CI-ISAC Opens International Office at HSD Campus in The Hague

Cybersecurity is more successful when it is a team game rather than an individual effort, and information sharing plays a key role in this collaborative success. This is why Information Sharing and Analysis Centers (ISACs) have been set up around the world for critical infrastructure sectors. ISACs help industries share central information and resources to help combat cybersecurity threats across the sector. However, cybersecurity threats are usually sector agnostic and the siloed approach provided by ISACs as well as the political hesitancy has led to a lack of critical transparency and data availability. In his more than fifteen years in cybersecurity, Scott Flower together with David Robinson and David Sandell recognised this problem and understood he had to do something to help global cyber defences. 

Just last year, Critical Infrastructure Information Sharing and Analysis Centre, Australia (CI-ISAC Australia) was founded as “the world’s first cross-sector integrated approach to ISACs,” shared Scott. CI-ISAC Australia is now the basis for other national CI-ISACs as it solved one of the key problems in setting up such organisations, economic scale. Australia for example only has four major banks and less than 30 second-tier banks or financial institutions, making reaching a sustainable scale near impossible at a local level. CI-ISAC solved this by integrating all sectors into a single source, greatly increasing the scale possibility for each CI-ISAC. Not only did this allow for economies of scale, it opened a whole of nation approach that allows for more integrated and open information sharing.

Scott: “More than two-thirds of all cyber threats are third party or supply chain in nature. So if you are sharing well in any one sector, you are missing at least two-thirds of the information you need to defend yourself.”

In addition to the economic issue, there is an issue of sovereignty within classical ISACs. Because most large ISACs are run from single countries such as the US, companies are hesitant to share critical data and join purely out of regulatory compliance. Having individualised, sovereign national branches of ISACs through CI-ISAC, it eliminates the issue of control from an outside state.

CI-ISAC is hoping to open as many national, independently run branches as possible, with its international office (CI-ISAC International) based in The Hague.

Not-for-profit 

CI-ISAC International is a not-for-profit organisation that Scott hopes will function similar to the UN with each country’s CI-ISAC having equal say and representation within the international body. ISACs are faced with commercial issues when started as for-profit business and national security and regulatory conflicts when created by national governments. By creating CI-ISAC as an NGO, they are able to avoid such conflicts and build their organisation with a mission focused approached.

"Each national branch can “verify, check, and share all that intelligence at a sovereign national level, but then also sharing it globally. This is when you start to really understand the threat actor picture at a global scale, and is when everyone’s able to share in a trusted environment and have transparent oversight,” as explained by Scott.

Landing in The Netherlands 

When looking at where to open an international, enablement entity, the Netherlands was at the top of CI-ISACs search. Scott pointed to The Hague as the best fit due to the presence of the International Court of Justice and the International Criminal Court and its place as the home of international law. With assistance from Innovationquarter, Security Delta (HSD), and their new home at HSD Campus, Scott has been supported in accessing different governmental networks, funding opportunities, and bringing attention to CI-ISAC’s mission. Their motto “Trusted local, equals trusted global” encapsulates their mission and relays the importance of national CI-ISACs together with their international NGO in The Hague.

The official launch of CI-ISAC International took place during the ONE Conference on 1 & 2 October in The Hague together with the deputy mayor of The Hague. Their official website will be launching soon but if you would like to learn more about about CI-ISAC, CI-ISAC Australia website can be found here.

Source: InnovationQuarter