What is a Regional Security Operations Center (RSOC)?
As a specialized SOC, the RSOC is focused on the needs of a specific geographical region. It typically will provide cybersecurity services to local, regional and state entities, often offering real-time monitoring, alerts and incident response.
The University of South Carolina Aiken, for example, operates an RSOC that partners with small and midsized governments and municipalities. And the Bay Area Urban Areas Security Initiative’s Cyber Resilience Work Group has been exploring the idea of regional security cooperation.
The leading operational example comes from Texas, where DIR partners with public universities to help local governments address cyberthreats.
“We’ve got over 5,000 local government entities out there across the state. Many of them are under-resourced,” says Texas DIR Chief AI and Innovation Officer Tony Sauerhoff. An RSOC brings new muscle to the fight “quickly and most efficiently.”
Why Do RSOCs Matter for State and Local Government?
For state and local governments, data drives the need for an RSOC: Bad actors want it, and states have it in abundance.
“Data is absolutely the most desirable commodity in today’s digital world, and the state and local governments have everyone’s data in some form or fashion, stored somewhere on their networks,” Ruiz says.
A number of technologies come together to deliver cyber capabilities within the RSOC, starting with endpoint detection and response, along with network detection and response. “Those are going to be the bread and butter of an RSOC,” he says.
The RSOC may also leverage tools that support “credential monitoring on the dark web,” he says. “That’s important because credentials are the most sought-after item asset that threat actors look at. They purchase it daily.”
Artificial Intelligence may factor in as well: An RSOC may, for example, implement a user-centric machine learning framework for the cyber SOC. “For local government, the ability for AI to ingest data, correlate it, analyze it very quickly and then reduce false positives is a huge force multiplier,” Ruiz says.
In the Texas RSOC, the collaborative cyber effort requires “a combination of endpoint detection and response, along with network detection response, and then that’s all fed back into security information and event management, where they’re able to do correlations based on any indicators of compromise,” Wilson says.
Ticketing and tracking systems then help municipalities to collaborate. “Information sharing is a big part of it, and that goes in both directions,” Sauerhoff says. “When IOCs are discovered in one region, those things can help to prevent attacks in other regions of the state, or at the state level itself as well.”
Can an RSOC Help Governments Facing Limited Resources?
Local governments today face dwindling federal funds and have largely said goodbye to post-pandemic revenue surpluses. In these times of budgetary constraint, RSOCs can play a pivotal role.
Faced with tight budgets, “many local governments don’t have the ability to hire specialized cybersecurity staff. The RSOC brings that specialized talent,” Ruiz says.
Along with talent come the skills to access cutting-edge tools.
“A local government is not going to have the purchasing power that an RSOC has — and the RSOC has field tested these tools,” Ruiz says. “That makes the RSOC model one of the best ways to achieve scale in areas where local governments and even states might not be able to do it on their own.”
In addition to following the model of a state-run RSOC, regions can also stand up a “managed RSOC,” operated by a third-party solutions provider. This requires identifying a vendor that can pair robust cyber solutions with a strong understanding of state and local operations.
In Texas, the state manages the RSOC in partnership with regional universities. This approach brings added benefits in terms of workforce development.
“All of these students go work in the RSOCs and they get trained up to then go fill either private sector roles or roles across local and state government,” Wilson says.
