After a cyberattack, state and local governments possess massive amounts of data that can be mined for insights. This data can be used to create a better defense for state and local government networks, and hopefully mitigate future attacks.
Thanks to a 2011 cyberinitiative by Gov. Rick Snyder, Michigan has begun investing heavily in state information sharing and analysis centers, aiming to “exchange actionable intelligence and data between the state and critical industries,” according to the Pell Center’s 2015 State of the States on Cybersecurity report.
The state has also established the Michigan Intelligence Operations Center, which functions as a venue to collect, analyze and disseminate real-time cyberthreat intelligence for state, local and federal agencies as well as private-sector partners.
Keeping up with threats and evolving technologies remains a challenge for state and local governments, but by incorporating data analytics and new technology that can disseminate actionable intelligence before an attack even occurs, a data analyst can be the new tool in a state’s cybersecurity toolbox.
Rajiv Das, Michigan’s chief security officer, spoke with StateTech about how the state is incorporating data analytics into its cyberstrategy and how data sharing is proving useful in preparing for the future of cybersecurity.
STATETECH: How are you investing in data analytics or employing data analysts to create a more robust cybersecurity strategy?
DAS: We are absolutely investing in data analytics — we call it cyberanalytics. It will prove to be a key initiative for the next two to three years.
The state of Michigan collects tons of data on a day-to-day basis based on cyberthreats, active log monitoring, etc., so that we can have actionable intelligence to mitigate against a cyberattack. We are fortunate enough to have some folks working for us who have expertise in analytics, and we have also worked closely with our partners to develop a robust and comprehensive plan. Our partners are mainly consulting partners — including the University of Michigan, the Michigan State Police and others — that can help us stay the course, develop strategy or assist with implementation as we begin embarking on a robust cybersecurity plan. That allows us to lay a really good foundation for the use of cyberanalytics.
The challenge is that the technology and platforms are changing very rapidly in this area. In working with our partners and internally, we are doing our due diligence and working to ensure we pick the right technology.
STATETECH: Why do you feel that cyberanalytics is an important part of your cyberstrategy right now?
DAS: Cyberanalytics will become a major initiative for us over the next three years. It will help us create actionable intelligence from the data we gather so that we can mitigate attacks in a predictive, rather than reactive, fashion.
We would like to be in a position where we can predict a problem and prevent it. Not only that, but we want to work with our partners very closely — the Michigan State Police, the National Guard and others — to collaborate and share data that can help us develop strategies to protect against future attacks. That is why this program is critical.
We have a systematic, phased plan that we are initiating. The phase we are currently in is laying the foundation that will allow us to collect the data in a methodical format using a Big Data engine.
STATETECH: How have you been investing in information sharing and analysis centers to disseminate timely cyberthreat intelligence?
DAS: The first step in our information sharing and analysis strategy is sharing data with our in-state partners. We have several centers, one of which is our security operations center, which collects data and shares it with our partners. We also have partnerships with the Michigan State Police and the Michigan Cyber Civilian Corps [MiC3], a group of trained cybersecurity experts from the government, education and business sectors that volunteer to aid the state in rapidly resolving cyberincidents. These organizations always share data as needed, including cyberstrategy and analysis.
The second step is that we will associate ourselves with federal agencies or across states, to share data even further. This is the step we are working on right now.
Also, Michigan is a part of the FEMA Region 5, which consists of the six states that border the Great Lakes — Illinois, Indiana, Minnesota, Michigan, Ohio and Wisconsin — that can share information based on established protocol. There is a lot that can come from sharing information across states and agencies that enables us to be more prepared as well as reduce costs and improve services to the citizens.
STATETECH: Do you currently incorporate metrics and reporting frameworks to assess how well your cybersecurity strategy is working?
DAS: We do collect data and metrics, but we have not perfected this. We have a public dashboard that we use to collect and report the metrics, including the risk of lost or stolen equipment, malware from internet activity, and denied connections. We also use the dashboard to report on the state’s cybersecurity initiatives, such as database encryption or our cyberdisruption response strategy.
We are in the process of refreshing this, because the metrics that were important several years ago when we first instituted the dashboard may not be relevant now. Once it is approved by the chief information officer and governor’s office, we will release a new dashboard on our website.
STATETECH: How do you go about learning from the Big Data you collect?
DAS: We have two programs that make use of the information will collect in our cyberanalytics program. In the past two years, we introduced our enterprise information management program, which has created several artifacts related to data sharing and data classification. Our cyber department is right now in the process of introducing one of the data projects, where we can start using the outcomes.
Going forward, we will likely use some techniques, such as machine learning, that can help us to better analyze who is connecting to our network, enable us to extract the data and eventually make use of it as actionable intelligence. Right now, we are in the first phase.
STATETECH: How have you worked to attract talent and advance workforce development to ensure more people are trained in data analytics and cybersecurity?
DAS: Based on Gov. Snyder’s initiative and direction, we plan to play a role in strengthening the science, technology, engineering and math initiatives in the state. We have a North American Cyber Summit every year, in which we hold a High School Cyber Challenge that promotes students’ interest in cybersecurity. Approximately 80 high school teams participate.
We would also like to be part of the STEM education program that the state is kicking off. Michigan cybersecurity would like provide assistance with developing curriculum that can create awareness and focused effort in this area.
Last, there is a regional collaboration of public universities that is kicking off this year as well, and we are looking to be a part of that too. This initiative, called the Regional Cybersecurity Education Collaboration, encourages the higher education community to collaborate with private partners to address the state’s cybertalent gap.
We also rely on MiC3 as the volunteer firefighters for cybersecurity in our state to promote cybersecurity across Michigan.