N.C. Information Sharing & Analysis Center

The mission of the North Carolina Information Sharing and Analysis Center, or NC-ISAC, is consistent with the objectives of the National Strategy to Secure Cyberspace: to provide a common mechanism for raising the level of cybersecurity readiness and response in state and local governments.

Part of the Multi-State Information Sharing and Analysis Center, the NC-ISAC provides a central resource for gathering information on cyberthreats to critical infrastructure from state agencies and providing two-way sharing of information between and among the state agencies and with local government where permissible.

Objectives

  • Disseminate early warnings of cyber system threats
  • Share security incident information
  • Provide trending and other analysis for security planning
  • Distribute current proven security practices and suggestions
  • Promote awareness of the interdependencies between cyber and physical critical infrastructure, as well as between and among the different sectors

Structure

The NC-ISAC is operated by the N.C. Department of Information Technology, Enterprise Security and Risk Management Office Information Protection team at the direction of the state chief information officer and state chief information security officer.

The Information Protection team is strategically aligned to facilitate NC-ISAC coordination as the primary abuse complaint receiver and single point of contact with law enforcement on all NCDIT-operated and assigned network IP addresses.

The NC-ISAC Information Protection team is also responsible for cybersecurity incident response within the executive branch of state government, as well as the timely dissemination of cybersecurity threats and warnings.

NC-ISAC Services

  • Distribute cybersecurity advisories and bulletins
  • Cyber incident response and assistance to NC-ISAC members
  • Operate NC-ISAC secure website
  • Participate in cyber exercises such as the national Live Wire and Cyber Storm exercises
  • Adhere to cyber incident reporting statutes
  • Support and promote National Cybersecurity Awareness Month
  • Access to the NC-ISAC Contacts Database through the US-CERT web portal
  • Distribute tools, software and brochures provided by the MS-ISAC
  • Represent all NC-ISAC members at the yearly meeting of the MS-ISAC
  • Collaboration with third parties when necessary on behalf of the NC-ISAC

NC-ISAC Cyber Analysis Center

The NC-ISAC Cyber Analysis Center receives, vets and correlates information about vulnerability, threat and other significant cyber-related events. Relevant and significant information is then redistributed to the entire membership. Before redistribution, information is analyzed to incorporate a “value add” – in other words, incorporation of additional information regarding mitigation strategies or interim steps that can be taken to protect the infrastructure. These advisories are then distributed to the members.

NC-ISAC Common Cyber Alert-Level Procedures

The NC-ISAC has adopted a common Cyber Alert Indicator Protocol to ensure consistency in cyber alert levels across members. This protocol provides an indication that a member who has posted their cyber alert level at “Guarded” has met certain criteria that meets this cyber alert level.

NC-ISAC Cybersecurity Incident Reporting Procedures

By General Statute, North Carolina executive branch agencies are required to report cybersecurity incidents to the state chief information officer.

Information from these reports is used to provide trending on cybersecurity threats as well as determine the need to notify NC-ISAC members of possible large-scale malware outbreaks or cyberattacks. Monthly reports listing all reported cybersecurity incidents are provided to the Office of the State Auditor in compliance with an agreement between the state chief information officer and the state auditor.

Non-executive branch members of the NC-ISAC may voluntarily report cybersecurity incidents if they feel the information will be a benefit to all members for trending purposes or if the member needs assistance from the NC-ISAC to facilitate passing the information to the Multi-State Information Sharing and Analysis Center for complete analysis.

Any information received through voluntary or mandatory reporting will be redacted to eliminate the possibility of identifying the submitter if the information is deemed valuable from an awareness standpoint and redistributed to all NC-ISAC members.

Report Cybersecurity Incidents

  • Contact the Information Protection Team:

Albert Moore 919-754-6245
Group email (security@its.nc.gov)

  • Contact the NCDIT Service Desk for immediate assistance:
  • Create a service ticket in the NCDIT Service Portal.
    800-722-3946
    919-754-6000