Official Edubilla Blog

The retail industry's R-CISC has been up and running for four months now and is looking for more retailers to sign up.

When a threat alert arrived about a new malware threat during a recent industry gathering of retailers, a group of them immediately left the room to check in with their home networks. The intel came in the form of an email via the retail industry's new intelligence-sharing program, the Retail Cyber Intelligence Sharing Center (R-CISC).

"We happened to be having a meeting... and someone got intel on some malware. Immediately, people got up [and left the room] and checked on their systems and detected it," says Suzie Squier, senior vice president of the Retail Industry Leaders Association (RILA), which spearheaded the formation of the R-CISC. 

R-CISC, which RILA announced back in May, has been up and running for about four months now, gradually ramping up to 100 member retail organizations participating in the industry's information sharing and analysis center (ISAC). Target, American Eagle Outfitters, Gap, JC Penney, Lowe's Nike, Safeway, VF, Walgreens, and other major retailers, sit on the board of directors of the R-CISC, a portal-based threat intelligence-sharing platform for retailers that includes feeds from government and other industry sources, and provides threat analysis. It's open to all retailers -- not just RILA members -- including small merchants and online-only e-commerce sites.

R-CISC also offers education and training for participants, and shares threat information with the US Department of Homeland Security, the US Secret Service, and the FBI.

Calls for an official threat intel-sharing mechanism for the retail industry intensified in the wake of Target's epic data breach late last year. The retail industry at the time had no formal threat and attack intelligence-sharing mechanism like financial services, the defense industrial base, and other industries have, and concerns arose that the industry was being blindsided by attacks and malware.