Cybersecurity organizations announce new first responder credentialing program

CISA and the ISA Global Cybersecurity Alliance are working together to certify first responders for cyber incidents.
Written by Jonathan Greig, Contributor

Cybersecurity companies and organizations are banding together to create a cybersecurity first responder credentialing program designed to support both large and small organizations dealing with cyber incidents. 

The ISA Global Cybersecurity Alliance is working with CISA on the effort alongside the Incident Command System for Industrial Control Systems (ICS4ICS) and more than 50 other cybersecurity companies, universities and corporations. 

The groups will be incorporating FEMA's Incident Command System framework for response structure, roles, and interoperability, according to a statement from ISA. 

Deloitte, Dragos, Ford Motor Company, Fortinet, Honeywell, Johnson Controls, KPMG, Nozomi Networks, Pfizer, Tenable, CyberOwl and Idaho State University are just a few of the organizations involved in the ISA Global Cybersecurity Alliance. 

"For many years, we've needed ICS4ICS, to enable collectively organized cyber and physical responses in a unified way. Credentialing cybersecurity first responders is an important milestone in this valuable public-private partnership," said ISAGCA Advisory Board chairperson Megan Samford, 

Samford, who is also chief product security officer of Schneider Electric's energy management business, said the groups have "developed an adjudication process and certified our first four responders."

The first round of credentials were given to Samford, CISA branch chief of cyber defense coordination Mark Bristow, FireEye senior manager of industrial control systems Neal Gay and the US Army Reserve's Brian Wisniewski. 

"I'm proud to be one of them and stand ready to help companies recover from cyber incidents," Samford added. 

FEMA's Incident Command System framework is currently used in response to natural disasters, industrial accidents and other incidents while the ICS4ICS' methods are used by organizations to identify incidents, assess any damage, address immediate challenges, communicate with stakeholders and eventually resume operations. 

"The framework applies traditional Incident Command Systems best practices to cybersecurity incidents, ensuring common terminology and enabling diverse incident management and support entities to work together," the groups said in a statement.  

"ICS4ICS provides clearly defined command structures, including standard roles needed in a response, and the framework can scale to support small or extremely large-scale incidents that impact many organizations."

A committee within ICS4ICS will manage the adjudication process, which the organization said will involve applications and candidate evaluations by a panel of incident command system subject matter experts. 

"The proven approach is vetted by industry companies and subject matter experts and the program has significant value for small to medium sized entities that do not have the time, finances, or personnel to assign a full-time cyber response unit, but still need to develop plans and train employees accordingly," the groups said. 

Editorial standards