Managing trust in critical infrastructure protection information sharing systems

In North America and Asia Pacific countries, private sector companies, non-profit organizations and governments are developing partnerships to protect national critical infrastructures, such as electricity, energy, financial services, healthcare, information technology, telecommunications, transportation, and water systems. This paper discusses the operation in the United States of Information Sharing and Analysis Centers (ISACs), trusted information sharing systems which communicate alerts, vulnerabilities, and best practices and ensure coordinated incident response in critical infrastructure sectors. It describes operational and policy requirements and issues identified by the Council of Information Sharing and Analysis Centers (ISAC Council) for successful and trusted deployment of such information sharing systems, including the operational relationship of ISACs to U.S. government systems. It also discusses security and privacy issues which these systems must address to ensure widespread adoption and effectiveness.