California is looking to get a leg up on cyberattacks with its new Security Operations Center, the state’s first cyber headquarters, launched in July.
Cybersecurity is a top concern for governments at every level, but confidence in defending against attacks is low. In fact, a recent survey by cybersecurity nonprofit (ISC)2 revealed that 53 percent of state and local government leaders feel less able to defend against a cyberattack compared to a year ago, largely because the ransomware and cyberattacks are rapidly changing.
States aren’t taking these developments lying down, however. In recent months, state governments have tried to practice new methods of bolstering their IT workforces by offering veterans, college and high school students cybersecurity training and calling on highly qualified civilians for back up.
But simply keeping up with threats isn’t enough. With an eye on staying one step ahead, the California Department of Technology launched its cybersecurity operations center, which will be a “major player in providing the protection against, detection of, and response to malicious activity targeting the California Government Enterprise Network (CGEN — which is the Statewide WAN) as well as IT systems owned and/or managed by CDT,” according to a blog post by CDT.
Standing Up an Effective Cyberdefense
California’s SOC will monitor for malicious activity 24/7 and 365 days a year, according to the blog post. And what makes it unique is that it is the first department that looks at statewide traffic from all of California’s .gov domains — websites for about 138 departments, agencies and branches, CISO Peter Liebert tells StateScoop.
“This is the first one that is addressing it from across that scope. The statewide network, known as the California Government Enterprise Network, handles about 70 to 80 percent of state web traffic, and so, it was a natural fit for the California Department of Technology to provide some protection and analysis so that any department or agency that is on CGEN is able to benefit from that,” Liebert tells StateScoop.
Alongside technology, the SOC calls on a staffing model that aims to mitigate the issue of attracting IT talent by employing both civilians and active duty military personnel from the California Military Department.
“As is widely known, acquiring and retaining IT security specialists is difficult due to the vast shortage of individuals with these skills and this innovative model allows for tapping multiple sources for those skills,” the CDT blog post notes.
The Road to Statewide Cyber Visibility
The CDT is launching the SOC in four phases over two years, which aims to provide it with the time necessary to link all agency and department systems together. According to the CDT blog post, the phases include:
The initial standup of the SOC with a focus on innovative protection/detection of the CGEN network.
Expansion of that protection/detection focus to cover the IT assets owned and/or managed by CDT.
Implementation of a pilot program with a partnering state entity who utilizes the SOC to monitor that entity’s IT assets.
Expansion of that pilot to other state entities who choose to opt in to those services.
Now in its second phase, Liebert tells StateScoop that the CDT is focusing on making machine-to-machine connections with the California Cybersecurity Integration Center, which is run by the California Office of Emergency Services.
“They act like the coordinating SOC for the state because they’re not just worried about state .gov domains, but they also have to worry about things like the education folks, and the city and municipalities’ critical infrastructure,” Liebert tells the site. “We act as a primary gateway for .gov domains and by linking our systems together, they're about to get a really good comprehensive threat intelligence view of all the .gov domains across the state.”
Going into phase 3, CDT will link the SOC to other agency and department platforms with the aim to establish visibility across the entire state. Ultimately, Liebert tells StateScoop that he hopes to “achieve 100 percent network and endpoint visibility” across California’s state systems.
And while stitching together all systems from 138 entities won’t be easy, Liebert says it will ultimately help to improve cybersecurity across the state while removing the burden from each individual agency.
“Now that we’re able to do a 24-by-7 perspective, soon we are able to provide continuous monitoring and prevention,” he tells StateScoop. “We’re covering the gate, and the departments and agencies now have to focus inward and try to get their houses in order. But they don't have to worry about that gate as much since we’ve got that covered.”