ISA's primary mission will be analyzing current and future threats to Internet operations. It will distribute that information to corporations without tipping off possible hackers. The group will also advise lawmakers around the world, create training seminars and compile a list of effective anti-hacking practices and policies that companies should follow.
ISA's founders and directors unveiled the group Thursday at a press conference. They held their first official meeting Monday.
"We're not saying we're launching and building something. We're announcing we're fully operational," said Dave McCurdy, ISA executive director and president of Electronic Industries Alliance (EIA). "Member companies can go in today and access our knowledge base."
ISA is jointly run by EIA and Carnegie Mellon University's Software Engineering Institute (SEI) and CERT Coordination Center. CERT investigates computer system vulnerabilities, and its research will be assimilated in ISA's base of knowledge.
"We've been tracking this problem and working on it since 1988, and just in the past three years we've seen a really dramatic increase in security incidents," said Rich Pethia, CERT's director.
"In late 1996, hacker tools became more automated and widely available. In 1999 we had about 9,000 incidents reported. In 2000 that number had jumped to over 21,000."
Network security holes are appearing at an increasing rate, Pethia said; 800 were reported last year, but CERT is on a pace to receive about 3,000 vulnerability reports in 2001.
This sort of problem requires a business-led solution, not a governmental one, McCurdy said. The biggest U.S. response, started by the Clinton administration in 1998, ended up being fragmented, complex and unfocused, he said.
"The solution has to be global, since this is a borderless issue," McCurdy said. "It has to reach the broadest scope of industries, whether it's financial services or manufacturing."
Allan Woods, chief information officer for Mellon Financial Corp., and ISA's industry chairman, said information was the world's new currency, and compromised data can damage a company's bottom line and its reputation.
"The ISA is going to give industries the ability to collaborate - and collaboration is a very essential component to building an overall information-security process," Woods said. "Those organizations that think they've figured it out and can go it alone, I believe, are in serious peril."
Pethia said ISA activities wouldn't detract from CERT's other work; funding from member companies, in fact, will eventually help expand the center's staff. Pethia also took issue with the idea of ISA being "shopping mall security," excluding law enforcement when dealing with a crime.
"We're not going to be a private guard of all the member companies; this is an information-sharing activity, not an investigative activity," Pethia said.
ISA doesn't plan to reach out to active hackers, Pethia said, and the group would look very cautiously at any overtures from that "black hat" community.
The ISA isn't the first corporate attempt at collaborating on security -- financial services firms formed an Information Sharing and Analysis Center (FS/ISAC) in 1999, among other efforts. The Nasdaq stock exchange is a member of both ISA and FS/ISAC, said Larry Bickner, Nasdaq's vice president of information security, and there's no conflict of interest involved.
"This isn't a competition, it's not about the differences between the two organizations," Bickner said. "We're rolling a big rock up a hill, and I'm not going to worry about how many people put their shoulder to the rock and start pushing. I'd accept five more organizations if it moved the rock."
In addition to Mellon and Nasdaq, ISA's founding members include American International Group, Enspherics, Exodus Communications, Guardent, Redleaf Group, TATA Consultancy Services in India, TRW and Verisign.
Companies can join ISA as a founding member at $70,000 a year, McCurdy said, and receive full access to the group's database. Lesser memberships range from $2,500 to $50,000, with corresponding database access. The group is starting recruitment and marketing efforts worldwide, he said.
Copyright 2001 by United Press International.
All rights reserved.
© 2021 Newsmax. All rights reserved.