Information sharing through ISACs (Information Sharing and Analysis Centers) and ISAOs (Information Sharing and Analysis Organizations) is the structured exchange of cyber threat intelligence among members of a sector — utilities, banks, hospitals, election offices — and the federal government. Members get early warnings of active campaigns, indicators of compromise, and defensive playbooks, often months before public disclosure.
ISACs predate CISA and grew out of Presidential Decision Directive 63 in 1998. MS-ISAC serves state, local, tribal, and territorial governments under a CISA cooperative agreement, and the affiliated EI-ISAC focuses on election infrastructure. Sector-specific ISACs exist for finance (FS-ISAC), electricity (E-ISAC), water (WaterISAC), and others.
Information sharing only works when membership is broad and funding is stable. The 2015 Cybersecurity Information Sharing Act gave companies liability protection for sharing with the government, but participation remains voluntary, and shrinking federal subsidies push smaller members out — degrading the network for everyone.
When information sharing collapses, sector defenders find out about attacks the way the public does — through news coverage of victims — and by then the same campaign has hit hundreds of other targets.
People often think ISACs are government agencies. In practice, most are private non-profits funded by member dues plus federal cooperative agreements, and they sit between industry and government rather than inside either.
When information sharing collapses, sector defenders find out about attacks the way the public does — through news coverage of victims — and by then the same campaign has hit hundreds of other targets.
People often think ISACs are government agencies. In practice, most are private non-profits funded by member dues plus federal cooperative agreements, and they sit between industry and government rather than inside either.