ICT Supply Chain Risk Management Task Force
Conrad, Inc. represents the IT-ISAC on the Executive Committee of the ICT Supply Chain Risk Management Task Force. Established by DHS in November 2018, the ICT Supply Chain Risk Management Task Force is tasked with providing advice and recommendations to the U.S. Department of Homeland Security (DHS) and private sector owners and operators of ICT critical infrastructure on means for assessing and managing risks associated with the ICT supply chain.
IT SECTOR COORDINATING COUNCIL
Our President and CEO represents the IT-ISAC on the Executive Committee of, and served as Treasurer for, the Information Technology Sector Coordinating Council. The IT Sector Coordinating Council provides sector-wide, consensus-based recommendations to DHS and other government partners on policy issues impacting the IT Sector. We helped to establish the IT Sector Coordinating Council and remain the longest-serving member of its Executive Committee.
iNFORMATION SHARING HALL OF FAME
In September 2018, the IT-ISAC was inducted into the ISAO Standards Organization’s Information Sharing Hall of Fame. This award was given to the IT-ISAC for the totality of its contributions to information sharing since its founding in 2000. The IT-ISAC has been a client of Conrad, Inc. since 2006.
In 2019, the National Council of ISACs, which our CEO helped establish and served as an officer for, was awarded the "Hall of Fame" award.
COORDINATED VULNERABILITY DISCLOSURE
Conrad, Inc. manages the Industry Consortium for Advancement of Security of the Internet (ICASI), the industry’s leading forum for identifying and resolving multiparty vulnerabilities. Through this, we managed the global disclosure of the WPA KRACK Attack vulnerabilities. Conrad, Inc. also provides program management support to the FIRST Vulnerability Coordination Special Interest Group.
INFORMATION SHARING AND ANALYSIS
Conrad, Inc. provides daily and strategic management to the Information Technology – Information Sharing and Analysis Center (IT-ISAC). Conrad, Inc. has grown the IT-ISAC from a small community of U.S. based security vendors to a global forum of dozens of technology companies. We also worked with NTCA to build CyberShare, an information sharing forum for small broadband providers.
NATIONAL LEVEL CRITICAL FUNCTIONS
In 2008 – 2009 we led an industry-government effort to identify and assess risks to IT-Sector “critical functions.” This “functions based” approach to risk management was a first of its kind approach that emphasized the importance of the key functions or capabilities that the IT sector provides and manages, as opposed to a physical asset approach to security. In July 2018, DHS Secretary Kiersten Nielsen announced that DHS would adopt a functions based approach to develop a national risk assessment. Our team continues to serve in a leadership position as the IT Sector continues to refine and update its work to identify and manage threats to these critical functions.
EFFECTIVE PRACTICES DEVELOPMENT
The Conrad, Inc. team is active in developing and promoting voluntary, industry driven effective practices. Our work includes participation in the ISAO Standards Organizations working groups, development of the NIST Cybersecurity Framework, as well as program managing the development of the FIRST PSIRT and CSIRT Frameworks.