Alternative sharing alliance gains traction

As proponents of the Information Sharing and Analysis Centers (ISACs) hustle to make a business case for participation from more government and business players — an effort viewed as critical to attracting new members — the Internet Security Alliance (ISAlliance) is piping up with an ISAC alternative.

In this era of corporate belt tightening, money is an issue for companies thinking about joining an ISAC. And for a good many of these corporations — especially newer Internet or e-commerce companies — so is voluntarily handing over any kind of information to such an imposing government figure as the FBI, which currently houses the National Infrastructure Protection Center.

"Why did companies join ISACs in the first place? One factor was a great deal of pressure from government to do that," said Dave McCurdy, president of the Electronic Industries Alliance (EIA), and executive director and one of the founding members of ISAlliance, which is decidedly not as closely affiliated with government as are the ISACs.

EIA, along with Carnegie Mellon University's Software Engineering Institute and CERT Coordination Center, set up ISAlliance in April 2001 and bill the effort as single portal for threat reports, best security practices and risk management strategies.

Trying to be more proactive is a main difference ISAlliance executives tout in comparing their threat-warning model with the ISACs. Other differentiators include the breadth of information circulated to members, since the data is not limited by industry. The group also points to the historical software vulnerability and intrusion data kept on hand for members.

Now more than 50 members strong, ISAlliance last fall garnered endorsement from the World Bank, which issued a white paper titled "Electronic Security: Risk Mitigation in Financial Transactions." In it, the bank pointed to the ISAlliance as the best-suited public/private partnership for critical information sharing.

While McCurdy and others acknowledge ISAlliance's inherent competition with the ISACs — mostly because member funding and homeland security monies are so scarce — many do not negate the need for both information-sharing initiatives.

For instance, Guy Copeland, a Computer Sciences Corp. vice president who is on the board of directors for the information technology industry's ISAC, identified a key difference between ISAlliance and ISAC missions: ISAlliance is geared toward more technical IT security staffs, while the ISACs are aimed at business leaders. It should be noted, however, that CSC is an associate member of the ISAlliance.

"It may end up that in the end, there is room for both or a need to combine," Copeland said. "I certainly don't dismiss [ISAlliance's] efforts. They are doing a good job, especially with technical analysis."


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.