In order to formulate an appropriate solution for the approach to cyber threats and vulnerabilities, various Information Sharing and Analysis Centres (ISAC's) have been established. ISAC's are public-private partnerships which have been organised per sector. Here the participants exchange information and experiences about cyber security. Analyses are also shared about situational awareness in particular sectors. This all mainly happens on a tactical level.
The cross pollination between the public and private sector provides added value for all participants. Another important added value for all participants is to build up a permanent network. Participants also know how to find each other outside the ISAC meetings to confer informally and to exchange knowledge.
How does an ISAC operate?
Every ISAC meets periodically: dependent on what the sector wants, from twice to eight times per year. Participants in an ISAC often play a pivotal role within their own organisation in the field of information security, ICT security and ICT policy.
Each ISAC is unique and has its own dynamic. Hence they determine their own eligibility criteria for the participating organisations and their personal representatives. Since specific membership guidelines have been drawn up for each ISAC, the requirements for participation vary per ISAC and per sector.
Generally the sharing of information is the most important function at each ISAC.
The role of the NCSC within the ISAC
Within an ISAC the NCSC fulfils two roles. The first role is being a substantive NCSC representative. Secondly, the NCSC fulfils the secretariat function within the ISAC. Two different people are appointed for these roles. The secretaries work in conjunction with the chairmen and members of the ISAC's to link up and to expand the ISAC's. The secretaries take care of the link with the NCSC organisation.
Which ISAC's are there?
An ISAC comprises various representatives from organisations in a particular sector. Routinely, three different public organisations are also associated: the NCSC, the General Intelligence and Security Service of the Netherlands (AIVD) and Team High Tech Crime of the National Police. They provide their own substantive expertise with regard to cyber security.
In the Netherlands the following sectors are active: Ports, Airports, Financial Institutions, Water Management, Multinationals, Telecom, Nuclear, Healthcare, Energy, Drinking Water, Managed Service Provider (MSP), Insurance and the National Government and Pensions. The chairmen of the various ISAC's meet up in a number of sessions every year to discuss the overarching themes with the sector
There are also a number of ISAC's being developed or which are still being planned. The establishment of an ISAC might arise either as an initiative of the NCSC or from the relevant sector.