HomeInsightsSpotlightElection Security Spotlight — What Is an ISAC?

Election Security Spotlight — What Is an ISAC?

What it is

“ISAC” stands for Information Sharing and Analysis Center. ISACs pertain specifically to critical infrastructure sectors. They exist to protect the facilities, employees, and customers of critical infrastructure organizations. In addition, ISACs collect information from member organizations, analyze the information collected, and disseminate threat information to their member organizations along with recommended tools to mitigate the risk of any given threat. Most ISACs are concerned with more than just cybersecurity or physical security alone; rather, they take an all-hazards approach, including all types of emergencies. By design, ISACs are not federal government organizations but operate in the private sector, usually under the direction of nonprofit companies. The Multi-State and Elections Infrastructure Information Sharing and Analysis Centers (MS-ISAC® and EI-ISAC®) are the only ISACs that receive annual federal funding from Congress.

Presidential Decision Directive-63 (PDD-63), which was signed on May 22, 1998, authorized each critical infrastructure sector to establish its own ISAC. The U.S. Department of Homeland Security designated elections as part of the nation’s critical infrastructure in January 2017. The following year, the elections infrastructure sector, made up of government and private sector representatives, approved the creation of the EI-ISAC at the Center for Internet Security (CIS®).

Why does it matter

ISACs are member-driven organizations, meaning that ISACs are governed by their members. EI-ISAC members include election officials, their trusted IT professionals, election associations, and supporting members (such as election technology vendors). By reporting cyber attacks, physical threats, and other disruptions they experience, the EI-ISAC is able to disseminate critical information to make others aware of such threats and recommended ways to combat or mitigate them.

 What you can do

Here are a few ways you can make the EI-ISAC a more valuable resource:

  • Ensure your jurisdiction is a member of both the MS- and EI-ISAC. Since local IT departments provide and support networks for many election offices, make sure that your jurisdiction’s IT department is a member of both the MS and EI-ISAC.
  • Encourage membership to neighboring jurisdictions that conduct elections. Feel free to share the following link to join and learn more: https://www.cisecurity.org/ei-isac.
  • Contact the CIS Security Operations Center (SOC) for assistance. The CIS SOC is available to help 24x7x365 regardless of whether you are utilizing EI-ISAC cybersecurity solutions. To contact the CIS SOC, call (866) 787-4722 or email [email protected].
  • If you see something, say something. If something looks suspicious to you, it likely is. Please reach out to the CIS SOC or law enforcement, whoever the appropriate contact is given the situation, to report incidents.
  • Contact us! The EI-ISAC team would love to speak with you. To learn more about the EI-ISAC and hear about our no-cost cybersecurity solutions, send an email to [email protected] to schedule a brief meeting.

Please contact us at [email protected] if you have any questions.

 

The EI-ISAC Cybersecurity Spotlight is a practical explanation of a common cybersecurity concept, event, or practice and its application to Elections Infrastructure security. It is intended to provide EI-ISAC members with a working understanding of common technical topics in the cybersecurity industry. If you would like to request a specific term or practice that may be of interest to the elections community, please contact [email protected].