The Johns Hopkins University Applied Physics Laboratory (APL) and the Financial Services Information Sharing and Analysis Center (FS-ISAC) have announced efforts to operationalize the Integrated Adaptive Cyber Defense (IACD) framework for cybersecurity automation, orchestration and information sharing.
This initiative will enable companies, including those in the financial services sector, to improve the ability to quickly and broadly share information and prevent and respond to cyberattacks. Developed by APL in collaboration with the financial industry under sponsorship of the Department of Homeland Security (DHS), IACD has demonstrated dramatic reductions in the time needed to detect and respond to cyberevents, while increasing cyber investigation capacity.
The IACD framework helped reduce investigation and response time from 11 hours to 10 minutes. In some instances, the time for preapproved responses was down to one second. IACD also enabled an operations team handling 65 events per day to automatically process up to 95 events at the same time.
IACD focuses on combining and coordinating commercial technologies in new and adaptable ways to respond to cyberthreats. The IACD framework provides a path to expand the speed and scale of existing cyberdefenses through adjustable use of automation combined with enhanced support to operators. It defines a set of services and information allowing defenders to selectively:
- Interconnect multiple sources of information
- Automate risk determinations and the decision to act
- Synchronize incident responses to assure business continuity, and
- Automatically share with and derive knowledge from communities of trust.
Collaboration with the financial sector on IACD operationalization will allow critical national infrastructure members in the private sector to leverage existing technologies to improve security and resilience.
In three years of development, APL has integrated more than 50 commercially available security and information technology management products, information feeds and cybersecurity services into the IACD framework. In 2016, APL provided technical assistance and consultation to the first financial institution implementation of IACD.
"This partnership represents the scaling and adoption of the IACD framework," said Wende Peters, APL's Principal Technical Lead for Integrated Cyber Defense and lead of the IACD initiative. "Enabling a critical infrastructure sector to leverage scalable, adaptive defenses is a natural extension of our role as a university-affiliated research center — ensuring that challenges crucial to national security are addressed."
Following the success of these initial publicâ€“private partnerships, the FS-ISAC endorsed expanding IACD implementation. FS-ISAC expects to use IACD-based concepts and incorporate feedback from member financial services companies into the program. FS-ISAC provides the protocols and controls that enable its members to properly share information, typically anonymously. Information flows between members and remains within the sharing community.
"FS-ISAC is committed to advancing the IACD framework to help our members get actionable threat intelligence quickly," said Bill Nelson, president and CEO of the FS-ISAC. "The financial sector continues to make significant investments in security and resilience. This framework helps make global information sharing more efficient for our members; when adopted it will help members become more responsive and more secure."
With this expanded collaboration, APL will provide trusted technical assistance to FS-ISAC and its participating financial institutions. The IACD team will also continue to evolve the framework through experimentation and collaboration across industry, critical infrastructure sectors, government and academia.
Early Supporters of IACD Framework
"We are pleased to support the IACD framework," said Jason Witty, U.S. Bank chief information security officer and FS-ISAC board of directors vice chair. "It represents the best of publicâ€“private partnership between FS-ISAC and APL, and together with financial institutions, technology vendors, and government to make the financial critical infrastructure more secure. Rather than reinventing the wheel each time, IACD builds on lessons and investments DHS made, adding tools and innovations."
FS-ISAC is a nonprofit corporation that was established in 1999 and is funded by its member firms. With about 7,000 members worldwide, FS-ISAC is a member-driven organization whose mission is to help assure the resilience and continuity of the global financial services infrastructure and individual firms against acts that could significantly impact the sector's ability to provide services critical to the orderly function of the global economy. Learn more at www.fsisac.com/.