ConnectWise takes lead organizing global threat intelligence sharing body for solution providers

CompTIA is on board with the new TSP-ISAO for public-private information sharing and analysis specifically focused on threats impacting solution providers, while ConnectWise has issued a call to action for others to join the organization.

John Ford, ConnectWise’s CISO

ConnectWise has announced they have taken the lead in creating the Technology Solution Provider Information Sharing and Analysis Organization [TSP-ISAO]. It’s a global organization designed to serve as the focal point for all threats specific to TSPs. ConnectWise emphasizes that the organization will be run by a broad membership, not by themselves, and has invited other organizations to join.

While the TSP-ISAO is specifically American in terms of the apparatus of the non-profit structure created to manage its activities, its activities will be global, and so of direct relevance to Canada and other geos outside the US.

“Years ago, we recognized that cyber threat information from government wasn’t making it to the private sector, and private sector information didn’t get back to government,” said John Ford, ConnectWise’s CISO. “So industries created ISACS –Information Sharing and Analysis Centres – around key infrastructure sectors like the power grid, water, mining and  financials. There are about 20 of them today. Some sectors don’t fit into critical infrastructure, but it is still important to share information within them, because they are being targeted by bad actors. So ISAOs came to be.”  In 2015, President Obama issued an Executive Order directing the Department of Homeland Security to encourage the development of ISAOs, and many industries began forming their own ISAOs.

Until, now, none have been formed for the IT industry. Last October, the U.S. Department of Homeland Security [DHS] issued an alert warning of advanced persistent threat activity exploiting MSPs, CSPs, and MSSPs to gain access to their customers’ networks. DHS recommended that these Technology Solution Providers share and respond to cyber risk in as close to real-time as possible.

“These kinds of organizations all share the same goals about protecting against global cyberthreats, but being able to curate information around a specific sector allows us to get very specific,” Ford said. “The health care ISAC, for instance, doesn’t care about threats to airports, but just about threats to health care. These organizations work like a bucket brigade fighting fires, sharing threat intelligence information, directly between the public and private sector.”

Ford emphasized that ConnectWise’s role in initiating the TSP-ISAO is to get it started, not to make it their own vehicle.

“The goal is that eventually it will be owned and run by the members who joined the ISAO,” he said. “The goal of these things is not meant to be run by a member, or even by a non-profit like CompTIA. Somebody has to take the lead in standing it up to get it started. We will do the initial co-ordination and funding, and seek grants from external people.  There is a charter and a structure to an ISAO from the execute order. It’s a legal entity. In the beginning, we assemble a good strong board of directors.”

Ford pointed to the national credit union ISAO as an example of how this process unfolds.

“If you go to their site, you would never know from it who the initial supporter was,” he said. “You see many members and sponsors, but one company did take the lead in getting it going.”

CompTIA is fully on board with the ConnectWise initiative.

“CompTIA applauds the goals of the TSP-ISAO to address the information shortfall by creating a real-time actionable platform,” said Todd Thibodeaux, CompTIA’s CEO, in the press release announcing the ISAO’s formation. “We look forward to supporting the work of this vital new group.”

“We are pleased CompTIA stepped forward, and we expect to see others come forward as well,” Ford said. “They have breadth of expertise in the channel and can make sure that the availability of this becomes known. It’s not about competition. We expect to see our nominal competitors step forward and join us in this.”

The technology that ConnectWise acquired last year with Perch Security will play a key part in the TSP-ISAO’s activities. The threat intel platform it uses is powered by Perch. This will automate the sharing of intel and allow all members to see the threat intelligence. The cost for this is included within the ISAO membership.

“We made the announcement as a plea to the industry to get involved,” Ford said. “Since it was announced, we have had dozens of people contacting us with interest.  Jason Magee [ConnectWise’s CEO] has been constantly on the phone including with competitors. There has been more interest than I thought.”

More details on the TSP-ISAO will be revealed at ConnectWise’s IT Nation Connect 2019in Orlando, between October 30 and November 1.

“At Connect, we will be able to announce the Board of Directors structure, the composition of the membership team, and how we are going to structure meetings and the agenda to get the ball rolling,” Ford said. “The early adopters will be announced. You will see a message from us that it is open, not a ConnectWise endeavour. We are doing this along with the community for the greater good.

More information about the TSP-ISAO can be obtained at info@tsp-isao.org.