coindesk.com
The cryptocurrency industry, for years plagued by hacks and other malfeasance, has a new group dedicated to cleaning things up, headed by cybersecurity veteran Justine Bone.
Bone is the executive director of Crypto ISAC, the industry's first information-sharing and analysis center, essentially a hub for cybersecurity analysis. A leader in cybersecurity and cryptography for more than 25 years, she was the CEO of medical security research firm MedSec, where her work (in partnership with a short-selling hedge fund) led directly to the U.S. Food and Drug Administration recalling half a million pacemakers that were susceptible to hacking. The devices' manufacturer, Abbott (formerly St. Jude Medical), later issued a firmware update to patch the security holes.
The full roster of Crypto ISAC's founding members, who are providing financial support for the organization, will be revealed on-stage May 29 at CoinDesk's Consensus 2024 in Austin, Texas. Included in the list are two of the biggest exchanges, a major stablecoin issuer, one of the best-known custody firms in the field as well as many other household names in crypto.
“Up until now, there has not been a crypto ISAC and some people are surprised when they learn that,” Bone said in an interview with CoinDesk. “So a few years ago, some cybersecurity companies who were then joined by some other heavy hitters in the crypto industry, recognized this gap and started organizing."
About $1.7 billion was lost to hackers of crypto platforms in 2023, according to blockchain-sleuthing firm Chainalysis.
Bringing legitimacy
ISACs were introduced as non-profit organizations in the late 1990s to facilitate and legitimize information sharing around cybersecurity vulnerabilities and incidents between public sector and private sector organizations. They are often compared to neighborhood watch programs.
The unveiling of Crypto ISAC, which has been several years in the making, is something of a badge of honor, as it joins the crypto industry with many other established verticals that use information sharing to protect critical infrastructure, such as healthcare, retail, the financial sector, the automotive industry and many more.
Bone describes an ISAC as “a trusted intermediary that sort of sits in the middle of the conversation around security issues.” Typically these issues could be a heads-up about a new vulnerability in a type of technology, or an active incident underway, where practitioners need to hustle and collaborate to fix the problem, she said.
Bone served for years as a member of the Blackhat Review Board, the internationally recognized cybersecurity event series and provider of security research. She also worked as an information security lead at Dow Jones and Bloomberg, has advised several Fortune 50 companies and continues to serve on tech giant HP's advisory board.
Diverse membership
The organizers of Crypto ISAC run the gamut from "from crypto-native companies through to investors, government officials and cybersecurity solutions providers who specialize in crypto and Web3," Bone said.
The information-sharing protocol underpinning the platform is thoroughly vetted and already adopted by most other ISACs, she said. As well as having the necessary cybersecurity certificates, she said the Crypto ISAC will be "FedRAMP-ready," an important designation that qualifies an organization to deliver services to the U.S. government.
“We’re going to be setting up this platform in the next couple of weeks, so when we launch at Consensus, our members will actually have a platform they can log into and see this threat intelligence,” Bone said.