Information Sharing and Analysis Centers (ISACs) are non-profit, industry-led bodies that serve as trusted hubs for exchanging threat intelligence, vulnerability data, and incident response practices among operators of critical infrastructure. The model originated in the United States with Presidential Decision Directive 63 (PDD-63), issued by the Clinton administration in May 1998, which called on each critical infrastructure sector to establish a mechanism for sharing information about threats and vulnerabilities with peers and with the federal government.
Today, ISACs exist for sectors including financial services (FS-ISAC, founded 1999), electricity (E-ISAC, operated by NERC), information technology (IT-ISAC), healthcare (Health-ISAC), aviation (A-ISAC), automotive (Auto-ISAC), and others. Many are coordinated through the National Council of ISACs, an umbrella body that facilitates cross-sector exchange. Membership is typically restricted to vetted firms within the sector, and information is shared under structured protocols such as the Traffic Light Protocol (TLP), which governs how recipients may redistribute sensitive data.
ISACs are distinct from ISAOs (Information Sharing and Analysis Organizations), a broader category created under U.S. Executive Order 13691 (February 2015), which encouraged sharing groups beyond traditional sector lines. They also differ from government-run entities such as the U.S. Cybersecurity and Infrastructure Security Agency (CISA), though most ISACs maintain close operational liaison with national CERTs and regulators.
Outside the United States, comparable arrangements have emerged: the EU's NIS Directive (2016) and NIS2 Directive (2022) promote sector ISACs across member states, and Japan, Singapore, and the United Kingdom have established financial-sector equivalents. ISACs typically provide:
- Real-time threat alerts and indicators of compromise (IOCs)
- Analyst-curated reports and trend assessments
- Tabletop exercises and incident drills
- Channels to engage law enforcement and intelligence agencies
For policy researchers, ISACs are a key example of public-private partnership in cybersecurity governance, balancing competitive concerns with collective defense.
Example
In 2020, FS-ISAC coordinated information sharing among global banks responding to ransomware and supply-chain threats, including alerts related to the SolarWinds Orion compromise disclosed that December.
Frequently asked questions
ISACs are organized around the officially designated critical infrastructure sectors, while ISAOs—formalized by U.S. Executive Order 13691 in 2015—can form around any community of interest, including geographic regions or smaller industry niches.
Keep learning