Entertainment Security Watchdog ME-ISAC Talks National Outlook


The Media & Entertainment Information Sharing Analysis Center (ME-ISAC) — operating as an initiative within the Content Delivery & Security Association (CDSA) for the benefit of the Trusted Partner Network (TPN) — provides stakeholders with intelligence on incidents, threats, risks, vulnerabilities, and associated remediations in the form of alerts, threat intelligence feeds, newsletters, forums, training and more.

Chris Taylor, director of ME-ISAC, spoke with the TPN and the Media & Entertainment Services Alliance (MESA) about the importance of ME-ISAC joining the ranks of the National Council of ISACs (NCI) earlier this year, and what to expect from ME-ISAC going forward.

MESA: What are the benefits of ME-ISAC becoming a member of the National Council of ISACs?

Taylor: By joining the NCI, the ME-ISAC gained access to intelligence and resources provided by the other two-dozen-plus ISACs that make up the NCI. This enabled us to gain access to additional threat intelligence, best practices, and other resources from the other ISACs and from various government agencies the NCI interacts with. Many of the headlines that I share with MESA for inclusion in the CDSA newsletter are sourced from similar newsletters coming out of the other ISACs, daily. Through NCI channels and meetings, we learn about new trends, resources, or other information that will then be passed on to our members.

For some interesting nuggets about how the NCI members help each other, click here.

MESA: What was the process for ME-ISAC to join NCI?

Taylor: Joining the NCI required the ME-ISAC to go through a thorough vetting and membership process wherein the NCI validated the membership and workflows of the ME-ISAC. The NCI only accepts ISACs that are considered critical infrastructure, according to the Department of Homeland Security’s (DHS) list of critical infrastructures, named in Presidential Policy Directive 21.

DHS lists media and entertainment as a subsector under the “commercial facilities” critical infrastructure sector, which also includes retail and hospitality, real estate, sports leagues (all three of those already having an ISAC as a member of the NCI), as well as casinos, amusement parks, arenas and stadiums, convention centers, zoos, and other places where large groups of people gather.

MESA: ME-ISAC is a relatively recent endeavor. What does it say about ME-ISAC that it’s joining the National Council of ISACs so quickly in its life?

Taylor: Having the NCI recognize the media and entertainment sector as critical infrastructure and recognize the ME-ISAC as that industry’s designated representative to the NCI, to the various government agencies, and to the world at large, was a huge validation of our efforts over the last year. We have worked hard to build a community that is driven by our members for our members. Being able to provide our members the additional resources that come with NCI membership will show a great return on investment for that work.

MESA: What can we expect next from ME-ISAC?

Taylor: The ME-ISAC continues to grow, adding members and resources every month. We have only realized a very small percentage of our proposed roadmap and vision. We have multiple resources for our members that are in development, to be announced and released in 2020 and 2021. By adding additional data sources, via relationships with the NCI member ISACs, as well as other Information Sharing and Analysis Organizations (ISAO), such as the L.A. Cyber Lab, we will greatly increase the amount of threat intelligence available to our members. The ISAC is a community: the more members there are in the community, the more each of those members will benefit from being a member in the community. So, our greatest asset at this point is having and adding more engaged and active members.

On May 12, Taylor will share insights around ME-ISAC during the Cybersecurity & Content Protection Summit online event. His presentation — “The Global Approach to the ME-ISAC” —will stress the importance of information sharing to combat cyberthreats. Click here to register.