The FS-ISAC at Twenty

The FS-ISAC (Financial Services Information Sharing and Analysis Center) was launched in October 1999 by Treasury Secretary Lawrence Summers. It was the first such entity. Many subsequent ISACs have used the FS-ISAC as their model. The idea for ISACs was part of the 1998 PDD (Presidential Decision Directive) on Critical Infrastructure Protection.

I was honored to be on the team that made the FS-ISAC happen. My biggest contribution was promoting its organizational structure, whereby the industry would own and run the ISAC, would interface with the U.S. Treasury Department, and would outsource the technology development and operation to a third party. My second biggest contribution was to be part of the group that withstood a push to close down the FS-ISAC during a difficult phase when the organization appeared to be stymied.

We started out originally with 14 institutional members—predominantly large financial institutions—of which my firm, Pershing, was one. I had personally put forward the idea of expanding membership by offering subscriptions that smaller institutions could afford, but was voted down by other members of the Board of Managers. Membership stayed flat at around 50 large financial institutions for several years in the early 2000s. It wasn’t until December 2003, when Treasury provided a $2 million infusion, requiring low-cost and no-charge memberships … see  … that the number of members spiked upwards. According to the FS-ISAC website, there are now some 7,000 member organizations in 50 countries. Still a long way from the 30,000 envisaged in Treasury’s press release, but certainly an orders-of-magnitude improvement over the original group of members.

As mentioned, the Financial Services ISAC was the first and among the most successful ISACs. Since then, many other ISACs have been created in other sectors both domestically and globally. In addition to being the model for other ISACs, the FS-ISAC has also spawned the FSARC (Financial Systems Analysis & Resilience Center), which was formed in 2016 for the purpose of taking a longer-term view.

The National Council of ISACs lists U.S. domestic ISACs from some 20 sectors (see ). This number does not include many ISACs formed in other countries.

As the FS-ISAC website states, at

“Over the last two decades, we’ve made cybersecurity intelligence sharing in financial services a global priority, growing our peer-to-peer network of trust to nearly 7000 member institutions around the world.”

This is a tremendous accomplishment—kudos to all involved—and I am so pleased that I played a role in the creation of the FS-ISAC. It is without doubt the highlight of my career. May they go from strength to strength.

Post a Comment

Your email is never published nor shared. Required fields are marked *