Public/Private Collaboration Aims To Strengthen Defenses Against Cyber Attacks And Protect Customers
Arlington, VA, 2014-5-16 — /EPR Retail News/ — Today (May 14, 2014) the Retail Industry Leaders Association (RILA), along with several of America’s most recognized retail brands, launched the Retail Cyber Intelligence Sharing Center (R-CISC). The R-CISC is an independent organization, the centerpiece of which is a Retail Information Sharing and Analysis Center (Retail-ISAC). Among those companies participating with and supportive of the R-CISC are American Eagle Outfitters, Gap Inc., J. C. Penney Company Inc., Lowe’s Companies, Inc., Nike, Inc., Safeway, Inc., Target Corporation, VF Corporation and Walgreen Company.
Through the R-CISC, retailers are sharing cyber threat information among themselves and, via analysts, with public and private stakeholders, such as the U.S. Department of Homeland Security, U.S. Secret Service and the Federal Bureau of Investigation. The R-CISC will also provide advanced training and education and research resources for retailers.
“Retailers place extremely high priority on finding solutions to combat cyber attacks and protect customers. In the face of persistent cyber criminals with increasingly sophisticated methods of attack, the R-CISC is a comprehensive resource for retailers to receive and share threat information, advance leading practices and develop research relevant to fighting cyber crimes,” said Sandy Kennedy, president of RILA.
In order to create a structure tailored to the needs of the retail industry, the R-CISC was developed with input from more than 50 of America’s largest retailers, and in consultation with key stakeholders including federal law enforcement, government agencies and subject matter experts.
“We have seen a sharp increase in the number of malicious actors attempting to access personal information or compromise the systems we all rely on, in the retail industry and elsewhere,” said Dr. Phyllis Schneck, Deputy Under Secretary for Cybersecurity and Communications at the U.S. Department of Homeland Security National Protection and Programs Directorate. “We continue to work with the private sector to create shared situational awareness of potential cybersecurity vulnerabilities. The Retail Cyber Intelligence Sharing Center will further enhance DHS’s collaboration with this important sector of the American economy and will provide information and resources that can help companies keep their networks and the consumer information stored on them safe and secure.”
Paul Morrissey, U.S. Secret Service Assistant Director for Investigations said, “The Secret Service actively supports information sharing initiatives such as the Retail Cyber Intelligence Sharing Center (R-CISC) announced today by RILA. The Secret Service also continues its commitment to promote public/private partnerships through its 33 nationwide Electric Crimes Task Forces (ECTFs) and two international ECTF’s, which bring together over 6,100 private sector partners, members of academia and local, state and federal law enforcement.”
RILA established partnerships with many federal agencies through the formation of the R-CISC and has support from U.S. government agencies such as the Department of Homeland Security, the Federal Bureau of Investigation and the United States Secret Service.
“We are highly focused on protecting our customers and maintaining their trust. That’s why we have joined the R-CISC and are committed to sharing best practices and information with our peers and other stakeholders in order to strengthen our collective defenses against potential threats,” said Greg Wasson, President and CEO of Walgreen Company and vice chairman of RILA.
“The retail industry is already going to great lengths to minimize risk and stay ahead of cyber criminals. The reality is, cyber-criminals work non-stop and are becoming increasingly sophisticated in their methods of attack and by sharing information and leading practices and working together, the industry will be better positioned to combat these criminals,”states Ken Athanasiou, Global Information Security Director, American Eagle Outfitters, Inc.
“Our top priority is protecting our customers and maintaining the trust they place in us every time they make a purchase,” said Warren Steytler, vice president of information security at Lowe’s Companies, Inc. “We are confident that by sharing with our peers and industry stakeholders through the R-CISC, our industry will collectively strengthen its ability to protect critical customer information.”
RILA has also consulted with recognized third-party cyber specialists and subject matter experts including CrowdStrike, FS-ISAC and other ISACs, IBM, iSIGHT Partners, Information Security Forum, the National Cybersecurity and Communication Integration Center (NCCIC), National Cyber Security Alliance and Verizon to identify leading practices related to threat information sharing.
The R-CISC is incorporated as an independent organization (501(c)(3) status intended) with an incoming Board of Directors comprised of senior retail executives from American Eagle Outfitters, Gap Inc., J.C. Penney, Nike, Inc., Safeway, Inc., Target Corporation, VF Corporation and Walgreen Company. The R-CISC is open to retailers and merchants of all segments and sizes and aims to become a resource for not only the retail industry, but related merchant industries as well. RILA is working with retail associations and the R-CISC already has the support of American Apparel & Footwear Association (AAFA) in this ongoing development.
R-CISC website: www.r-cisc.org
Retail Cyber Intelligence Sharing Center (R-CISC)
Background Summary
STRUCTURE:
There are three components of the R-CISC: a Retail Information Sharing and Analysis Center (Retail-ISAC), Education and Training and Research.
1. Retail-ISAC: Identifying real-time threats and sharing actionable intelligence to mitigate the risk of cyber attacks.
The Retail-ISAC allows retailers to share cyber threat information among each other and share anonymized information with the U.S. government via a cyber-analyst and a technician embedded at the National Cyber Forensics and Training Alliance (NCFTA). The Retail-ISAC’s dedicated cyber-analyst and technician at the NCFTA facility are processing and distilling information about real-time cyber threats, such as new strains of malware, underground criminal forum activity, potential software vulnerabilities, and translating this information into actionable intelligence, in the most usable and timely form for retailers. Retailers are also sharing anonymized information with the U.S. government via relationships that RILA, as a member of the member of the Commercial Facilities Sector Committee, has formed with government agencies, such the U.S. Department of Homeland Security, U.S. Secret Service and the Federal Bureau of Investigation.
2. Education and Training: Educating the retail community on leading practices for information sharing and protecting against cyber criminals.
Through the R-CISC, retailers will be able to learn from key stakeholders and advance leading practices on cybersecurity, cyber risk mitigation and data privacy in a trusted environment. Via collaborations with educational institutions and other organizations, retailers will have access to educational resources and training programs.
3. Research: Collaborating with academia to provide research on emerging technologies and potential future threats.
Recognizing that threats are constantly evolving and technologies are advancing, the R-CISC will help retailers stay ahead of these risks with one goal in mind, ensuring their business practices keep customers and data safe.
INCOMING BOARD MEMBERS:
- Ken Athanasiou, Global Information Security Director; American Eagle Outfitters, Inc.
- Rich Noguera, Head of Information Security; Gap, Inc.
- Scott Howitt, VP, Chief Information Security Officer; J.C. Penney
- William Dennings, Chief Information Security Officer; Nike, Inc.
- Colin Anderson, VP, Information Technology; Safeway, Inc.
- Jenny Ley, Director, Corporate Security Intelligence, Target Corporation
- David McLeod, Chief Information Security Officer; VF Corporation
- Jim Cameli, Information Security Officer; Walgreen Company
TIMELINE:
January 27: | RILA launches Retail Cybersecurity and Data Privacy Initiative |
RILA establishes the Retail Cybersecurity Leaders Council (RCLC) | |
February 7: | RCLC holds first meeting |
February 18: | RILA forms an information sharing partnership with the National Cyber Forensics Training Alliances (NCFTA) |
Feb./March: | RILA consults with the US government agencies and industry groups, including the FS-ISAC and other ISACs to learn from them and identify the most practical and effective means to share threat information |
March 25-26: | RCLC holds in-person meeting at NCFTA. Retailers meet with federal government agencies, subject matter experts, FS-ISAC, and other key stakeholders |
April 2: | RILA President Sandy Kennedy testifies before the Senate Homeland Security and Governmental Affairs Committee at a hearing on benefits of threat information sharing |
April: | RILA establishes partnerships with law enforcement to further intelligence for retailers |
May 14: | Retail Cyber Intelligence Sharing Center (R-CISC) launched |
RILA is the trade association of the world’s largest and most innovative retail companies. RILA members include more than 200 retailers, product manufacturers, and service suppliers, which together account for more than $1.5 trillion in annual sales, millions of American jobs and more than 100,000 stores, manufacturing facilities and distribution centers domestically and abroad.
The National Cyber Forensics and Training Alliance (NCFTA) is a non-profit corporation with an established and expansive alliance between subject matter experts in the public and private sectors (more than 500 worldwide) with the goal of addressing complex cyber crimes. The subject matter experts are from industry, academia and government.
###
Allie Brandenburger
Director, Communications
Phone: 703-600-2063
Email: allie.brandenburger@rila.org