The National Credit Union Information Sharing and Analysis Organization officially announced its launch. Their mission – to advance cyberresilience, real-time security situational awareness information sharing, and coordinated response.
“This is the first operational and threat intelligence sharing organization dedicated wholly to credit unions,” said Gene Fredriksen, executive director of the NCU-ISAO, and vice president and chief information officer for the St. Petersburg, Fla.-based PSCU,. “Just as credit unions exist to serve the needs of their communities, the NCU-ISAO exists to serve credit unions’ needs in the cybersecurity space. Because the information-sharing needs for credit unions encompass more than just cyberthreats, the NCU-ISAO will support innovative, member-driven initiatives around benchmarking, process improvement, and regulatory strategies.”
The NCU-ISAO, headquartered at the Kennedy Space Center in Florida, is a member of the International Association of Certified ISAOs.
The NCU-ISAO was formed because credit unions represented a major segment of the global financial services critical infrastructure, explained Fredriksen. As credit unions increasingly leverage technology and telecommunications to serve members better, and as they continue to face more cyber regulatory scrutiny, the need to manage cybersecurity risk rose as an industry critical priority.
“Credit unions are an integral part of the community network that forms our way of life. As such, it is critical that sub-sectors like credit unions unite to assure the cyberresilience of threats unique to them,” Michael Echols, CEO of IACI, said.
As an integral cyber resilience nexus and communication channel, the NCU-ISAO represents a collaborative, member-driven independent non-profit organization that enables credit unions to participate in a globally trusted community that enhances security protection efforts. The NCU-ISAO is the first Information Sharing organization created exclusively to address threats and operational intelligence issues that are unique to credit unions.
NCU-ISAO services include:
- Identify credit union-specific cybersecurity risks; define risk-reducing cost-effective mitigation strategies, metrics, effective controls, sector differentiation, forecasting, trending, modeling, comparison to peers and best practice adoption.
- Detect, aggregate, analyze, prioritize, and share threat and vulnerability intelligence.
- Provide information, intelligence and benchmarking information related to NCUA, FFIEC, PCI and other related regulatory guidance, including the effective use of self-assessment tools.
- Advance credit union access to manual or automated real-time security situational awareness; threat intelligence information sharing of cyber threat indicators; incidents, observables, threat actors, tactics/techniques/procedures, exploit targets and campaigns.
- Enhance the opportunity for all credit unions to participate in the sharing community via next generation technology designed for NCU-ISAO intelligence that enables automatic detection, alerting, and sharing back of intelligence to the NCU-ISAO. Credit unions are able to see the threats the credit union community sees, as well as threat (sightings) within their credit union, eliminating the need for additional security tools or hiring a threat intelligence analyst.
- Provide incident response unified and secure real-time command and control communications via landline, cell, text, email, secure voice and video, and mobile two-way radio in support of response planning, exercises, incident repost and member-to-member communications.
- Support adoption of cyberresilience best practices and implementation of credit union cyberresilience operational guidance.
- Underpin credit union cyberresilience via development and implementation of role-based workforce education.
“In cybersecurity resiliency we need to continuously up our game — the hackers certainly are,” Jeff Johnson, CIO of $2.5 billion Vernon Hills, Ill.-based, BCU, said. “Having a credit union collaborative entity gathering data from across the entire threat landscape will help us make better decisions on where we focus our investments and thus our resiliency.”
“This is our time to act once and affect many,” said Bob Bender, Chief Technology Officer, $1.9 million Lancaster, S.C.-based Founders Federal Credit Union. “We have an opportunity to quiet the noise and safeguard the personal identifiable information our members entrust us with today. This is what credit unions helping credit unions is all about.”
