Boston: US retailers are planning to form an industry group for collecting and sharing intelligence about cyber-security threats in a bid to prevent future attacks in the wake of last year’s big attack on Target Corp.
The National Retail Federation has said it will establish an Information Sharing and Analysis Centre, or ISAC, for the retail industry in June. ISACs are industry groups that typically run security operations centres that operate around the clock, providing alerts about emerging threats to their members and sharing information provided by law enforcement and other government agencies.
They are set up under terms of a 1998 US presidential directive to foster sharing of security information between the public and private sector. There are more than a dozen such organisations among industries including financial services, emergency services, healthcare, technology companies, public transportation and utilities.
The financial services industry ISAC, which is widely considered the most successful group of its type, will help retailers set up the new organization.
Retailers have been under pressure from Congress and consumers to bolster security since the attack on Target, which resulted in the theft of some 40 million payment card numbers and another 70 million customer records, which were uncovered late last year. After the breach was uncovered, retailers privately complained that they had difficulty obtaining information from law enforcement about what had happened and how to thwart follow-on attacks.
In January, the Department of Homeland Security produced a report titled ‘Indicators for Network Defenders’ that contained information about its secret investigation into the Target breach. It was released through the Financial Services ISAC and other routes, but some retailers had trouble obtaining it because the industry lacked an established group for sharing information on cyber-threats.
The new ISAC will also allow retailers to share tips on fighting hackers, which the industry hopes might prevent future attacks and make consumer data more secure. “It will allow them to talk to each other about things are hitting them, to know quickly if other people are experiencing the same things and if they’ve found good defences that they can tell each other about,” said Alan Paller, founder of SANS Institute, a non-profit group that trains security professionals.