A guide to ISAO’s and technology: the top 10 things you need to know

Confused about what the technology behind the cybersecurity executive order means? Here are the top 10 things you need to know.



1 Trust

Without its users’ trust, an ISAO (Information Sharing and Analysis Organisation) can only ever be a one-way medium, with information being published from the centre, and consumed by an unknown number of users. Creating a trusted environment where users can feel safe in sharing information about issues they are facing, allows users to collaborate and share knowledge, improving the level of knowledge in the organisation and helping out others in need.

2 Federation

ISAOs will be found in industries large and small, from states to counties and, as such, will need to invest and grow their systems independently, yet still be able to quickly share information between them. Federation provides for this separation by using commonly understood standards and formats for information, allowing one ISAO to develop a system tailored to their members, yet not lose the valuable ability to collaborate with others.

3 Interoperation

By choosing to base an ISAO system on open standards, the organisation can be assured that their systems will interoperate with those of their members. Commonly understood interfaces such as REST combine with higher-level classification and workflow tools such as STIX and TAXII, and Traffic Light Protocols ensure members can share safely and accurately from their own systems, directly into the ISAO hub.

4 Collaboration

Collaboration is easier than ever with modern web technologies and devices. Easy access to efficient notification systems allow ISAOs and their communities to respond in realtime to issues their membership are experiencing. Rich collaboration environments, allied with contemporary web technologies, provide the opportunity for geographically (and even temporally) disparate groups of members to come together, share knowledge and help each other. Creating a hub where members can share information and knowledge provides an ever-enriching base of information for the ISAO, further increasing its value to its members. When federation is added, even more knowledge can be brought to bear.

5 Co-operation

Fostering a spirit of co-operation amplifies the membership value of an ISAO. Sharing is a two-way street, and having members share details of issues they are facing, and allowing other members to add their knowledge, increases the value of all members in the group, as well as increasing the knowledge level of other ISAO groups. When allied with federation, a rich and diverse pool of knowledge and experience is made available to members and, with a spirit of co-operation, these members can collaborate from miles away to keep their systems up and running.

6 Support

A strong benefit of the ISAO approach is that organisations can be constructed in a way that reflects their membership. If, for example, an ISAO were composed of mobile-oriented companies, then an ISAO that functions well on mobile clients would be appropriate. This allows for tailoring of software, processes and user experiences to encourage the engagement of the membership. For an ISAO, that dialogue with its membership is important, so it is key to provide clear, well-known channels for feedback from members, ensuring their support and co-operation.

7 Responsive

The speed with which an ISAO can respond to an issue is critically important. Being able to respond to issues as they arise, and to draw on the knowledge of local and federated members in an accurate, timely way is crucial to successfully resolving an issue.

8 Technology

Processing the often large amount of information passing through an ISAO is an ideal fit for contemporary technology, both open-source and proprietary. The advantages of open source lie in its auditability, its community, and, of course, its cost. Open Source solutions also allow ISAOs to contribute back modifications and customisations that are useful to their members, in the hope they have more than one application, and can foster further community knowledge of common issues experienced when deploying such technology.

9 Protection

Information surrounding critical national infrastructure is sensitive, so ISAOs that deal with these sorts of members – telecoms, energy, security – must be assured that their communications, identities and content will remain safe and secure. PCII information is protected from FOI requests, but, at a physical level, the software and processes in use on the ISAO systems must conform to best practices around disclosure and sharing radii. Traffic Light Protocols are an established way of informing the user who they’re sharing with and, perhaps more importantly, who the user can share this particular piece of content with.

10 Inclusive

ISAOs should be aware of the variety of members they should attract, ensuring that the industries or groups they represent accurately reflect the range of skills, approaches and attitudes of their members. There should be room for the expert to help the novice, and where a non-profit organisation can provide information to a for-profit organisation. Participation is key to creating a co-operative, collaborative community, and ISAOs should take steps to assess and monitor participation levels, and look at what could be done to maintain and expand their memberships.