Michigan plans cyber analytics center
- By Matt Leonard
- May 03, 2017
Michigan is looking for new ways to use the state’s data on past cyber attacks to improve its security posture.
Speaking at the April 24 National Association of State CIOs conference, Michigan CIO David Behen said the state is planning to put out a request for proposals for a Cyber Threat Analytics Center.
“We have all of this historical data on cyber, and we have all of the threats and new stuff coming in every day,” Behen told GCN, adding that the goal is "to be able to merge the information from past and present and “use predictive analytics to predict where we think the next attacks will come from or where they will be.”
The new center is distinct from the already-operational Michigan Intelligence Operations Center, a fusion center that is run by the state police and focuses on gathering evidence for law enforcement investigations.
According to Paul Groll, Michigan’s deputy chief security officer, the Cyber Threat Analytics Center will “use feedback from sensors in our civilian network, coupled with threat feeds that we can purchase from vendors and … physical threat modeling” to determine where to look for potential cyberattacks.
The data will come from logs of firewalls, security appliances, intrusion detection devices and other systems with the state government’s network, Groll said.
The information will help the state develop playbooks that will lay out how to respond to different situations.
The plan is to expand data collection beyond government to “more critical verticals” like finance and utilities, Groll said. These industries would provide access to their data and, in return, would have access to the playbooks.
Groll said the state is currently looking for funding for the project and that the release of the RFP will likely have to wait until the of the next fiscal year, which starts in September.
Matt Leonard is a former reporter for GCN.