FB-ISAO: How We Got Here

By Andy Jabbour

TL;DR:

  • The idea of ISAOs was codified in 2015’s Executive Order 13691 and follows from the success of the ISACs, first developed in 1998.
  • The idea of FB-ISAO followed shortly after, and the initial undertaking began in late 2015.
  • Initially, the effort struggled and was reenergized in early 2018.
  • In May of 2018, FB-ISAO entered into its Initial Operating Capability phase, establishing capabilities, reporting, tools, and the community.
  • In May 2019, FB-ISAO is excited to enter the next phase of our operational development and organizational maturity as we transition to our membership model and enhanced engagement and capabilities.

Information Sharing and Analysis Centers (ISACs) got their start in 1998 through an executive order from then-President Clinton. Over the ensuing years, ISACs developed across critical infrastructure, each developing uniquely to its community – or Sector. As the model succeeded, and as the cyber threat landscape developed and became more threatening, in February 2015 then-President Obama issued Executive Order 13691, Promoting Private Sector Cybersecurity Information Sharing, which stated that, “The Secretary of Homeland Security (Secretary) shall strongly encourage the development and formation of Information Sharing and Analysis Organizations (ISAOs)… ISAOs may be organized on the basis of sector, sub-sector, region, or any other affinity, including in response to particular emerging threats or vulnerabilities.”

Having spent a few years in support of DHS, working with many of the ISACs, and then going to work directly for the ISAC community, I began to discuss the wisdom of this initiative with a few of my close colleagues and we pondered where this idea made sense. At first, we struggled, but over time, a few areas began to make sense. Among those, most notably to a couple of us was the community of faith. Based on a combination of our personal faith and concern over a vulnerable community, we determined to develop the Faith-Based Information Sharing and Analysis Organization, or FB-ISAO. By late 2015 we were developing the concept and working with trusted partners in government and industry to begin to gain support for the initiative.

Turns out, it was really hard. There simply wasn’t a lot of interest from the community and after several months of frustrated efforts, in summer 2016, we sadly decided to table the project until we could more deliberately pick it back up. Over the following year and change, one trusted partner moved on, but new opportunities brought new resources and new team members with a passion for their faith and the security of our country. After a few months of discussion, as 2018 began, we renewed the effort to develop FB-ISAO and in May 2018, the organization was formally established.


The Faith-Based Information Sharing & Analysis Organization (FB-ISAO) provides members with information, analysis, and capabilities to help reduce risk while enhancing preparedness, security, and resilience. We perform our mission across the all-hazards threat environment – including physical security, cybersecurity, public health, and natural disasters.


Underwritten by Gate 15 resources and personnel, FB-ISAO began its Initial Operating Capability phase, establishing baseline reporting and communications capabilities, reengaging with partners across government, establishing a trusted Advisory Board of leaders, and engaging the community of faith at events, through reporting, and other outreach. As we developed the community, we also continued to mature our capabilities, building on our start and, with good counsel from our Board and others, developed new tools, capabilities and a reasonable membership model that could be accepted by the community.

This year has seen tragedy and high-impact incidents to faith-based facilities and believers around the world and across the all-hazards threat environment. From the horrendous killings in New Zealand and Sri Lanka to our own nation with the hateful attack in San Diego, to high-dollar cybersecurity incidents and data breaches, the first few months of 2019 have underscored in a terrible way the very reason FB-ISAO needs to succeed.

As many organizations ponder their security posture and their readiness to meet the threats they face, to protect their facilities, their staff, those that come to work, those that come to worship and all those that come to seek God and find the fulfillment in faith that is a vital part of our American story, we – as a community – must work together. With our partners in the private and public sectors, we must take the reasonable and responsible steps to understand the threats, assess the risks, and take appropriate preparedness and operational actions to support the National Preparedness Goal of: “A secure and resilient Nation with the capabilities required across the whole community to prevent, protect against, mitigate, respond to, and recover from the threats and hazards that pose the greatest risk,” especially as it pertains to Faith-Based Organizations.

As we progress into the next phase of our operational development and organizational maturity and transition to our membership model and enhanced engagement and capabilities, we hope to continue to grow our community, our collaboration, and the security and resilience of our nation’s community of faith. This will be a process, will take time, and will take commitment from the community itself. I hope many of you will join us. For the good of our country and for all who seek to serve and know God, FB-ISAO will continue to do everything we can to help FBOs “protect against, mitigate, respond to, and recover from the threats and hazards that pose the greatest risk” to our community and our way of life. We are stronger together. We are better together. I hope you’ll join us. We need leaders, we need collaboration – we need you to help our country and our community. Find out more at FB-ISAO.

Read more on membership from the link at left and below.