SBN

The FS-ISAC at Twenty

The FS-ISAC (Financial
Services Information Sharing and Analysis Center) was launched in October 1999
by Treasury Secretary Lawrence Summers. It was the first such entity. Many
subsequent ISACs have used the FS-ISAC as their model. The idea for ISACs was
part of the 1998 PDD (Presidential Decision Directive) on Critical Infrastructure
Protection.

I
was honored to be on the team that made the FS-ISAC happen. My biggest
contribution was promoting its organizational structure, whereby the industry
would own and run the ISAC, would interface with the U.S. Treasury Department,
and would outsource the technology development and operation to a third party.
My second biggest contribution was to be part of the group that withstood a
push to close down the FS-ISAC during a difficult phase when the organization
appeared to be stymied.

We
started out originally with 14 institutional members—predominantly large
financial institutions—of which my firm, Pershing, was one. I had personally put
forward the idea of expanding membership by offering subscriptions that smaller
institutions could afford, but was voted down by other members of the Board of
Managers. Membership stayed flat at around 50 large financial institutions for several
years in the early 2000s. It wasn’t until December 2003, when Treasury provided
a $2 million infusion, requiring low-cost and no-charge memberships … see https://www.treasury.gov/press-center/press-releases/Documents/factsheet_js1048.pdf  … that the number of members spiked
upwards. According to the FS-ISAC website, there are now some 7,000 member
organizations in 50 countries. Still a long way from the 30,000 envisaged in Treasury’s
press release, but certainly an orders-of-magnitude improvement over the
original group of members.

As
mentioned, the Financial Services ISAC was the first and among the most
successful ISACs. Since then, many other ISACs have been created in other
sectors both domestically and globally. In addition to being the model for
other ISACs, the FS-ISAC has also spawned the FSARC (Financial Systems Analysis
& Resilience Center), which was formed in 2016 for the purpose of taking a
longer-term view.

The National Council of ISACs lists U.S. domestic
ISACs from some 20 sectors (see https://www.nationalisacs.org ).
This number does not include many ISACs formed in other countries.

As the FS-ISAC website states, at https://www.fsisac.com/20thanniversary

“Over
the last two decades, we’ve made cybersecurity intelligence sharing in
financial services a global priority, growing our peer-to-peer network of trust
to nearly 7000 member institutions around the world.”

This
is a tremendous accomplishment—kudos to all involved—and I am so pleased that I
played a role in the creation of the FS-ISAC. It is without doubt the highlight
of my career. May they go from strength to strength.


*** This is a Security Bloggers Network syndicated blog from BlogInfoSec.com authored by C. Warren Axelrod. Read the original post at: https://www.bloginfosec.com/2020/01/06/the-fs-isac-at-twenty/