On 26 June, Cisco, IBM, Intel, Juniper and Microsoft announced the formation of the Industry Consortium for the Advancement of Security on the Internet (ICASI). The major goal of the consortium is to be a forum where technology vendors can work together to share information and address new threats that have common impacts across their product lines. This is markedly similar to the goals of another consortium that all five vendors belong to, the Information Technology Information Sharing and Analysis Center (IT-ISAC), established way back in 2001 and largely ineffective.

There are some differences, though. ISACs were always U.S.-centric with the U.S. government trying to be involved. ICASI is supposed to be more global, but since it is being established by North American vendors, there is no real difference there, but at least it is government-neutral. The IT-ISAC had many member companies that were security product vendors and security services vendors, while ICASI is currently limited to five of the biggest infrastructure vendors, with Oracle and Sun and any telecom vendors noticeably missing.

Back in 2001, I commented that the IT-ISAC could make a difference only if it was driven by the vendors' corporate security officers, not by product managers, and if it focused on inward-looking improvements in security and not outward-bound marketing and press releases. The IT-ISAC never really met those goals and was largely ineffective. ICASI will have to take the same behind-the-scenes focus, or it will end up being just another multivendor acronym that goes nowhere.