GM-ISAO

Global Manufacturing Cybersecurity Information Sharing EcoSystem

Global Manufacturing Cybersecurity Information Sharing EcoSystem

MOVING FROM A REACTIVE TO A PROACTIVE CYBER RESILIENCE STANCE

In today’s active cyber ecosystem, current “continuous monitoring” practices represent only one aspect of understanding the multiple layers that must be identified as possible risks to an organization.  The best practice defense is the identification of risks derived from the active real-time discovery and sharing of attack categories and countermeasure solutions by individuals working with multiple enterprise functions that enable and sustain uninterrupted processes across systems, assets and networks within and across sectors.

To enable and provide sustainable access to the benefits provided by a coordinated and collaborative Cyber Resilience EcoSystem leveraging trusted public- and private-sector assets and resources, the Global Manufacturing ISAO (GM-ISAO) was formed to break down long-standing barriers and silos to:

Hasten Global Manufacturing ISAO Implementation and Sustainability - Via Manufacturing Stakeholder Strategic Planning, ISAO Management, Operations, Technology
Advance Information Sharing & Coordinated Response - Manufacturing Sector and Cross-Sector Threat Intelligence Information Sharing, Intelligence Sightings Technology, Secure Response Communications, Analytics
Maturing Manufacturing Sector-Specific Cyber Resilience Operation Guidance - Supported by Role-Based Workforce Education

PRIORITIZING CYBER RESILIENCE PROTECTION INITIATIVES AND INVESTMENTS

The MPS-ISAO enables the prioritization of protection initiatives and investments to allow for cooperative and flexible coordination to ensure that both public- and private-sector resources to enable and sustain Manufacturing cyber resilience are applied where they offer the most benefit for mitigating risk.  Cohesion is achieved by bringing disparate systems into a sphere where they operate and interoperate broadly, while collaborating effectively in a distributed environment to allow agile response and rapid recovery. Leveraging the MPS-ISAO:

Results in a collaborative infrastructure that continuously reduces vulnerabilities, identifies threats, and inspires information sharing that minimizes the consequences of successful exploitation of critical assets, systems, and networks.
Increases protection through shared knowledge of agents, employees and stakeholders who communicate about incidents, sightings, and new technologies and techniques to mitigate the overall risks.
Begins the establishment of a CULTURE-OF-CYBERSECURITY supported by a governance structure, principles and underlying enablers of information exchange - allowing flexible coordination, accepted assessment processes, and the mechanisms to stand up collaboration groups based on Manufacturing communities-of-interest and emerging issues and challenges.
Integrates and aligns functional Corporate roles as ``Communities-of-Interest`` - Supported by a centralized operations systems continuously monitoring the enterperise, identifying cross-sector eco-system activity, evaluating risk, and designing effective strategies. This bottom-up approach allows for a stronger top-down return on investment.
Global Manufacturing Information Sharing & Analysis Organization (GM-ISAO)

Global Manufacturing Information Sharing & Analysis Organization (GM-ISAO)

THREAT INTELLIGENCE INFORMATION SHARING + COORDINATED RESPONSE

Cyber threats represent one of the most critical challenges we face on a global scale.  Moving from a reactive to a proactive stance to defeat cyber adversaries requires having the capacity and capabilities to respond to cyber risk. Leveraging the Global Manufacturing ISAO’s unifying coordinated information sharing and response infrastructure ensures integration of and access to existing and future protection strategies.

The complexity of coordinating organizational, sector and cross-sector cyber resilience efforts to defend against asymmetrical attacks on assets, systems and networks represents an expensive and complicated challenge, the nature of which limits the return on investment from current approaches that only provide a single overarching program to achieve cyber resilience and cybersecurity goals.  In today’s active cyber ecosystem, current “continuous monitoring” practices represent only one aspect of understanding the multiple layers that must be identified as possible risks.

The best proactive defense is the identification or risks derived from the active real-time discovery and reporting (information sharing) of attack categories and countermeasure solutions by individuals working with multiple enterprise functions that enable and sustain uninterrupted processes across systems, assets and networks.

The Global Manufacturing ISAO was established in 2016 via a collaborative partnership with Manufacturing stakeholders (large and small), the U.S. Department of Homeland Security, the U.S. Department of Commerce, state/local/tribal and territorial governments, the International Association of Certified ISAOs (IACI), academia and leading trusted security strategic partners.  

INTERNATIONAL ASSOCIATION OF CERTIFIED ISAOs (IACI)

The Global Manufacturing Information Sharing & Analysis Organization (GM-ISAO) is a Member of the International Association of Certified ISAOs (IACI).  IACI serves as the trusted “Center-of-Gravity” for the global community of ISAOs to advance cyber resilience information cooperation, collaboration and coordination within and across sectors, addressing interdependencies worldwide.  IACI represents a public/private collaborative partnership led by the private sector working in collaboration with government and international critical infrastructure stakeholders.

Advance Manufacturing Sector Cyber Resilience - Adding a New Layer of Cybersecurity
Working with Sector and Cross-Sector ISAOs, Identify Assets and Risks
Provide Cost Mitigation Strategies to Reduce Cyber Risk
Global Security Situational Awareness Center (GSAC) - NASA/Kennedy Space Center - Global Threat Intelligence Repository (Sector/Cross-Sector) - Automated Information Sharing
Coordinated Cyber Response Within and Across Sectors in Collaboration with Government
Manufacturing Sector-Specific Cyber Resilience Operational Guidance - Cybersecurity Roadmap
Manufacturing and Organization-Specific Role-Based Cyber Resilience Education