Success Stories in Cybersecurity Information Sharing
By David S. Turetsky, Brian H. Nussbaum and Unal Tatar
The paper identifies some real-world success stories across different types of economic and nonprofit organizations where cybersecurity information sharing made a difference, including where participants avoided harm due to shared information. It is important to provide businesses, policymakers and others with examples of tangible successes across the economy since the costs and risks of information sharing sometimes appear more concrete. The paper builds on interviews by the authors, and the proceedings of an October 18, 2018 conference at the University at Albany that included information sharing leaders.
Read Research Paper Here
The paper, associated conference and research was supported by a grant from the William and Flora Hewlett Foundation.
2018 Cybersecurity Conference
The 2018 Cybersecurity Conference was held on October 23, 2018, from 1:00 to 5:00 PM in the UAlbany Campus Center Board Room at the University at Albany.
1:00 PM - Welcome by iCEHC Dean Robert Griffin
Brief comments by: Provost and Senior Vice President of Academic Affairs James Stellar; Professor of Practice David Turetsky; and MS-ISAC Chair Tom Duffy; followed by Keynote Introduction.
1:20-2:00 - Keynote Speaker
Rob Knake - Senior Research Scientist in Cybersecurity and Resilience at the Global Resilience Institute; the Whitney Shepardson Senior Fellow at the Council on Foreign Relations; and former Director for Cybersecurity Policy at the National Security Council, 2011-2015.
2:00-3:20 - Panel 1
- Scott Algeier - Executive Director, IT-ISAC
- Denise Anderson - President, NH-ISAC
- Kathryn Condello - Senior Director, National Security & Emergency Preparedness, CenturyLink
- Scott Finlon - Principal Security Engineer, REN-ISAC
3:20-3:30 - Break
3:30-4:50 - Panel 2
- Carl Anderson - Chief Legal Officer & Senior Vice President of Governmental Affairs, HITRUST Alliance
- Tom Duffy - Senior Vice President of Operations and Services, Center for Internet Security, and Chair, MS-ISAC
- Eric Guerrino - Executive Vice President and Chief Operating Officer, FS-ISAC
- Fred Hintermister - Vice President of Energy Protection, Global Resilience Federation
4:50-5:00 - Closing Remarks
About the Speakers
The speakers included several of the most prominent leaders of the information-sharing community in the nation. They come from many different sectors, from health care to information technology, from financial services to communications, from state and local governments to research and educational institutions. Read more about the speaker's biographies below.
Scott C. Algeier
Scott C. Algeier works at the intersection of cybersecurity policy and operations. He is the Founder, President and CEO of cybersecurity consulting firm Conrad, Inc., Executive Director of the Information Technology – Information Sharing and Analysis Center (IT-ISAC).
The IT-ISAC is a non-profit organization that facilitates cyber threat information sharing and collaborative analysis among the world’s leading technology companies. As Executive Director, Scott’s responsibilities include the daily management of the organization, developing and implementing enhanced information sharing and analysis capabilities, facilitating cyber incident response across the IT-ISAC member companies, and establishing and maintaining effective partnerships. He is the IT-ISAC’s principal spokesperson, representing the organization to the public, senior leadership at the U.S. Department of Homeland Security (DHS), the U.S. Congress and policy makers across the globe.
Scott also is an Officer of the IT Sector Coordinating Council and served as Vice Chair of the National Council of ISACs and as industry Chair of the IT Sector Risk Assessment Committee, which developed the first ever public-private risk assessment of critical IT functions.
Carl Anderson is the Chief Legal Officer and Senior Vice President of Government Affairs for HITRUST. In this role, he is responsible for the company’s corporate, external, government, and legal affairs. Anderson leads a team that is responsible for the company’s legal work, intellectual property portfolio, global security, privacy and public policy.
Before joining HITRUST in 2017, Anderson served as a Vice President at Van Scoyoc Associates where he used his legislative and executive branch experience to create tailored government relations strategies to achieve results for his clients. He additionally served on the firm’s Crisis Management Team, managing congressional relations during client investigations and public relations efforts.
Before joining Van Scoyoc Associates, Anderson served as a counsel for the House Committee on Energy and Commerce where he managed many high-profile industry investigations. Upon graduating from law school, he was selected into the United States Department of Justice Attorney General’s Honors Program. Anderson was appointed a Special Assistant U.S. Attorney for the District of Columbia in 2007.
Anderson received his J.D. from the Columbus School of Law at Catholic University and a B.A. from Virginia Tech.
Denise Anderson, MBA, is President of the Health Information Sharing and Analysis Center.
(H-ISAC), a non-profit organization dedicated to protecting the health sector from physical and cyber attacks and incidents through dissemination of trusted and timely information.
Denise currently serves as Chair of the National Council of ISACs and participates in a number of industry groups and initiatives. In addition, she has served on the Board and as Officer and President of an international credit association, and has spoken at events all over the globe.
Denise was certified as an EMT (B), and Firefighter I/II and Instructor I/II in the state of Virginia for twenty years and was an Adjunct Instructor at the Fire and Rescue Academy in Fairfax County, Virginia for ten years.
She is a graduate of the Executive Leaders Program at the Naval Postgraduate School Center for Homeland Defense and Security.
Kathryn Condello is an operations-focused leader within CenturyLink and the Communications Sector, with extensive, executive-level experience in managing and directing broad corporate and industry initiatives in the areas of strategic planning, policy development, government relations, network deployment / operations, and business marketing functions. Ms Condello has more than 20 years experience in industry level initiatives associated with national security, network reliability, and emergency preparedness programs, planning and policy initiatives.
Ms.Condello represents CenturyLink at the Federal level in all policy, planning and operational issues related to National Security, Emergency Preparedness, Disaster Response, Critical Infrastructure Protection, and Continuity of Operations. In this role, Ms Condello: is the CenturyLink Representative embedded within the Department of Homeland Security National Coordinating Center (NCC), and was the Chair of the NCC/Communications ISAC; She is the designated conduit between the White House and CenturyLink CEO for national continuity of operations activities; represents CenturyLink in all planning activities associated with the DHS National Infrastructure Protection Planning (NIPP) process; and supports the CEO’s role as Member of the President’s National Security Telecommunications Advisory Committee.
CenturyLink Senior Director, National Security / Emergency Preparedness
Resident Liaison to DHS National Coordinating Center (NCC)
Senior CenturyLink Member DHS/NCCIC Unified Coordination Group
Vice-Chair, Communications SCC Past Chair, DHS NCC/Comms-ISAC
She holds a B.A. from the University of Virginia, an M.B.A. from Loyola College, and served as a Principal Associate (Research Professor) with George Mason University’s Critical Infrastructure Protection Program. Ms Condello started her career in the public safety radio business, was one of the first commercial wireless pioneers, and gathered more than 20 years commercial wireless experience prior to joining CenturyLink. In 2001, Ms Condello was named by Wireless Week as one of the 25 Influential Women in Wireless for her work associated with wireless priority service.
Thomas Duffy is Senior Vice President of Operations and Services at CIS. He is responsible for managing all aspects of the CIS Security Operations activities, which are the focal point for cyber threat prevention, protection, response, and recovery for the nation’s state, local, tribal, and territorial (SLTT) governments. He also is the Chair of the Multi-State Information Sharing & Analysis Center, MS-ISAC. Mr.Duffy provides leadership in developing program, organizational, and financial strategies. He also manages the operation of the CIS 24-hour cybersecurity watch and warning operations center, which provides real-time network monitoring, early cyber threat warnings and advisories, vulnerability identification and mitigation, and incident response. He works closely with the U.S. Department of Homeland Security (DHS), including its National Cybersecurity and Communications Integration Center (NCCIC), as well as with SLTT officials across the country.
Prior to joining CIS, Mr. Duffy served as Deputy Director of the New York State Office of Cyber Security and Critical Infrastructure Coordination (CSCIC). In this role, he oversaw the day-to-day operations of the Office, which included coordinating the State’s cybersecurity strategies and policy development, monitoring the State’s networks, researching threats, vulnerabilities, and exploits, and issuing cyber alert advisories to the governmental and private sector entities in New York.
Scott Finlon is the Principal Security Engineer at the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC). The REN-ISAC acts as the Computer Security Incident Response Team (CSIRT) for the research and education community at large. The REN-ISAC serves the entire higher education space in the United States, including non-member institutions. The REN-ISAC also has over 618 member institutions in the "five eyes" of Australia, Canada, New Zealand, the United Kingdom, and the United States which actively participate in data sharing activities.
Scott previously was an Information Security Engineer at the University of Scranton, the Manager of Cyber Security Architecture and Engineering at Las Vegas Sands Corp., and has been at the REN-ISAC since 2015. He has a BS from Penn State in Information Sciences and Technology, and currently holds the CISSP, CCNA R&S, CCNA Security, GCIH, GCIA, and GMON certifications. Scott's background is in network security, and he also focuses on threat intelligence and data sharing at the REN-ISAC.
Eric Guerrino is Executive Vice President and Chief Operating Officer for the Financial Services Information Sharing and Analysis Center (FS-ISAC). He oversees operations including the Security Operations Center (SOC), IT, Member Services, Intelligence Office, and supports multiple FS-ISAC work groups and committees. He manages vendor relationships and helps to build new public/private partnerships that enhance the security of the financial industry and add value to the membership.
Prior to joining the FS-ISAC, Eric was Managing Director and Senior Advisor to the Head of Operations and Technology Risk Management at BNY Mellon. Previously, Eric was Head of Information Security at BNY Mellon from 1998 through 2008. He served as the firm’s liaison to multiple industry groups established to examine cyber security challenges and associated activities, and threats to critical infrastructure.
Eric was a member of the industry team that helped found the FS-ISAC in 1999. Eric became a director of the FS-ISAC in 2001, and served as chairman from October 2006 to December 2008. Eric also served as a director of the Internet Security Alliance, and led various industry initiatives supported by BITS (The technology policy division of the Financial Services Roundtable) . Eric was the recipient of the 2004 RSA Conference Award for Best Practices in Application Security.
Fred Hintermister is the Vice President of Energy Protection, Global Resilience Federation (GRF). Fred has a blended background in technology, security and business. In his role at GRF, Fred provides leadership for Energy Analytic Security Exchange (EASE), a platform enabled community which supports both the energy sector and cross-sector resiliency which depends on it. Fred’s leadership roles have included extensive national security, risk management, international trade, energy industry, innovation and supply chain responsibilities.
He is a former Officer of the National Council of ISACs (NCI) who has helped shape the emerging critical infrastructure, public-private partnership and crisis response space. Fred holds an MBA from the Johnson Graduate School of Management at Cornell University, a Master of Science in Science and Technology Commercialization from the IC2 Institute at University of Texas at Austin, and undergraduate degrees from Cornell and Penn State. He is a current member of the Yale Cyber Leaders Forum.
Rob Knake is the Senior Research Scientist in Cybersecurity and Resilience at the Global Resilience Institute and the Whitney Shepardson Senior Fellow at the Council on Foreign Relations. His work focuses on Internet governance, public-private partnerships, and cyber conflict and his expertise includes developing presidential policy. He is currently engaged on a multi-year project to examine the creation of a Critical Infrastructure Network that would move control system operations off of the public Internet — CInet.
Knake served from 2011 to 2015 as Director for Cybersecurity Policy at the National Security Council. In this role, he was responsible for the development of presidential policy on cybersecurity, and built and managed federal processes for cyber incident response and vulnerability management.
A frequent writer and speaker on cybersecurity, he has been quoted by the New York Times, the Wall Street Journal, and the Washington Post and appeared on MSNBC, CNN, and National Public Radio. He co-authored, with Richard A. Clarke, the book “Cyber War: The Next Threat to National Security and What to Do About It.” He has testified before Congress on information sharing and the problem of attribution in cyberspace, and written and lectured extensively on cybersecurity policy
Knake holds a master’s in public policy from Harvard’s Kennedy School of Government and undergraduate degrees in history and government from Connecticut College.
David Turetsky is Professor of Practice at the College of Emergency Preparedness, Homeland Security and Cybersecurity at the University at Albany, and is an affiliated faculty member at Albany Law School. He has more than 35 years of experience that includes senior roles in business, government, and law. At the University at Albany, he leads a project on the successes of information sharing supported by a grant from the William and Flora Hewlett Foundation.
Mr. Turetsky was co-leader of global law firm Akin Gump's cybersecurity, privacy and data protection practice and earlier served in a senior role at the Federal Communications Commission (FCC), as Chief of the Public Safety and Homeland Security Bureau. He led the FCC’s efforts to improve the nation’s cybersecurity and represented the FCC in White House–led inter-agency policymaking, including to implement the President’s Executive Order on Improving Critical Infrastructure Cybersecurity and the Presidential Policy Directive on Critical Infrastructure Security and Resilience, and as a member of the Executive Committee created by the President’s Executive Order on National Security and Emergency Preparedness Communications.
Mr. Turetsky served as a senior officer of a broadband telecom services provider that he helped to bring public; as the federal-court appointed Management Trustee to run mobile wireless communications services businesses in certain rural areas until divested to preserve competition pursuant to merger consent decrees; in the U.S Department of Justice as Deputy Assistant Attorney General for Antitrust, for civil and regulatory; and in a variety of other law firm, entrepreneurial, and public policy-focused roles. He is an appointed member of the American Bar Association’s Cybersecurity Legal Task Force, where he leads a project on information sharing, and serves as co-leader of the privacy and security working group of the standards organization for information sharing and analysis organizations.
He earned a B.A. from Amherst College, magna cum laude, a J.D. from the University of Chicago Law School, and studied at the London School of Economics and Political Science.