The ISC evolved from "Incidents.org", a site initially founded by the SANS Institute to assist in the public-private sector cooperation during the Y2K cutover. In 2000, Incidents.org started to cooperate with DShield to create a Consensus Incidents Database (CID). It collected security information from cooperating sites and agencies for mass analysis.
On March 22, 2001, the SANS CID was responsible for the early detection of the "Lion" worm attacks on various facilities. The quick warning and counter-efforts organized by the CID were instrumental in controlling the damage done by this worm, which otherwise might have been considerably worse.
Later, DShield was integrated closer into incidents.org as the SANS Institute started to sponsor DShield. The CID was renamed the "Internet Storm Center" in acknowledgement of the way it uses the distributed sensor network similar to the way a weather reporting center will detect and track an atmospheric storm and provide warnings. Since that time the ISC has expanded its monitoring operations; its website cites a figure of over twenty million "intrusion detection log entries" per day. It continues to provide analyses and alerts of security threats to the Internet community.
During the last hours of 2005 and the first weeks of 2006, the Internet Storm Center went to its longest period at the time to "yellow" on the Infocon for the WMF bugs.
The most prominent feature of the ISC is a daily "Handler Diary" which is prepared by one of the 40 volunteer incident handlers and summarized the events of the day. It frequently is the first public source for new attack trends and actively facilitates cooperation by soliciting more information to understand particular attacks better.
The Internet Storm Center is currently staffed with approximately 40 volunteers, representing 8 countries and many industries.