What is an ISAC?
An Information Sharing and Analysis Center or (ISAC) is a nonprofit organization that provides a central resource for gathering information on cyber threats to critical infrastructure and providing two-way sharing of information between the private and public sector.
The concept of ISACs was introduced in response to Presidential Decision Directive-63 (PDD-63), signed May 22, 1998, after which the federal government asked each critical infrastructure sector to establish sector-specific organizations to share information about threats and vulnerabilities. A similar construct, Information Sharing and Analysis Organization (ISAO), was created in 2015 to support industries that are not designated as critical infrastructure by the U.S. DHS.
What is the ME-ISAC?
The Media and Entertainment Information Sharing and Analysis Center (ME-ISAC) is a trusted member-driven community operating within the CDSA offering services. The ME-ISAC provides platforms and capabilities that enable member companies to share threat intelligence regarding incidents, risks, vulnerabilities, and threats.
Presidential Decision Directive-21 (PDD-21) identifies 16 critical infrastructure sectors and designates a federal agency in support of each. The Commercial Facilities sector is made up of eight sub-sectors, of which Entertainment and Media is one. The ME-ISAC was formed to support the companies that make up this specific critical infrastructure sub-sector.
Who can join the ME-ISAC?
Since the ME-ISAC operates within the CDSA, joining the ME-ISAC starts with joining the CDSA. Membership is open to all media and entertainment companies. The media and entertainment industry is comprised of businesses that produce film, television, radio, print, and digital streaming content, which includes movies, TV shows, radio shows, podcasts, news, music, newspapers, magazines, books, video games, and related or supporting services and products.
Does the ME-ISAC only serve U.S. companies?
No. The concept of an ISAC was born out of the U.S. government’s desire to share threat information more efficiently, but the concept has far outgrown serving a single country. The ME-ISAC membership has a global presence and supports media and entertainment companies from any country.
Why do we need this?
The Internet is full of bad actors that intend us all harm. These threats range from organized cyber crime groups that spread ransomware and steal intellectual property, to activist groups like Anonymous that steal and publish private information, to piracy groups that want to watch the latest movies and shows without paying for them. These bad actors often don’t care who the target is. If they attack any one of us, they are just as likely to attack the rest of us. The global aggregated costs of cyber crime have been rising sharply every year with no signs of slowing its growth.
The only way we can stay ahead of these bad actors is by sharing data amongst ourselves. If we are all sharing data about who is attacking us and how, when any one of our group is attacked all of the other members would be able to enable blocks against those attacks BEFORE they become the next target. This is cyber herd immunity. By sharing threat intelligence we can proactively block attacks before we experience them first-hand.
What are the data sharing restrictions?
The ME-ISAC follows the Traffic Light Protocol (TLP) created by FIRST and used by all the other ISACs. The TLP levels provide us a way to mark our threat intelligence products with data classification markers that easily identifies how and to whom the data can be shared. Some of the data we receive will be marked in a way that lets us freely share the data to anyone. Some of the data sourced from our members will be marked to only be shared within our group.