Colorado looks to flatten cyber learning curve for elected officials
- By Mark Pomerleau
- Mar 23, 2016
For newly appointed government officials, the cybersecurity learning curve can be straight up. Yet with the growing threat to agency information systems from attackers and the rising stakes associated with successful breaches, getting smart on cyber fast is critical.
Colorado Gov. John Hickenlooper hopes to address that knowledge gap in his state with the new National Cybersecurity Intelligence Center, which will be housed at the University of Colorado at Colorado Springs. The center aims to be the country’s foremost authority on cybersecurity research and development, training and education.
One of the things I was “struck by was that…[elected officials] were woefully ill informed…[on] how many different points of weaknesses there are and how serious the consequences are if one of those points of weaknesses is breached,” Hickenlooper said in a March 21 speech at the Wilson Center in Washington, D.C.
The National Cybersecurity Intelligence Center could be a place where elected officials could come and get a realistic and pragmatic education on cybersecurity and their roles within that environment. “We’re not trying to teach people how to write code…we want to have a place where those individuals can be brought up to speed very rapidly,” he said.
Besides the educational component, the National Cybersecurity Intelligence center will house a “cutting edge” research center where the private sector can invest in startups and a rapid response center.
Hickenlooper described the rapid response center as an independent non-profit, but also a trade association of sorts. “We want to make sure that across industries there’s an availability of immediate, rapid response. And our goal here is to create something where it’s really a non-profit with a dotted line to state government, a dotted line to the federal government but really kind of controlled by private enterprise,” he said.
According to Hickenlooper, many of the larger companies in Colorado have nowhere to turn if they’ve been hacked, except to their vendors. He sees the rapid response center as “an independent safe haven” where companies can get help from a trusted source.
Additionally, the governor described the center as a place where Colorado’s private-sector cybersecurity experts could “spend two months or three months .. and learn the latest of what’s going on but also share their information what they know.”
Colorado’s effort is a great first step, especially if services will be offered to smaller municipalities, Peter Romness, cybersecurity programs lead for U.S. Public Sector at Cisco, told GCN. Ohio and Indiana are taking similar measures to create cyber resource centers and use education centers -- paired with universities -- to build the skills of citizens to create jobs, he said.
Cybersecurity talent has become a bigger talking point among the National Association of State CIOs, Monzy Merza, director of cyber research and chief security evangelist at Splunk, told GCN. According to Merza, one of the biggest challenges in cybersecurity today, especially at the state level, is a dearth of human resources -- and he said that the Colorado initiative could help address this concern.
Similarly, Hickenlooper was hopeful that the incoming chairman of the National Governor’s Association, Virginia Gov. Terry McAuliffe, would make cybersecurity a top agenda item. “Each year a governor can pick a field or a space in which to try and create an impact, and I think it’s a high probability… it’ll be cyber, which again, I think will be good for the country,” he said.
Colorado’s center, which does not officially open until April 1, named retired Army Lt. Gen. Ed Anderson as interim executive director.
Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.