Several states have come together to create a multi-state information sharing and analysis center to share information and intelligence about cyber- and physical security threats. When all hell breaks loose, it’s good to have friends nearby. If those friends are in each of the 50 states, that’s even better. Several states have come together to create a multi-state information sharing and analysis center to share information and intelligence about cyber- and physical security threats. The ISACs’ aim: to open the lines of communication. “We want to help create a single point of contact between the states and the federal government,” says ISAC leader William Pelgrin, director of the New York State Office of Cyber Security and Critical Infrastructure Coordination. “Instead of relying on private sector ISACs for information on vulnerabilities, communication at the state level is a way to eliminate reporting redundancies and create another method to protect critical infrastructure.” ISACs serve as central collection points for new cyberthreats. They often represent industry sectors, and their members share and evaluate data on vulnerabilities. Until now, the states have worked with third-party ISACs but haven’t had a framework to communicate among themselves.Representatives from the multistate ISAC convene every month via teleconference to discuss new critical infrastructure vulnerabilities. They meet face-to-face once a year to solidify the group’s objectives and goals. So far, 14 states have joined, including Texas, Washington and all six New England states. Pelgrin aims to have all 50 states in the ISAC within a year.The group recently did a self-test of its reporting abilities to make sure each state knew what to do in case of a major incident or attack on critical infrastructure. During President’s Day weekend, each state kept an eye out for any suspicious cyberactivity and reported the findings to Pelgrin’s office in New York via phone and e-mail. No incidents occurred, but all the member states reported to the central office on time, and Pelgrin later sent summaries of each state’s results to all 14 ISAC members. “We wanted to test the system during a relatively calm time period,” Pelgrin explains. “I’d rather work out any bugs when nothing is on the line and then have confidence that the states know what to do in a crisis situation.” Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe