Protecting Critical Infrastructure
Malware. Data breaches. Insider threats. Cyber espionage. It’s not a question of if you will be attacked but when. In fiscal year 2016, ICS-CERT responded to 290 incidents with the energy sector accounting for 59 of those incidents. As cyber threats evolve, the oil and natural energy industry faces unique challenges with the increasingly interconnected delivery of services to a common consumer and supplier base.
To protect our nation’s critical infrastructure, the Oil and Natural Energy Information Sharing and Analysis Center (ONE-ISAC) was created to provide shared intelligence on cyber incidents, threats, vulnerabilities, and best practices to enhance security in the industry.
ONE-ISAC Mission
The mission of the ONE-ISAC is to serve as a central point of coordination and communication to aid in the protection of exploration and production, transportation, refining, and delivery systems of the oil and natural energy industry, through the analysis and sharing of trusted and timely cyber threat information.
The mission of the ONE-ISAC is structured around four cornerstones:
Four Cornerstones
Information
Facilitating information sharing for our members
The ONE-ISAC acts as a dynamic cybersecurity hub for members to communicate and coordinate against network and ICS cyber attacks. The ONE-ISAC enriches intelligence through analysis.
Get access to shared intelligence in near real-time, in a trusted and secure manner.
Confidentiality is essential in creating a secure and trusted environment. The ONE-ISAC employs the Traffic Light Protocol (TLP) for information sharing. Members have the option of sharing information either anonymously or with attribution. Only ONE-ISAC members receive information that is classified as TLP Green, Amber, Amber+Strict, and Red; non-members only receive information that is classified as TLP Clear.
Traffic Light Protocol for Sharing Information
Authorized information recipients
Recipients may not share TLP:RED information with any parties outside of the specific exchange, meeting, or conversation in which it was originally disclosed. In the context of a meeting, for example, TLP:RED information is limited to those present at the meeting. In most circumstances, TLP:RED should be exchanged verbally or in person.
Amber
+
Strict
Recipients may share TLP:AMBER+STRICT information only with members of their own organization on a need-to-know basis to protect their organization and prevent further harm.
Amber
Recipients may share TLP:AMBER information with members of their own organization and its clients on a need-to-know basis to protect their organization and its clients and prevent further harm.
Green
Recipients may share TLP:GREEN information with peers and partner organizations within their community, but not via publicly accessible channels. Unless otherwise specified, TLP:GREEN information may not be shared outside of the cybersecurity or cyber defense community.
Recipients may share this information without restriction. Information is subject to standard copyright rules.
Want to know more about our memberships?
Industry
Industry members are oil and natural energy companies.
Allied Partners
Trade and industry associations, ISACs and ISAOs, academic institutions, research organizations, and training providers.
Collaborators
Collaborators are companies that provide subject matter expertise as it relates to information technology and cybersecurity.