US retailers set up center for cyber intelligence sharing

The US Retail Industry Leaders Association (RILA), along with several of America’s most recognized retail brands, launched the Retail Cyber Intelligence Sharing Center (R-CISC).

The R-CISC is an independent organization, the centerpiece of which is a Retail Information Sharing and Analysis Center (Retail-ISAC). Among those companies participating with and supportive of the R-CISC are American Eagle Outfitters, Gap, J.C. Penney, Lowe’s, Nike, Safeway, Target, VF and Walgreens.

Through the R-CISC, retailers are sharing cyber threat information among themselves and, via analysts, with public and private stakeholders, such as the US Department of Homeland Security, US Secret Service and the Federal Bureau of Investigation. The R-CISC will also provide advanced training and education and research resources for retailers.

Paul Morrissey, US Secret Service Assistant Director for Investigations said, “The Secret Service actively supports information sharing initiatives such as the Retail Cyber Intelligence Sharing Center (R-CISC) announced today by RILA. The Secret Service also continues its commitment to promote public/private partnerships through its 33 nationwide Electric Crimes Task Forces (ECTFs) and two international ECTF’s, which bring together over 6,100 private sector partners, members of academia and local, state and federal law enforcement.”

“The retail industry is already going to great lengths to minimize risk and stay ahead of cyber criminals. The reality is, cyber-criminals work non-stop and are becoming increasingly sophisticated in their methods of attack and by sharing information and leading practices and working together, the industry will be better positioned to combat these criminals,” states Ken Athanasiou, Global Information Security Director, American Eagle Outfitters.

RILA has also consulted with recognized third-party cyber specialists and subject matter experts including CrowdStrike, FS-ISAC and other ISACs, IBM, iSIGHT Partners, Information Security Forum, the National Cybersecurity and Communication Integration Center (NCCIC), National Cyber Security Alliance and Verizon to identify leading practices related to threat information sharing.

The R-CISC is open to retailers and merchants of all segments and sizes and aims to become a resource for not only the retail industry, but related merchant industries as well.

There are three components of the R-CISC: a Retail Information Sharing and Analysis Center (Retail-ISAC), Education and Training and Research.

The Retail-ISAC allows retailers to share cyber threat information among each other and share anonymized information with the US government via a cyber-analyst and a technician embedded at the National Cyber Forensics and Training Alliance (NCFTA).

The Retail-ISAC’s dedicated cyber-analyst and technician at the NCFTA facility are processing and distilling information about real-time cyber threats, such as new strains of malware, underground criminal forum activity, potential software vulnerabilities, and translating this information into actionable intelligence, in the most usable and timely form for retailers.

Education and Training: Through the R-CISC, retailers will be able to learn from key stakeholders and advance leading practices on cybersecurity, cyber risk mitigation and data privacy in a trusted environment. Via collaborations with educational institutions and other organizations, retailers will have access to educational resources and training programs.

Research: Recognizing that threats are constantly evolving and technologies are advancing, the R-CISC will help retailers stay ahead of these risks by collaborating with academia.