cybersecurity. In addition, cross-national collaborations can help individual governments prepare and, even in some cases, prevent for cyber attacks on energy.

On the panel focusing on cybersecurity across various sectors, Mr Rambi was joined by Steve Casapulla (Acting Branch Chief for International Affairs, Office for Cybersecurity and Communications, Department of Homeland Security (US)) and Chaetae Im (Senior Researcher at Korea Internet & Security Agency, Korea Internet Security Centre). The panel was introduced by Jack Radisch (Senior Project Manager, OECD High Level Risk Forum) and was moderated by Stephen Davies (Strategic Technology Partners, Fireye). 

About the OECD: The Organisation for Economic Co-operation and Development (OECD) provides a forum in which governments can work together to share experiences and seek solutions to common problems. The OECD works with governments to understand what drives economic, social and environmental change. More about OECD Going Digital.


Introduction to the concept of Hybrid Threats


Georgios Giannopoulos (Scientific Officer, European Commission, DG Joint Research Centre) will be speaking at the EE-ISAC Expert Seminar on 7 September. He will provide us with an introduction to the concept of Hybrid Threats.

Hybrid Threats

Hybrid Threats can be defined as a mixture of coercive and subversive activities, conventional and unconventional methods (i.e. diplomatic, military, economic, technological), which can be used in a coordinated manner by state or non-state actors to achieve specific objectives while remaining below the threshold of formally declared warfare. Hybrid Threats also are a hot issue within the EU and critical infrastructures (including energy) have a central role in this field.

Framework for Industrial and Automation Control Systems

Furthermore, the work that the DG Joint Research Centre (JRC) is conducting towards a certification framework for Industrial and Automation Control Systems will be presented. This work is part of the support that the JRC provides to Directorate‑General for Communications Networks, Content and Technology (DG CONNECT) and it is particularly relevant to the recently adopted NIS Directive. Finally, an update on the Incident and Threat Information Sharing EU Centre (ITIS-EUC) will be provided.


The EE-ISAC Expert Meeting is organized in collaboration with the Thematic Network on Critical Energy Infrastructure Protection (TNCEIP). TNCEIP is an initiative by DG ENER and supported by DG JRC. The aim of this network is to connect electricity, oil and gas operators and also transmission & distribution companies to

EE-ISAC and TNCEIP are welcoming European utilities to join this free-to-attend seminar on trusted cyber security information sharing within the European energy landscape. Click here for more information about the seminar.


Accomplishing a mature cyber security culture: how to empower employees as your First Line of Defense?


Like any other grid operator, EDP Distribuição has the responsibility to protect its critical energy infrastructure. What can we learn from their strong focus cultural change?

EDP strongly believes that it can only be successful if it fosters and elevates both cyber security and data protection from a merely technical challenge to an overall organization objective, achieved through a deep cultural change and a general understanding of what is at stake.


Top-down commitment & common values

To accomplish such a mature cyber security culture, EDP aims to ensure a top down commitment and establish common values and behaviors by continuously improving security awareness and training.

Therefore, EDP has established a Cyber Security cultural shifting program assuring that its employees are the first line of defense against cyber threats. The program encompasses different training and/or awareness initiatives considering the specificities of the various target audiences.


Presentation at EE-ISAC Expert Meeting (7 September, Athens)

Aurélio Blanquet (Director of Automation and Telecommunications) & Nuno Medeiros (Head of OT Cyber Security) will be sharing their vision and explain how EDP:

  • is empowering its employees as the First Line of Defense
  • using their Training and Awareness Program on Cyber Security of Critical Information Infrastructure (CII)
  • enhancing its cyber resilience with the Cyber Range Platform

On behalf of all EE-ISAC Members, EDP Distribuição is welcoming European utilities to join this free-to-attend seminar on trusted cyber security information sharing within the European energy landscape. Click here for more information about the seminar, including the session in collaboration with TNCEIP and the afternoon session with a country focus on Greece.


Please note: registration is open to utilities only. 



The missing link in protecting critical facilities


How does one tell if unusual traffic on the network originated from a malicious insider, a malware or some rogue device attached to the network?

And can you tell whether a legitimate maintenance personnel entering and exiting a facility only performed the task he was supposed to do and not something “extra” because he has been bribed, threatened or simply made a mistake?

Kayato Sekiya, Principal Researcher at NEC, argues that answering the above types of questions is difficult since two critical properties are missing from most security systems:

  1. Integration of cyber security and physical security
    Conventionally, IT cyber security, control system cyber security and physical security has been monitored by separate departments using independent systems which has resulted in lack of situational awareness and of strict policy enforcement.
  2. Segregation in monitoring of automated processes and human-intervened tasks
    Automated processes and human-intervened tasks intrinsically have very distinct security requirements. Automated processes even if suspicious should never be blocked. However, each human-intervened task should be authorized before execution and any suspicious activities in general should be escalated to higher authority and blocked until explicit security clearance.


The approach of Automated Processes Monitoring & Human-Intervened Task Monitoring

At the EE-ISAC Expert Seminar in Athens, Mr Sekiya will be discussing the above and explaining how to deal with these challenges following the approach of

  • Automated Processes Monitoring: Automated learning of “benign process” model and detection of “malicious processes” through network / application anomaly detection.
  • Human-Intervened Task Monitoring: Continuous monitoring, recording and restriction of workers’ behaviors across physical and cyber space based on identity and authorization.

For human-intervened task monitoring, a case study will be discussed in which security administrators were able to view and control a worker’s activities across physical and cyber. Workers were then enforced follow a specific sequence of activities that is defined by the work order.


EE-ISAC Expert Seminar on 7 September (Athens)

Mr Sekiya is presenting during the EE-ISAC Expert Meeting. On behalf of all EE-ISAC Members, ENISA is welcoming European utilities in Athens to join this free-to-attend seminar on trusted cyber security information sharing within the European energy landscape.

Click here for more information about the seminar, including the full-day, free-to-attend programme.


Please note: registration is open to utilities only.