Why intelligence sharing is vital in the world of cyber defence

By John Lee

John Lee, APAC Managing Director of the Global Resilience Federation, discusses how intelligence sharing can help organisations guard against today's security risks.

The great acceleration brought about by ‘Industry 4.0’ has generated huge efficiencies. In areas like energy and shipping, the use of “smart” technologies has benefited companies by optimising performance, enabling remote monitoring, and heightening awareness.

It has also created new risks. When Industrial Control Systems are built without technology that is developed in concert, there are interconnectivity gaps that can be exploited by bad actors.

This is a growing concern about this weakness from organisations’ security leadership. There have been numerous breaches where an adversary compromised industrial systems by accessing enterprise systems leveraging smart tools.

There have also been cases of supply chain penetrations where equipment was compromised by threat actors with backdoors and malware installed for future exploits.

The need for Information Sharing Analysis Centers (ISAC)

As digital threats have increased in the last few decades, government and industry have responded to safeguard their citizens and customers. One of the most effective methods has proved to be the “ISAC” model.

Information Sharing and Analysis Centers (ISACs) were first established in 1998 in the United States from Presidential Decision Directive 63. The directive was issued to protect U.S. Critical Infrastructure industries like energy, water, and healthcare against cyber-attacks.

Since then many industries, nations and regions have adapted the ISAC model through which organisations threatened or impacted by a cyber-attack can share details to a central hub of analysts who warn other organisations in the ISAC community so they can prevent or mitigate similar threats.

With the advancement of technology, we have seen the automation and connection of physical systems to IT networks. These connected systems are then increasingly vulnerable to cyber-attacks that could impact important services.

Operators of Critical Infrastructure were encouraged to set up ISACs to share information about vulnerabilities, threats, incidents, and anomalies. The ISAC facilitates sharing of information between operators, industry, regulators, and other parties in a trusted community.

In Asia Pacific there are now a few sharing communities that focus on sectors like Maritime, ICT and Electricity.

Singapore’s Operational Technology ISAC

The Operational Technology Information Sharing and Analysis Centre (OT-ISAC) was launched on 1st October 2019 to serve sectors using OT systems, to protect them against cyber-attack through mutual cooperation.

It is part of the Singapore Operational Technology Cybersecurity Masterplan, mentioned under key pillar 2 which is information sharing. OT-ISAC is an independent organization and is connected to the Global Resilience Federation (GRF) network of other information sharing communities with members all over the world.

The OT-ISAC mission is to help critical asset owners increase the cyber resilience of their operations and assets through relevant and timely cyber-physical threat intelligence sharing that is contextualized to their threat profile.

OT-ISAC also partners with other associations, vendors, manufacturers, regulatory and enforcement agencies. Members benefit from the engagement of the partners through OT-ISAC by extending their threat awareness and access to tools and intelligence.

Beyond acquiring warning of threats, OT-ISAC also facilitates the discussion and sharing of best practices within the sectors. OT-ISAC is onboarding new members in Singapore and ASEAN in its 1st phase. There are plans to onboard members from other countries in Asia Pacific and even to grow the community beyond.

Stronger together

Information sharing is one of the best ways to increase the cyber resilience of organizations operating in Critical Infrastructure sectors. By receiving relevant and timely intelligence, information sharing allows an organization to take action to prevent a breach or attack.

In the ISAC community of trust, members can share freely with the assurance that members will abide by confidentiality rules for the protection of reputation and adherence to privacy laws.Members may share anonymously, and information is contextualized to the operating environment of the sector.

The community of members and partners work together to solve immediate cybersecurity problems and look at long term strategy with regards to critical infrastructure protection against cyber-physical threats.

Rapid digitalisation yields enormous benefits. With cooperation, intelligence sharing, and partnerships through the ISAC community, these benefits can be enjoyed without suffering enormous costs.