Today the Retail Industry Leaders Association (RILA), along with several of America’s most recognized retail brands, launched Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC). The RH-ISAC is an independent organization, the centerpiece of which is a Retail Information Sharing and Analysis Center (Retail-ISAC). Among those companies participating with and supportive of the RH-ISAC are American Eagle Outfitters, Gap Inc., J. C. Penney Company Inc., Lowe’s Companies, Inc., Nike, Inc., Safeway, Inc., Target Corporation, VF Corporation and Walgreen Company.
Through the RH-ISAC, retailers are sharing cyber threat information among themselves and, via analysts, with public and private stakeholders, such as the U.S. Department of Homeland Security, U.S. Secret Service and the Federal Bureau of Investigation. The RH-ISAC will also provide advanced training and education and research resources for retailers.
“Retailers place extremely high priority on finding solutions to combat cyber attacks and protect customers. In the face of persistent cyber criminals with increasingly sophisticated methods of attack, the RH-ISAC is a comprehensive resource for retailers to receive and share threat information, advance leading practices and develop research relevant to fighting cyber crimes,” said Sandy Kennedy, president of RILA.
In order to create a structure tailored to the needs of the retail industry, the RH-ISAC was developed with input from more than 50 of America’s largest retailers, and in consultation with key stakeholders including federal law enforcement, government agencies and subject matter experts.
“We have seen a sharp increase in the number of malicious actors attempting to access personal information or compromise the systems we all rely on, in the retail industry and elsewhere,” said Dr. Phyllis Schneck, Deputy Under Secretary for Cybersecurity and Communications at the U.S. Department of Homeland Security National Protection and Programs Directorate. “We continue to work with the private sector to create shared situational awareness of potential cybersecurity vulnerabilities. Retail and Hospitality Information Sharing and Analysis Center will further enhance DHS’s collaboration with this important sector of the American economy and will provide information and resources that can help companies keep their networks and the consumer information stored on them safe and secure.”
Paul Morrissey, U.S. Secret Service Assistant Director for Investigations said, “The Secret Service actively supports information sharing initiatives such as Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC) announced today by RILA. The Secret Service also continues its commitment to promote public/private partnerships through its 33 nationwide Electric Crimes Task Forces (ECTFs) and two international ECTF’s, which bring together over 6,100 private sector partners, members of academia and local, state and federal law enforcement.”
RILA established partnerships with many federal agencies through the formation of the RH-ISAC and has support from U.S. government agencies such as the Department of Homeland Security, the Federal Bureau of Investigation and the United States Secret Service.
“We are highly focused on protecting our customers and maintaining their trust. That’s why we have joined the RH-ISAC and are committed to sharing best practices and information with our peers and other stakeholders in order to strengthen our collective defenses against potential threats,” said Greg Wasson, President and CEO of Walgreen Company and vice chairman of RILA.
“The retail industry is already going to great lengths to minimize risk and stay ahead of cyber criminals. The reality is, cyber-criminals work non-stop and are becoming increasingly sophisticated in their methods of attack and by sharing information and leading practices and working together, the industry will be better positioned to combat these criminals,” states Ken Athanasiou, Global Information Security Director, American Eagle Outfitters, Inc.
“Our top priority is protecting our customers and maintaining the trust they place in us every time they make a purchase,” said Warren Steytler, vice president of information security at Lowe’s Companies, Inc. “We are confident that by sharing with our peers and industry stakeholders through the RH-ISAC, our industry will collectively strengthen its ability to protect critical customer information.”
RILA has also consulted with recognized third-party cyber specialists and subject matter experts including CrowdStrike, FS-ISAC and other ISACs, IBM, iSIGHT Partners, Information Security Forum, the National Cybersecurity and Communication Integration Center (NCCIC), National Cyber Security Alliance and Verizon to identify leading practices related to threat information sharing.
The RH-ISAC is incorporated as an independent organization (501(c)(3) status intended) with an incoming Board of Directors comprised of senior retail executives from American Eagle Outfitters, Gap Inc., J.C. Penney, Nike, Inc., Safeway, Inc., Target Corporation, VF Corporation and Walgreen Company. The RH-ISAC is open to retailers and merchants of all segments and sizes and aims to become a resource for not only the retail industry, but related merchant industries as well. RILA is working with retail associations and the RH-ISAC already has the support of American Apparel & Footwear Association (AAFA) in this ongoing development.
RETAIL CYBER INTELLIGENCE SHARING CENTER (RH-ISAC) BACKGROUND SUMMARY
STRUCTURE:There are three components of the RH-ISAC: a Retail Information Sharing and Analysis Center (Retail-ISAC), Education and Training and Research.
1. Retail-ISAC: Identifying real-time threats and sharing actionable intelligence to mitigate the risk of cyber attacks.
The Retail-ISAC allows retailers to share cyber threat information among each other and share anonymized information with the U.S. government via a cyber-analyst and a technician embedded at the National Cyber Forensics and Training Alliance (NCFTA). The Retail-ISAC’s dedicated cyber-analyst and technician at the NCFTA facility are processing and distilling information about real-time cyber threats, such as new strains of malware, underground criminal forum activity, potential software vulnerabilities, and translating this information into actionable intelligence, in the most usable and timely form for retailers. Retailers are also sharing anonymized information with the U.S. government via relationships that RILA, as a member of the member of the Commercial Facilities Sector Committee, has formed with government agencies, such the U.S. Department of Homeland Security, U.S. Secret Service and the Federal Bureau of Investigation.
2. Education and Training: Educating the retail community on leading practices for information sharing and protecting against cyber criminals.
Through the RH-ISAC, retailers will be able to learn from key stakeholders and advance leading practices on cybersecurity, cyber risk mitigation and data privacy in a trusted environment. Via collaborations with educational institutions and other organizations, retailers will have access to educational resources and training programs.
3. Research: Collaborating with academia to provide research on emerging technologies and potential future threats.
Recognizing that threats are constantly evolving and technologies are advancing, the RH-ISAC will help retailers stay ahead of these risks with one goal in mind, ensuring their business practices keep customers and data safe.
Article Written by
Senior Director, Communications