Security

States Build Security Operations Centers Through University Partnerships

The availability of student workers also helps to fill a government IT skills gap.

Tony Sivore is director of state and local government sales for CDW•G.

When Indiana established a security operations center in 2015, it turned to Purdue University for help. The state and the university already were working together through the Indiana Information Sharing and Analysis Center, and Indiana chose Purdue to host the SOC to share threat information and develop strategies for cybersecurity response.

The SOC “provides real-time network monitoring, vulnerability identification and threat warnings of state government computer systems,” the university says. It is staffed by state employees and Purdue students. Together, they monitor Indiana’s government networks. The students receive placement through the Purdue Pathmaker Internship Program. The program places students, often computer science majors, in entry-level positions in Purdue Research Park, home to the SOC.

The students help resolve low-level issues, according to the university, and they work under the direction of state employee managers. The state employees, who work for the Indiana Office of Technology, deal with high-priority alerts and sensitive information.

Click the banner below to get access to a customized content experience by becoming an Insider.

With this model, Indiana gains valuable resources through qualified assistance in a career field that state governments often struggle to staff. By partnering with a university for its SOC, Indiana taps the school’s resident brainpower and harnesses eager young talent to fulfill a big need. It’s the sort of partnership that goes a long way toward fortifying cybersecurity, while granting important experience to the next generation of security professionals. Experts across the industry agree that it is a powerful tactic.

How State and Local Governments Can Address the IT Skills Gap

The Center for Digital Government recently determined that state and local governments must overcome obstacles to carry out their cybersecurity strategies. In a CDG survey of state and local officials, 46 percent named a lack of a skilled cybersecurity workforce as their top challenge. Forty percent identified challenges with integrating security tools, and 36 percent said they were unable to rapidly respond to threats.

EXPLORE: How state and local governments are keeping the public sector safe.

The National Governors Association is well aware of an IT skills gap among state governments. In 2021, the NGA stood up its latest cybersecurity policy academy, tapping Montana to host sessions on cybersecurity workforce development, which concluded in January.

“The opportunity to collaborate with other states to implement best practices and enhancements to advance our cybersecurity workforce will pay dividends by creating a job pipeline while assuring Montanans their data is protected,” Montana Director of Administration Misty Ann Giles said in a press release.

The opportunity to collaborate with other states to implement best practices and enhancements to advance our cybersecurity workforce will pay dividends by creating a job pipeline while assuring Montanans their data is protected.”

Misty Ann Giles Montana Director of Administration

The Role of Collaboration in Government Cybersecurity

The National Association of State Chief Information Officers recommends greater collaboration between states and public institutions of higher learning to improve government cybersecurity.

In 2020, NASCIO reported that only 24 percent of state colleges and universities collaborate extensively with state governments on cybersecurity; 63 percent reported limited collaboration. Similarly, 27 percent of community colleges reported no collaboration.

REVIEW: Keeping higher education safe in blended learning environments.

In the 2020 report, NASCIO updated a call for states to team with higher education. “CISOs should consider leveraging public-private partnerships and collaborations with local colleges and universities to provide a pipeline of new talent,” NASCIO says in the report. State CISOs should turn to colleges and universities to build this pipeline through internships, co-ops and apprentice programs. They also should work together to improve digital services across states.

How Hands-On Experience Can Strengthen Cybersecurity

In April, the Texas Department of Information Resources said it would set up a regional SOC in partnership with Angelo State University. The SOC will provide real-time network security monitoring in an initiative to detect and respond to network incursions. The regional SOC, or RSOC, will be available to help local counties, municipalities, utilities and other public sector entities with cybersecurity operations.

As Government Technology reports, “While not specifically mentioned in the enacting statute, Senate Bill 475, a crucial element of the RSOC is engaging students to participate in providing RSOC services, giving them valuable hands-on experience while offsetting staffing costs.”

LEARN ABOUT: The best IoT security practices certain states are adopting.

“The RSOC will also offer network security infrastructure that local governments can utilize and give university students hands-on experience to strengthen the cybersecurity workforce of tomorrow,” Angelo State said in a press release.

If successful, Texas will duplicate the RSOC structure across 11 additional districts. It’s a model for every state government to consider.

This article is part of StateTech’s CITizen blog series. Please join the discussion on Twitter by using the #StateLocalIT hashtag.