When it comes to cybersecurity, the more you share, the better the outcomes. The ground-breaking Critical Infrastructure Security Operations Centre, or CI-SOC, is a collaborative alliance that increases the overall resiliency of the region’s critical infrastructure. CI-SOC enables multiple partners to improve their individual and collective cybersecurity by coordinating threat intelligence to stop more attacks, detect attacks earlier, contain breaches faster, reduce breach impact and recover more quickly.
Multi-lateral Collaboration Agreement
Members agree on the foundational requirement to share and collaborate with CI-SOC members
If there is an incident that affects one member, all other members will help support them
Members agree to share existing IP and that any new IP will be for the mutual benefit of all members
Open to all critical infrastructure stakeholders
CI-SOC allows an organization to benefit from the sharing of capabilities across critical infrastructure sectors and government.
From detection to response
EBIOS RISK Management Method
Internationally recognized methodology to protect critical infrastructure and responsively address and treat risks
Includes contingency and continuous improvement plans to reduce business and cyber risk, plus detection/response synchronization
Threat intel repository service integration and subject matter expertise; used as key reference during EBIOS-based threat risk assessments
Malware Information Sharing Platform (MISP)
Open-source intel & multi-tenant, supported, federated threat intelligence sharing platform; also supports external feeds such as the GOC Canadian Centre for Cyber Security threat intelligence data feed
The EBIOS Agile Risk Manager is a client/server application developed by ALL4TECH that supports CI-SOC members’ risk management analysis. The CI-SOC’s architecture of implementation for this product consists of a cloud-based central repository accessible from client applications installed at the CI-SOC and its members’ environments.
Why this matters: Evaluating risk to your organization or operations is difficult. The CI-SOC has brought together the best platform and practices to produce a comprehensive risk view. Combine this with other CyberNB offerings, such as cyber insurance or comprehensive network scanning, for a complete risk-management approach.
Tenable is a world leader in presenting complex vulnerability data in ways that allow you to understand where to focus your resources. The key to understanding vulnerability is knowing what assets you have, and Tenable uncovers hidden assets through its proprietary algorithms. Alongside data collection is its remarkable ability to present complex data in easy-to-understand dashboards.
Why this matters: Too much data and a lack of asset awareness causes many organizations to underestimate risk. As a CI-SOC member, you will get a better understanding of how Agile Risk Manager and Tenable combine to give you a comprehensive picture of the risks that may threaten your enterprise or operation.
AWS provides an infrastructure and analytic fabric that produces leading indicators for compromise and better threat intelligence. AWS’s infrastructure lets members quickly ingest a variety of data types and use analytics to test and prove solutions. Instead of curating your own infrastructure, members can engage CI-SOC personnel to construct rapid prototypes.
Why this matters: Focusing on problems instead of infrastructure or analytic design saves you time and money. The relationship with CI-SOC flourishes when we understand your unique challenges.
MISP is an open-source malware information platform that gives members a unique way to exchange threat intelligence. Through the CI-SOC’s unique IP sharing agreement, members can collaborate on emerging cyber activities and coordinate responses. When one member shares data, it is important–when multiple members do, our collective security increases. MISP is a push-pull environment where members can use their own interfaces or download our containerized version of the platform.
Why this matters: By providing an open-source and containerized solution, members don’t have to buy new software and hardware. Plus, the CI-SOC provides an onboarding and training session to further reduce member expenses. And the push-pull design lets you focus on intelligence, events or analytics of interest.
Complete Critical Infrastructure Support
CI-SOC provisioned threat intelligence, Indicators of Compromise (IOCs) and advanced analytics–as well as advanced risk assessment methodology–will improve CI-SOC Alliance members by: