The US-based Internet Security Alliance (ISA) has been established since 2000 and has since attracted big-name members such as Verizon, Lockheed Martin and Northrup Grumman as well as other public companies operating in aviation, defence, education, financial services, healthcare, and manufacturing.
The Virginia-based think tank has advised White House and Congress officials on cyber security in the past – including the US Cyber Security Framework most recently – and does this via an assortment of face-to-face meetings, thought leadership white papers and public policy.
SCMagazineUK.com understands that a European spin-off of the advisory body is now in the works, with the Internet Security Alliance for Europe (ISAFE) expected to be formally launched next spring.
The group is to be led by Vodafone group corporate security director Richard Knowlton who will manage a small team based out of Brussels, Belgium.
Knowlton – whose official title will be ‘director' - has been on the ISA board for two years and says that the idea for a European equivalent was first mooted by the advisory body. It has since received public support from the EU Commission and Art Coviello, the executive chairman of RSA, who briefly detailed the initiative at the Evanta Global CISO Executive Summit.
“Knowlton established a chapter of the Alliance in Europe in the interest of making sure that the security needs of industry are strongly supported by European public policy and legislators,” he said at the conference.
“The Internet Security Alliance is just one example of industry coming together to influence policy on issues of cross-industry importance such as taxes and regulation - there is long precedent of companies coming together to influence the outcomes. If we can do that to protect our bottom lines, surely we can do that to protect our business operations and perhaps our very existences. Because those are the stakes for which we are playing.”
Speaking to SC, Knowlton said that he was instantly in favour of the idea and added that the group's great differentiator is the lack of industry bias.
“My first thought was ‘this is brilliant, there is nothing like it in Europe,” he told SC. “Lots of [public body] organisations are more or less good but most are not cross-sector or multinational.
“Where we are at the moment we don't have a formal organisation, we're just getting people interested. It's more of a coalition.” He said that the group is currently sending out a cyber-security news bulletin to 70 to 80 large companies.
There are nine private companies currently in the group including Vodafone and other big (and unnamed) multinational firms from Germany, UK and Netherlands.
Knowlton says that most of these have strong presences in the financial services, insurance, telecommunications, automotive and network infrastructure sectors – but admitted that he's looking to broaden the group's horizons geographically.
“I am happy with the cross-section we've got and I think it's important to expand the geographical reach,” he added before continuing that he hopes to recruit companies from France, Spain and Italy – where he is based – in the near future.
“It's very important to be trans-country so that we're not limited to the usual suspects.”
Knowlton adds that the European group will have a similar role as to the US version – focusing on thought leadership, advocating public policy and raising security awareness – but says that US members will only be able to join the group as affiliate members. As such, they will not be on the board and this won't be able to influence the ‘steering' of the organisation.
The group is currently in discussions with the EU commission and national governments and adds that a formal launch will be announced in a press conference at the EU cyber security conference in Brussels later this month, where workshops have been set-up to contrast and compare the US NIST directive with the EU's own NIS scheme.
Knowlton cites the UK government's own CISP as a ‘step up' in information sharing and believes that trust will be the main selling point. “Fundamentally this thing is about trust; people will share information if in a trusted relationship”
Paul Nguyen, board member of the ISA and president of cyber threat intelligence firm CSG Invotas, said that the move makes sense in an age where international collaboration is required.
“Large, multinational European companies share many similar cyber-security challenges,” Nguyen told SC.
“ISAFE seeks to bring together the top security leaders from across European industry to provide a single, powerful voice on cyber-security best practices, the need for collaboration and what any regulation should look like to be practical and not just an increased cost to doing business.
“ISAFE is about how we can smartly weave security into our markets to protect our businesses and growth as well as the privacy of our employees and consumers, without facing burdensome regulation unnecessarily.