Cybersecurity partnerships: Strength in numbers
- By Susan Miller
- Mar 22, 2018
As the public sector wrestles with improving cybersecurity, some organizations are pooling their strengths and forming partnerships to better share threat information and provide tactical cybersecurity training to IT staff.
In North Carolina, the Department of Public Safety is partnering with the Department of Information Technology to form the Information Sharing and Analysis Center. Housed in the state's Bureau of Investigation, ISSAC will promote cyber awareness and information sharing, providing actionable cyber intelligence to private- and public-sector partners and citizens.
ISSAC will work with a number of federal, state and local partners including the North Carolina National Guard, Department of Homeland Security, FBI, U.S. Secret Service, Multi-State Information Sharing and Analysis Center, the State Bureau of Investigation and others.
Recent ransomware attacks like the one in Mecklenburg County in December 2017 and another in Davidson County this February highlight the need for a coordinated response to such threats, state officials said.
“This effort will help us to better guard against cyber threats and to increase information sharing of threat vectors and cyber actor actions across multiple state entities and boundaries," N.C. Department of Information Technology Secretary Eric Boyette said. "With the increased coordination and sharing of information will come an increase in the speed with which we can detect, identify and recover from cyber incidents.”
The secure campus enterprise
Cybersecurity information sharing across university enterprise networks will be easier with the launch of OmniSOC, a cybersecurity operations center that will provide real-time intelligence sharing and threat analysis for its five university members. A joint initiative of Indiana University, Northwestern University, Purdue University, Rutgers University and the University of Nebraska-Lincoln, OmniSOC's goal is "to help higher education institutions reduce the time from first awareness of a cyber security threat anywhere to mitigation everywhere for members," according to a news announcement.
Operating out of Indiana University, OmniSOC combines real-time security data feeds from its member campuses with governmental and corporate security subscriptions, and uses that information to identify suspicious and malicious activity, officials said. It then provides rapid incident response based on both human analysis and machine learning.
OmniSOC uses the Elastic Stack security analytics platform, a system for ingesting, correlating and analyzing vast quantities of information to detect cyber threats.
"With tens of thousands of students, faculty and staff, university campuses are really like small cities, with sensitive data and powerful computing systems that are coveted by cyber criminals," Tom Davis, OmniSOC founding executive director and chief information security officer, said in a statement. "While campus-by-campus approaches are essential, they are not sufficient for the sophistication of modern cyber risks."
"Higher education is for the most part an open environment, so we often see cyber crimes that others have not," Purdue University Chief Information Security Officer Greg Hedrick said. "By allowing us to monitor across higher education, OmniSOC helps to improve our capabilities to identify and react more quickly to these bad actors. My hope is that this information can be shared with others outside of our community in order to protect the entire ecosystem."
OmniSOC plans to scale up services and expand its membership to other universities.
Better cyber awareness
To tackle training and education, the University of West Florida's Center for Cybersecurity is partnering with the Florida Agency for State Technology to better prepare state personnel to detect and protect against emerging cyber threats. The program will offer hands-on training and educational courses using face-to-face, online and remote delivery, and will provide competency-based certifications to prepare state personnel for core cybersecurity work roles.
Initial training for IT staff began March 20 at the Florida Department of Revenue, focusing on cybersecurity awareness and fundamentals and will eventually cover cybersecurity incident management, network defense, operating system hardening, risk management, cloud security and other emerging topics.
The Florida Cyber Range and UWF Cybersecurity for All program will be used to provide training. The cyber range is a high-fidelity training environment can emulate the internet, replicate websites, integrate social media and support dynamic interjection of vulnerabilities. The program provides training on emerging topics via an online learning environment, customizable modules and hands-on activities using the cyber range.
“As the threats evolve, we must continue to train our information security and technology resources," AST Executive Director and State CIO Eric Larson said. "We hope our partnership with UWF will serve as a model for other states to not only provide advanced cyber training, but to offer on-going educational opportunities for state employees.”
Rhea Kelly, executive editor at Campus Technology, a sibling site to GCN, contributed to this story.
Susan Miller is executive editor at GCN.
Over a career spent in tech media, Miller has worked in editorial, print production and online, starting on the copy desk at IDG’s ComputerWorld, moving to print production for Federal Computer Week and later helping launch websites and email newsletter delivery for FCW. After a turn at Virginia’s Center for Innovative Technology, where she worked to promote technology-based economic development, she rejoined what was to become 1105 Media in 2004, eventually managing content and production for all the company's government-focused websites. Miller shifted back to editorial in 2012, when she began working with GCN.
Miller has a BA and MA from West Chester University and did Ph.D. work in English at the University of Delaware.
Connect with Susan at email@example.com or @sjaymiller.