(Adds comment from security expert, background on industry
BOSTON, April 14 U.S. retailers are planning to
form an industry group for collecting and sharing intelligence
about cyber security threats in a bid to prevent future attacks
in the wake of last year's big attack on Target Corp.
The National Retail Federation said on Monday it will
establish an Information Sharing and Analysis Center, or ISAC,
for the retail industry in June.
ISACs are industry groups that typically run security
operations centers that operate around the clock, providing
alerts about emerging threats to their members and sharing
information provided by law enforcement and other government
They are set up under terms of a 1998 U.S. presidential
directive to foster sharing of security information between the
public and private sector.
There are more than a dozen such organizations among
industries including financial services, emergency services,
healthcare, technology companies, public transportation and
The financial services industry ISAC, which is widely
considered the most successful group of its type, will help
retailers set up the new organization.
Retailers have been under pressure from Congress and
consumers to bolster security since the attack on Target, which
resulted in the theft of some 40 million payment card numbers
and another 70 million customer records, which were uncovered
late last year.
After the breach was uncovered, retailers privately
complained that they had difficulty obtaining information from
law enforcement about what had happened and how to thwart
In January, the Department of Homeland Security produced a
report titled "Indicators for Network Defenders" that contained
information about its secret investigation into the Target
breach. It was released through the Financial Services ISAC and
other routes, but some retailers had trouble obtaining it
because the industry lacked an established group for sharing
information on cyber threats.
The new ISAC will also allow retailers to share tips on
fighting hackers, which the industry hopes might prevent future
attacks and make consumer data more secure.
"It will allow them to talk to each other about things are
hitting them, to know quickly if other people are experiencing
the same things and if they've found good defenses that they can
tell each other about," said Alan Paller, founder of SANS
Institute, a non-profit group that trains security
(Reporting by Jim Finkle; Editing by Cynthia Osterman and Chizu