NERC, Community-Owned Utilities Group Launch Information Sharing Partnership to Strengthen Grid’s Cyber, Physical Security
February 27, 2019
NERC’s Electricity Information Sharing and Analysis Center (E-ISAC) and the Multi-State Information Sharing & Analysis Center® (MS-ISAC®) announced an agreement to improve information sharing among the organizations and their members with the goal of strengthening the cybersecurity of the nation’s critical electric infrastructure. The new agreement also deepens cooperation between the E-ISAC and the state and local government partners that the MS-ISAC represents. CIS® (Center for Internet Security, Inc.) is home to the MS-ISAC, and both are headquartered in New York. The Department of Homeland Security has designated MS-ISAC as the key cybersecurity resource for state, local tribal and territorial governments, including chief information officers, Homeland Security advisors and fusion centers.
“In a grid security emergency, effective and efficient coordination by industry and government to speed the recovery of critical infrastructure is an imperative,” said Bill Lawrence, NERC vice president and chief security officer. “This agreement with the MS-ISAC broadens the set of E-ISAC relationships with visibility and expertise on the cyber and physical security threats toward all levels of industry and government.”
“This agreement between the Electricity Information Sharing and Analysis Center and the Multi-State Information and Analysis Center will encourage information sharing and provide greater insight into current cybersecurity threats to those responsible for our nation’s electrical infrastructure,” said Thomas Duffy, chair of the MS-ISAC and CIS senior vice president of operations and services.
Through a variety of tools, both the E-ISAC and the MS-ISAC analyze potential physical and cybersecurity threats and use their respective secure portals to alert and advise members on mitigating threats. The goals of the E-ISAC and MS-ISAC under the partnership include:
- Improve security collaboration on common threat information and incident response.
- Provide joint analysis of security concerns and events.
- Advance shared processes for information sharing and situational awareness.
- Improve information sharing among all ISACs.
The E-ISAC and the MS-ISAC have agreed to use existing policies and procedures for safeguarding sensitive information under the partnership.