The Information Sharing and Analysis Centres (ISAC) is a concept introduced by a North American presidential directive - in May 1998 - aimed at improving the cybersecurity of infrastructures and national systems through the gathering, analysis, and sharing of information between operators and institutions considered essential to the regular economic and political functioning.
In the context of cybersecurity and a world of vertiginous developments, the following decades have reinforced the need for consistent and structured information sharing.
The organization of ISACs varies in structure and complexity, depending on the size, specific sector and purposes. Notwithstanding, the secretariat has historically proved essential to promoting the values and principles underlying the organizational effort, as it ensures permanent or regular interaction between the different stakeholders. Costs may be assured by mandatory dues, voluntary contributions or public subsidies.
Four are the fundamental goals of an ISAC:
-Development of skills and capacities.
But there are Sharing Centres of multiple natures and vocations: sectorial, public or private, national or international.
Some of the most relevant international examples are the European EU FI_ISAC and the global FI-ISAC (dedicated to the financial sector), the EE-ISAC (for the European energy sector), and the Aviation ISAC.
Currently, at the national level, there is the National Network of CSIRTs, which brings together incident response teams from the public administration, academia, financial, energy, communications and industry sectors, promoting a culture of security in the country, developing performance indicators and statistics — essential to the implementation of proactive and reactive measures — and stating recommendations in the context of large-scale incidents; and ISAC Madeira, which relies on the cooperation of professionals and experts, transversal to the public and private sector and that has contributed to creating a culture of regional and national cybersecurity.
It is the purpose of the Portuguese Cybersecurity Center to increasingly boosting the creation of Information Sharing and Analysis Centres within the scope of the most critical or sensitive sectors by promoting the trust unequivocally vital to the information sharing and debate among peers and by fulfilling the most pressing and adequate needs for its development.