THE A-ISAC was created to meet the global need for safe, secure, anonymous cyber threat sharing within the aviation industry. Folllowing are some of the most frequently asked questions about the Aviation ISAC. Please email us if you would like more information.
What Is An ISAC?
Information Sharing and Analysis Centers (ISACs) were created as a result of Presidential Decision Directive 63 (PDD-63) in 1998. The directive requested the public and private sector create a partnership to share information about threats, vulnerabilities, and events to help protect the critical infrastructure of the United States. PDD-63 was updated in 2003 with Homeland Security Presidential Directive/HSPD-7 to reaffirm the partnership mission.
The National Infrastructure Protection Plan (NIPP)—NIPP 2013: Partnering for Critical Infrastructure Security and Resilience—outlines how government and private sector participants in the critical infrastructure community work together to manage risks and achieve security and resilience outcomes. NIPP 2013 represents an evolution from concepts introduced in the initial version of the NIPP released in 2006 and revised in 2009. The National Plan is streamlined and adaptable to the current risk, policy, and strategic environments. It provides the foundation for an integrated and collaborative approach to achieve the vision of: "[a] Nation in which physical and cyber critical infrastructure remain secure and resilient, with vulnerabilities reduced, consequences minimized, threats identified and disrupted, and response and recovery hastened."
NIPP 2013 meets the requirements of PPD-21, Critical Infrastructure Security and Resilience, signed in February 2013. NIPP 2013 was developed through a collaborative process involving stakeholders from the 16 critical infrastructure sectors, all 50 states, and from all levels of government and industry. It provides a clear call to action to leverage partnerships, innovate for risk management, and focus on outcomes. (Download NIPP 2013 and its Fact Sheet in PDF).
Today there are ISACs for the 16 critical infrastructures, including transportation (of which aviation is a subsector), energy, electric, financial services, health care, and others.
How Long Has the A-ISAC Existed?
In 2012, the Aviation Sector Coordinating Council (ASCC) chartered the formation of an Aviation Information Sharing Working Group (A-ISWG) to examine the need for an Aviation Information Sharing and Analysis Center (A-ISAC). The A-ISWG charter acknowledged the international nature of aviation and included participation of global international members.
There was consensus that the community needed an Aviation ISAC and seven founding aviation members joined together and incorporated the A-ISAC as a 501(c)(6) nonprofit organization in September 2014.
What Does the A-ISAC Do?
The A-ISAC is a unique focal for relevant security information sharing for the aviation sector. We enhance the ability of our sector to prepare for and respond to security threats, vulnerabilities, and incidents so that aviation sector firms can best manage their business risks.
The A-ISAC gathers threat, vulnerability and risk information about security risks facing the aviation sector around the world. Sources of information include members, government agencies, academic sources, open source and other trusted sources. After analysis by our industry experts, alerts are delivered to participants based on their level of membership.
Why Should My Company Join the A-ISAC?
As a trusted member-driven organization, the A-ISAC offers frequent and relevant products for dissemination. The key feature is the ability to share timely, anonymized, and actionable intelligence among participants across the global aviation industry. Trusted member sharing is conducted in a secure, private manner that fosters collaboration and communication for the mutual benefit of the aviation community. Sharing with any governmental agency on other trusted third party organization on either an anonymous basis or a “for attribution” basis will be at the discretion of the member company providing the data.
Who Has Access to Data My Company Submits?
Full A-ISAC members have access to data for research and investigations. Our analysts use the database to establish trends, do research and investigations. Members can determine what data is shared and to whom. A key attribute of the A-ISAC is the confidentiality that can be provided to the member if they choose to remain anonymous. All information shared is anonymized unless attributed by the member. This is a voluntary process with the default being anonymization. The A-ISAC Intel Team works directly with each member if there is an issue or concern and supports each member if there are any questions about their submission of data.
Can a Domestic or International Government Agency Access the Data My Company Submits?
No government agency of any type in any country or law enforcement agency has access to member-submitted data without prior approval of the submitting member.
The A-ISAC will provide the appropriate government departments with sanitized data based on a need to know basis and with approval of the member submitting the data. The goal is to ensure all member data is anonymized unless member approved to self-identify.
Who Manages the A-ISAC?
The A-ISAC Board of Directors provides overall strategic leadership for the organization. Currently, the A-ISAC employs eight staff members to manage daily operations, implement member benefits, and promote the benefits of the organization.