History

Our Origins

The Arizona Cyber Threat Response Alliance, Inc.  (“ACTRA”)  was  initially incorporated by Arizona  Infragard  in January  2013  as  an ‘independent operational  arm', designed  to address  the  increasing  cyber  threat  to  our  national  security.  As a stand-alone 501(c)(3) nonprofit corporate entity, ACTRA provides a neutral environment for developing an atmosphere of trust to facilitate mutual information  exchange  among  members.  ACTRA  Members  benefit from active participation in ACTRA, and volunteer board  members  set  policy that meets the  collective  and  individual  self-interest  of  all  members.  Points  of  Contact ("POC") within  public  and  private  businesses  and  government  bodies are  FBI  vetted  members  of  the 501(c)(3) Infragard. A diverse self perpetuating 13 Member Board  of  Directors,  representing  a broad range of experience and sector  diversity,  oversees  ACTRA's  affairs.  Member  organizations agree to support qualified individual volunteers who  wish  to  serve  on  the  ACTRA  Board. The C-Level and VSRT Technical forums serve as the ‘Think Tank’  for  assessing  cyber  threats  through a ‘hacker mindset’ lens that gets into the adversary’s  head.  In  turn,  a  ‘skunk  works  mentality’  establishes volunteer and advisory board driven 'out of the box solutions for information sharing  and  response’.  These solutions  recognizes legitimate priorities and align self-interest in responding to the  threat.  A  designated  ACTRA  liaison  officer  serves  as  the  point  of  contact  and  interface  between  the   members, the FBI, the U.S. Department  of  Homeland  Security,  the FBI's Arizona InfraGard Program and other agency stakeholders.

National Security / Risk Management Value Proposition

Empower essential private and public organizations themselves to provide a risk mitigation driven solution for the timely direct mutual exchange of/response to ‘victim non-attributable’ cyber information on a ‘need to share’ basis between and among participating private sector, public sector, law enforcement and intelligence organizations. The goal is to deliver a timely, cost effective, actionable individual and/or collective response to protect individual organization assets, improve our national security, and avoid unnecessary “info silos”. 

Stakeholder Problem

Information sharing resulting in actionable intelligence between our private and public sector membership and law enforcement/intelligence partners to protect critical infrastructure and corporate assets from the escalating cyber threat targeting our national security must improve. A compelling value proposition exists for improved information sharing in response to member organizations clear collective communication that ‘too little information is received too late’ from the law enforcement and intelligence agencies. This reality prevents an effective response to both real  threats, and hampers necessary two-way communication. The result is that organizations, and the United States both bear unacceptable risk and significant potential negative economic downside.

Solution

The solution lies in the private sector voluntarily taking the lead in initiating direct ‘grass roots’ information sharing between public and private organizations - 'without victim attribution' and with ‘appropriate safeguards’ - directly between and among vetted entities to achieve the desired outcome. Since public and private entities own the required information and should continue to retain that ownership,  through ACTRA serving as the hub for exchange they are in the position to affect change and gain the primary benefit.  In turn, law enforcement and intelligence agencies need for better access to information to respond to established and rapidly emerging national security threats will be satisfied through the recommended solution. A private sector driven initiative provides an optimal solution, but only if the process is driven directly by private/public sector Members for the benefit of the Members.

Information Security Strategy

Neither private/public sector organizations, nor intel/law enforcement agencies, will act against their own self-interest. Key barriers  to  information  sharing  generally  stem  from 'victim attribution' that can negatively impact public perception, among other considerations. For private companies this can also affect market value, provide a competitive disadvantage, create legal liability or raise anti-trust issues. The ACTRA framework provides a comfort level in this regard that includes the information sharing process itself masking attribution; strong non-disclosure agreements between parties; avoiding the  need  to  share  ‘Protected Critical Infrastructure Information’ (“PCII”), and aligning with existing state statutes, when appropriate.