FS-ISAC automates threat assessments

The Financial Services Information Sharing and Analysis Center, issued an update on an industry initiative to automate threat intelligence sharing among financial services organizations.

“Over the last 18 months, we’ve worked with members and other industry organizations to architect the industry's first Cyber Threat Intelligence Repository to automate threat intelligence sharing for our members,” says Bill Nelson, president and CEO, FS-ISAC. “A first of its kind, this solution collects, analyzes, prioritizes, and shares threat information in near real-time within our sector. We are well on our way to delivering the first phases of this project, are investing heavily in development resources, and have a compelling multiyear roadmap that will transform how threat information is shared.

“Typically the time associated with chasing down any specific threat indicator is substantial,” Nelson continues. “Our goal with this automation solution is to help our industry increase the speed, scale, and accuracy of information sharing and speed time to resolution. This solution removes a huge burden of work for both large and small financial organizations, including those that rely on third parties for monitoring and incident response.” Dozens of members are participating in the first phase, Nelson adds.

Summary of Key Milestones

• Security Automation Working Group instituted; has led multiple meetings per month with extensive industry participation at all levels.

• Parameters finalized for a scalable, standards-and-open-source-based approach.

• Objectives set: designed to abstract the complexity of standards from the end user and designed for small, medium, and large financial services organizations. Completely open, transparent, and vendor-agnostic.

• Designed to support the needs of small financial institutions, including community banks, credit unions, hedge funds, and others.

• Set up communications framework: list server and code server as well as development methodology based on Agile programming approach.

• Alignment with DHS-sponsored, open community suite of languages and protocols, including STIX and TAXII for their ability to granularly describe threats and meet the sector’s immediate and future scalability requirements.

• Multiphase, multiyear development roadmap created. Project plan based on best-in-class enterprise technology development examples.

• Funding secured from members and partners of Financial Services Information Sharing and Analysis Center.

• Initial testing with open intelligence sources has collected a total of 6 million indicators.

• Version 1.0 released to pilot users last year—hub-and-spoke sharing model.

• Version 2.0 expected to be released in the second half of 2014 and will include capabilities like a Federated sharing model with many local repositories as well as actionable intelligence down to a security controls level.

• Working together with vendors and other ISACs to extend the capability into other sectors.

The Financial Services Information Sharing and Analysis Center, formed in 1999, is a member-owned nonprofit and private financial sector initiative. Its primary function is to share timely, relevant, and actionable physical and cyber security threat and incident information to enhance the ability of the financial services sector to prepare for, respond to, and mitigate the risk associated with these threats.