The Department of Homeland Security is offering access to free managed security services as part of a renewed push for states to adopt new NIST cybersecurity guidelines.
The Department of Homeland Security is rolling out a plan to offer states and territorial government organizations a set of free managed security services, including intrusion detection and prevention, netflow analysis and firewall monitoring.
The services will be provided by the Center for Internet Security’s Multistate Information Sharing and Analysis Center (MS-ISAC), a 24x7 operations center that provides real-time network monitoring, threat warnings and incident mitigation and response.
The plan is part of a multipronged effort to boost government threat information sharing and cooperation called for in the National Institute of Standards and Technology’s Cybersecurity Framework, a set of voluntary guidelines released by NIST in February to promote the protection of critical systems and management of cybersecurity risk.
Phyllis Schneck, DHS deputy undersecretary for cybersecurity for the National Protection and Programs Directorate (NPPD), said making the managed services available and adopting the NIST framework a key step making local government information systems secure.
“The adoption of the framework will encourage longer term risk-based planning and better security overall – this is a win-win and we are excited to be able to provide such tactical assistance to our state and territorial stakeholders,” she said in a recent blog post.
To help promote the use of the NIST framework and coordinate projects to strengthen information sharing, DHS this February launched the Critical Infrastructure Cyber Community (C3) Voluntary Program, which will help coordinate critical infrastructure operations, DHS said.
In its first year, the C3 Voluntary Program will focus on engaging with “sector-specific agencies,” including the defense industrial base, energy and emergency services sectors to adopt the NIST framework.
Later phases of the program will “reach out to all critical infrastructure (groups) interested in using the framework,” according to DHS.
The C3 program will also encourage the critical infrastructure community to “manage cybersecurity as part of an ‘all hazards approach’ to enterprise risk management,” according to DHS.