Multi-stakeholder Incident Response/USIRP

The Unified Security Incident Response Plan (USIRP) is one of the primary means by which ICASI fulfills its mission of enhancing the global security landscape. Comprising a trusted forum and supporting processes, procedures, and tools, the USIRP enables Security Incident Response Teams (SIRTs) from ICASI member companies to collaborate quickly and effectively to resolve complex, multi-stakeholder Internet security issues. These issues include: vulnerabilities in commonly-used software; incidents – urgent or emergent – that affect multiple ICASI member organizations; and ongoing or long-term problems that warrant a strategic response.

The USIRP works by harmonizing ICASI member companies’ internal security incident response procedures and personnel by providing a common, formal framework with which these organizations can: trigger a USIRP event; share critical information about it; and work together effectively on a coordinated response. ICASI also has established relationships with other industry organizations to help broaden its own reach in dealing effectively with active or future security issues.

The US National Security Telecommunications Advisory Committee, in its Report to the President on Information and Communications Technology Mobilization, has cited the ICASI USIRP as a model process for multi-stakeholder incident response.

Vulnerability Coordination

ICASI is working to drive the industry toward more organized and repeatable approaches to vulnerability coordination.  In that quest, it is partnering with other stakeholders and organizations to develop best practices and methods that effectively address the complexities of today’s security landscape. ICASI’s partnership with FIRST is one example of its leadership on the issue. ICASI is co-sponsor of and an active participant in a Vulnerability Coordination SIG within FIRST. Through that activity, ICASI aims to help bring together a multi-stakeholder, cross-industry group with the aim of improving the way in which vulnerabilities are coordinated and related information is shared with stakeholders across like communities.

Information Sharing

ICASI is a pre-eminent trust forum where members routinely share best practices and exchange protected information around vulnerabilities and mitigations. Because ICASI member companies work under a unique, multilateral non-disclosure agreement (NDA), they are able to collaborate and share critical information openly with one another while protecting each company’s intellectual property. Whether it is through informal discussion among members, its regular Think Tank Monday sessions, or invitations to member security conferences, ICASI members engage with one another at depth and breadth rarely seen in the industry.