Retail’s Cybersecurity Center Adopts Intel-Sharing Portal

A retailers’ group formed to share cyberattack and threat information has launched a portal to speed up its ability to spread that information in the face of rapidly escalating attacks on payments and other retail data.

The Retail Cyber Intelligence Sharing Center (R-CISC) said on Tuesday (March 24) that it created the portal as part of its effort to prevent data breaches by sharing cyberthreat information between retailers and with law enforcement, the Department of Homeland Security and other stakeholders.

The R-CISC group was launched in May 2014 by the Retail Industry Leaders Association and about 50 major retailers, including Target, Walgreens, Gap, J.C. Penney, Lowe’s, Safeway, American Eagle Outfitters, Nike, and VF Corp. The not-for-profit group was assembled in the wake of the massive holiday-season breach of Target in late 2013, which resulted in exposure of payment data of 40 million customers.

The new retail threat-sharing portal will be managed by the Financial Services Information Sharing and Analysis Center (FS-ISAC), which has been running its own threat-sharing service for banks and other financial-services companies since 1999.

“The formalization of the sharing portal supported by the FS-ISAC is an important step in the evolution of retail cyber threat information sharing,” R-CISC Executive Director Brian Engle said in a prepared statement. “The R-CISC portal will substantially increase the efficacy of the information sharing already underway by contextualizing, prioritizing and cataloging the information shared between retailers, other industries and law enforcement.”

Along with making it easier for retailers to report threat information that they uncover, the portal will allow retailers to receive intelligence from law enforcement, government agencies and key partners. It’s also intended to help provide security education and research offerings for retailers.

Having the more experienced FS-ISAC run the retail threat portal also paves the way for the use of Soltra Edge, an automated threat-intelligence platform developed by FS-ISAC subsidiary Soltra, as well as the chance for better links between retailers and payment-industry financial players such as card-issuing banks.