Plans for the IT Information Sharing and Analysis Center (IT-ISAC) were detailed at the U.S. Department of Commerce in Washington by government officials and representatives from participating vendors such as Cisco Systems Inc., Computer Sciences Corp. (CSC), IBM, Hewlett-Packard Co., Microsoft Corp. and Oracle Corp.
A group of 19 technology vendors last week took a long-awaited step aimed at improving data security procedures by announcing the formation of an alliance aimed at sharing information about viruses and other potential threats to corporate and government computer networks.
The Team: 19 founding members from the hardware, software, e-commerce and security industries, including AT&T, Cisco, IBM, Intel, Microsoft and Oracle
The Mission: Monitor and exchange information on potential and known threats and vulnerabilities to corporate and government computer systems
The Reason: National cybersecurity is the one national security challenge that the federal government doesn't have the expertise or the resources to combat on its own
How It Will Work: Internet Security Systems will operate the IT-ISAC and will share warning and threat information with federal law enforcement and possibly intelligence officials, as called for
Their goal is to set up a secure mechanism for companies to exchange information about security vulnerabilities with one another and with government agencies.
Internet Security Systems Inc., an Atlanta-based vendor of security management software, will operate the new virtual data-sharing center under the oversight of a board of directors drawn from many of the founding companies. Other companies will be able to join the IT-ISAC initiative for $5,000 per year.
Outgoing Commerce Secretary Norman Mineta said sharing information about network intrusions, security vulnerabilities and measures that companies can take to protect their systems is one of the best ways to safeguard IT infrastructures. It also helps businesses and the government respond more rapidly to attacks, he said.
The IT-ISAC is the fourth such private-sector alliance to be formed, joining similar initiatives in the banking, electricity and telecommunications industries. The establishment of the technology industry alliance comes more than two years after the Clinton administration first urged companies to join the government in efforts to protect critical infrastructure from both physical attacks and cyberattacks.
Mineta, a former CEO of Bethesda, Md.-based Lockheed Martin Corp., called the commitment to information sharing "a very courageous thing to do" on the part of the 19 founding companies.
"The last thing that a corporate executive wants to do is share information about his own company with the competition," said Mineta, who has been nominated by George W. Bush to take over as the next secretary of transportation.
In addition to legislation that has been introduced in Congress that would make propprietary data shared by companies with the government exempt from the Freedom of Information Act, the national security community is working to develop trusted paths for exchanging sensitive and classified information.
Richard Clarke, national coordinator for security, infrastructure protection and counterterrorism at the National Security Council, said there's no reason why the government can't share classified information on cybersecurity with the IT-ISAC. The initiative is "a key element of the government's cooperation with industry," he said.
The IT-ISAC is "the first step to real change" in sharing security-related information more widely, said Tim Atkin, a security consultant at SRA International Inc. in Fairfax, Va., and a member of the federally organized National Partnership for Critical Infrastructure Protection. But, he added, the initiative's success will be measured by the number of companies that agree to participate.
This story, "Tech vendors, Feds join to share security information" was originally published by Computerworld.