Election Security Spotlight — What Is an ISAC?

What it is

“ISAC” stands for Information Sharing and Analysis Center. ISACs pertain specifically to critical infrastructure sectors. They exist to protect the facilities, employees, and customers of critical infrastructure organizations. In addition, ISACs collect information from member organizations, analyze the information collected, and disseminate threat information to their member organizations along with recommended tools to mitigate the risk of any given threat. Most ISACs are concerned with more than just cybersecurity or physical security alone; rather, they take an all-hazards approach, including all types of emergencies. By design, ISACs are not federal government organizations but operate in the private sector, usually under the direction of nonprofit companies. The Multi-State and Elections Infrastructure Information Sharing and Analysis Centers (MS-ISAC®) is the only ISAC that receives annual federal funding from Congress.

Presidential Decision Directive-63 (PDD-63), which was signed on May 22, 1998, authorized each critical infrastructure sector to establish its own ISAC. The U.S. Department of Homeland Security designated elections as part of the nation’s critical infrastructure in January 2017. 

Why does it matter

ISACs are member-driven organizations, meaning that ISACs are governed by their members. By reporting cyber attacks, physical threats, and other disruptions they experience, the MS-ISAC is able to disseminate critical information to make others aware of such threats and recommended ways to combat or mitigate them.

 What you can do

Here are a few ways you can make the EI-ISAC a more valuable resource:

  • Ensure your jurisdiction is a member of the MS-ISAC. Since local IT departments provide and support networks for many election offices, make sure that your jurisdiction’s IT department is a member of the MS-ISAC.
  • Encourage membership to neighboring jurisdictions that conduct elections. Feel free to share the following link to join and learn more: https://www.cisecurity.org/ei-isac.
  • Contact the CIS Security Operations Center (SOC) for assistance. The CIS SOC is available to help 24x7x365. To contact the CIS SOC, call (866) 787-4722 or email [email protected].
  • If you see something, say something. If something looks suspicious to you, it likely is. Please reach out to the CIS SOC or law enforcement, whoever the appropriate contact is given the situation, to report incidents.

Please contact us at [email protected] if you have any questions.