REN-ISAC logo
Member Login
login help
About REN-ISAC
Membership
Contact Us
24x7 CSIRT
Alerts
Monitoring
Projects
Programs
Events
Contributors
Links

Charter

Document version 2.11, July 5, 2013

0.1REN-ISAC Organizational Documents
 
1.Charter  ( this document )
2.Membership Guide
3.Membership Terms and Conditions
4.Membership Fees
5.Information Sharing Policy
6.REN-ISAC Disclaimer
0.2Table of Contents
 
1.Introduction
2.History
3.Membership
4.Mission
5.Reporting, Sharing, and Projects
6.Leadership
7.Sustainability
8.Community Input and Advisory
1.0Introduction
1.1Sharing experiences, practices, and responses amongst organizations has long been known to improve operations in those individual organizations, and in those communities. It is no different in the world of operational security. Indeed, Presidential Decision Directive 63 (PDD 63, May of 1998) initially encouraged, and then the superseding Homeland Security Presidential Directive 7 (HSPD-7, December 2003) also encouraged the sharing of security information amongst various sectors of the economy, and encouraged the creation of "sector information sharing and analysis centers (ISACs)". The Directive recognized that various sectors of the economy experience security (physical and logical) events and threats at varying intensities and points in time. Sharing incident information with other sectors may provide the impacted/reporting sector with ideas for minimizing impact and recovering from the event; it would also likely allow for planning and implementation of mitigation techniques in sectors to which the threat has not yet reached. Clearly, increasing the scope of sharing results in greater security preparedness for all involved.
1.2HSPD-7 discusses coordination with the private sector:
 

In accordance with applicable laws or regulations, the Department and the Sector-Specific Agencies will collaborate with appropriate private sector entities and continue to encourage the development of information sharing and analysis mechanisms. Additionally, the Department and Sector-Specific Agencies shall collaborate with the private sector and continue to support sector-coordinating mechanisms to:

(a) Identify, prioritize, and coordinate the protection of critical infrastructure and key resources; and

(b) Facilitate sharing of information about physical and cyber threats, vulnerabilities, incidents, potential protective measures, and best practices.

2.0History
2.1The National Infrastructure Protection Center (NIPC, then part of the FBI, but since subsumed by the Department of Homeland Security) was tasked by PDD 63 to coordinate the sharing centers that would represent various sectors (e.g., Transportation, Food, Energy, Telecommunications, Information Technology, etc.). Several people involved in security at Indiana University saw that Higher Education was NOT represented in the initial structure of sectors being described by the NIPC, and so would not participate in (or benefit from) this sharing scheme. Then-Indiana University Vice President and Chief Information Officer Michael McRobbie met with Admiral James Plehal, then-Director of the NIPC, and discussed the situation. Subsequent interactions between Indiana University, EDUCAUSE, and Internet2, with Richard Clarke and others in US government lead to discussions of developing higher education representation. Concurrently, EDUCAUSE and Internet2 both identified a formal sharing mechanism an important component of the higher education security approach.
2.2Indiana University has invested greatly in the areas of "information and infrastructure assurance." In addition, as operator of the Global Research Network Operations Center (GR-NOC), Indiana University has a unique view of various national and international R&E networks, including Internet2 and National Lambda Rail (NLR). Because of these network relationships, Indiana University necessarily has some of the best network engineers in the US. The Service Desk of the GR-NOC monitors the networks for which Indiana University has management responsibility 24x7, including network instrumentation and other sources of specific information about security events.
2.3Indiana University was a charter member of the EDUCAUSE & Internet2 Computer and Network Security Task Force [5].
2.4It was due to these competencies, relationships, and functions, along with a desire on the part of Indiana University to improve security locally and in the higher education community, that the first ISAC serving higher education - the Research and Education Networking ISAC (REN-ISAC) - is based at Indiana University. Hosting the REN-ISAC (as a participant in the national ISAC structure) at Indiana University was formalized in D.C. on February 21, 2003.
2.5Subsequently, the REN-ISAC was identified as a component of an emphasis on operational security by, and as an enhancement of security services already provided by Indiana University to the Internet2 community. EDUCAUSE has identified the REN-ISAC as a primary component of the joint EDUCAUSE/Internet2 effort to improve security across higher education. The REN-ISAC will, where possible and feasible, work in conjunction with these efforts to further the general goals of improving security across the higher education community.
3.0Membership
3.1The REN-ISAC serves colleges and universities, teaching hospitals, research and education network providers, and government-funded research organization. Institutions are members, and one or more individuals who satisfy a set of criteria represent each member organization.
3.2Membership details can be found in the Membership Guide [6].
3.3Other general terms and conditions of REN-ISAC membership and operations can be found in the Membership Terms and Conditions [7].
4.0Mission
4.1The REN-ISAC mission is to aid and promote cybersecurity operational protection and response within the research and higher education (R&E) communities. The mission is conducted through private information sharing within a community of trusted representatives at member organizations, and as a computer security incident response team (CSIRT) supporting the R&E community at-large. REN-ISAC serves as R&E's trusted partner in commercial, governmental and private information sharing relationships, in the formal U.S. ISAC community, and for served networks.
5.0Reporting, Sharing, and Projects
5.1The REN-ISAC provides information products and services, and engages activities toward satisfying the Mission. A description of the products, services, and activities can be found at the REN-ISAC web pages [1]. Some examples follow.
1.The REN-ISAC distributes a daily situational awareness report based on observations from sensors and instrumentation, member input, information gathered from information sharing relationships, and open sources.
2.The REN-ISAC sends notifications to campuses affected by security incidents, aiding those campuses to immediately identify and stop the activity, and recover and repair affected systems. Depending on the severity of an incident and sources of information, notifications may occur in real-time, or in daily bulk distribution of incident notifications. Further, the information may be sanitized and shared to member campuses, other ISACs, and trusted information sharing partners, when the information could help others respond to widespread attacks, improve local security posture, and/or avoid future impact.
3.The REN-ISAC distributes bulk information (IP addresses, DNS names, URLs) regarding known bad actors, so that members can protect their networks and systems, and identify compromised machines in their domain.
4.The REN-ISAC provides channels for members to communicate and share information in a private and trusted setting.
5.The REN-ISAC receives and analyzes reports from members regarding systems that are the source or victim of a network attack, or are being seriously degraded due to unknown and suspicious cause.
6.REN-ISAC responds to requests for information and analysis from members, government agencies, and other sector ISACs.
5.2All sharing is dictated by the policies and statements described in the Information Sharing Policy[2].
6.0Leadership
6.1Staffed leadership includes an Executive Director and a Technical Director.
6.2The Executive Advisory Group, Technical Advisory Group, and Membership Committee provide consultation to the REN-ISAC directors (see Community Input and Advisory below).
7.0Sustainability
7.1General
7.1.1Resources must keep pace with growth resulting in a sustained high level of benefit to members.
7.1.2Membership fees are established as a function of the total cost of operations (based on membership desires and needs) and the number of members at a given time. Fees are set to only what is necessary to cover the costs of functional and beneficial services. (That is, the REN-ISAC will not become a for-profit entity.)
7.1.3REN-ISAC staffing fluctuates as a function of the needs of the membership.
7.1.4Additional participation by individual members (direct involvement in advisory or technical groups, in developing and providing services, or in active participation in discussions and in providing useful intelligence information) has and will continue to be critical.
7.1.5While seeking funding is not a major component of staff activities, the REN-ISAC staff will be watchful of sponsorships and other appropriate tangible support opportunities.
7.2Agency
7.2.1Given that Indiana University (an agency of the State of Indiana), is the administrative and fiscal agent of the REN-ISAC, financial operations of the organization will adhere to Indiana University fiscal policies [8].
7.2.2With that caveat, to the extent possible and allowed, the REN-ISAC staff will seek input and advice from sitting advisory groups as representatives of the membership, and under certain circumstances directly from the membership, on financial aspect of operations.
7.3Basic Financial Principle
7.3.1REN-ISAC will not be operated to generate and disseminate profit, but also cannot be a cost center of any particular sponsoring or supporting organization.
7.3.2The fundamental financial goal of the REN-ISAC is to cover all costs through a combination of tangible sponsorship, support, or other philanthropic revenue and fees, and given the expense parameters and the fiscal environment in which the REN-ISAC operates.
7.4Costs
7.4.1Operational expenses incurred will be reasonable and necessary to support the goals of the organization. Expenses will be managed by the REN-ISAC Executive Director, in consultation with the Executive Advisory Group.
7.4.2These costs include:
1.All applicable expenses, including but not limited to labor, travel, supplies and materials, services, maintenance, utilities, fixed charges and rentals, capital outlays and related charges, and management and administrative fees;
2.Retention for reserves to provide working capital, replacement of facilities and equipment;
3.Other expenses normal to orderly administration and operation of an information and technology-oriented activity, including mitigation of impact of disruptions to service (e.g., business continuity and disaster recovery) and physical and logical security.
7.5Relationships
7.5.1All interactions between the REN-ISAC and other agencies must directly support the fundamental goals of the organization.
7.5.2Any proposed relationship (involving tangible sponsorship, information sharing, or similar considerations) between the REN-ISAC and other organizations (especially commercial entities) will be discussed with the Executive Advisory Group and the Technical Advisory Group, which will provide advice as to how/whether to proceed.
7.6Membership Fees
7.6.1Members will be charged an annual rate consistent with the cost statements above.
7.6.2Rates are set annually, at the decision of the Executive Director, in consultation with the Executive Advisory Group.
7.6.3Nominal increases may be applied to offset staff cost-of-living, inflationary, and other nominal increases in expenses.
7.6.4Less frequent larger changes in rates may be necessary to cover costs incurred by improvements in operations and services provided.
7.6.5Fees are published in the Membership Fees document [3].
7.7Reserves
7.7.1Excess reserves, as determined by REN-ISAC staff, in consultation with the Executive Advisory Group, will be used to offset increases (and potentially allow for decreases) in membership fees.
7.8Reporting
7.8.1REN-ISAC staff will provide an annual budget and expense summary report to the members within one month of fiscal year close. At the request of the Executive Advisory Group Chair, a detailed budget and expense report will be provided to the Executive Advisory Group.
8.0Community Input and Advisory
8.1General
8.1.1Executive and technical advisory groups, and the membership committee, are assembled from the membership, and they represent the membership. They assist REN-ISAC staff in navigating policy issues, refining and developing information products and other services, and ensuring viable membership procedures and processes. Membership of the groups is by invitation, and will be representative of the U.S. higher education demographics.
8.1.2Other committees and groups will be formed as necessary to support the goals of the REN-ISAC and of the membership.
8.1.3Current membership and other information about community advisory can be found at the Advisory Groups web page[4].
8.2Executive Advisory Group (EAG)
8.2.1The Executive Advisory Group (EAG) advises REN-ISAC directors regarding policies, legal issues, plans and strategies, and other non-technical aspects of REN-ISAC operations.
8.2.2The EAG is composed of approximately five to seven members and one or more liaisons appointed by the REN-ISAC Executive Director. EAG members will be individuals who are broadly versed in information technology legal, policy, and general security issues and concerns. Not more than one sitting EAG member will be from an individual organization. Chief Information or Technology Officers, university lawyers, and senior IT policy security officers are likely candidates.
8.2.3The chair of the Technical Advisory Group (below) is a member of the EAG.
8.2.4Other aspects of the EAG are described at the Advisory Groups web page[4].
8.3Technical Advisory Group (TAG)
8.3.1The Technical Advisory Group (TAG) advises the REN-ISAC technical staff regarding information products, services, and methods, threat intelligence, and other technical aspects of REN-ISAC operations.
8.3.2The TAG is composed of approximately ten individuals and one or more liaisons appointed by the REN-ISAC Technical Director. A super majority of the TAG is drawn from the REN-ISAC membership. Individuals drawn from outside REN-ISAC membership are vetted by the TAG and given XSec member status during their appointment.
8.3.3Other than as published in reports to the membership, information provided to the TAG and its deliberations are private.
8.3.4Other aspects of the TAG are described at the Advisory Groups web page[4].
8.4Membership Committee
8.4.1The Membership Committee monitors the member application process, including the vouching for prospective member representatives. It responds to applicant and member questions and concerns. It judges cases of dissent regarding prospective member representatives, reproach of current member representatives, and makes recommendations to the REN-ISAC directors regarding appropriate response. In addition, the Committee supports member awareness of REN-ISAC policies, and monitors compliance; identifies and makes recommendations regarding member and prospective member needs and perceptions; recommends ways to increase REN-ISAC membership, especially among underrepresented segments of the U.S. research and education community; recommends ways to make prospective and current members aware of the resources, services, and benefits of REN-ISAC; welcomes new members and encourages participation in REN-ISAC activities; and in cooperation with REN-ISAC directors and the Executive Advisory Group, adjudicates cases of policy breach.
8.4.2The Membership Committee is composed of appointed members and the REN-ISAC Technical Director. Appointments are made by the Executive Director. The Committee chair responds to requests from the Executive Advisory Group, and works with the chair of the EAG on cases of member discipline. The Committee submits annual reports to the Technical Director in advance of the REN-ISAC Annual Member Meeting.
8.4.3Other mechanics of Membership Committee operation are described at the member-private Advisory Groups web page.

Footnotes

  1. REN-ISAC; http://www.ren-isac.net
  2. Information Sharing Policy; http://www.ren-isac.net/docs/information_sharing_policy.html
  3. Membership Fees; http://www.ren-isac.net/docs/fees.html
  4. REN-ISAC Advisory Groups and Analysis Teams; http://www.ren-isac.net/about/advisory.html
  5. EDUCAUSE & Internet2 Computer and Network Security Task Force; http://www.educause.edu/security
  6. Membership Guide; http://www.ren-isac.net/docs/membership.html
  7. Membership Terms and Conditions; http://www.ren-isac.net/terms_and_conditions.html
  8. Indiana University Financial Affairs - Policies; http://www.indiana.edu/~vpcfo/policies/