Paul Baltzell talking with students at Purdue University in West Lafayette, Indiana. Photo Credit: Graig Lubsen, Communications & Marketing Director, Indiana Office of Technology
Indiana state government is building a new Security Operations Center (SOC) to be housed at Purdue University in West Lafayette, Ind. The new security center, which will be called the Indiana Information Sharing & Analysis Center or IN-ISAC for short, is a central piece of Gov. Mike Pence’s cybersecurity upgrade plan that is being implemented over the next two years.
The new IN-ISAC will monitor and defend state systems and networks from cyberattacks and the new generation of cyberthreats faced by global governments. It will also help Indiana recruit and retain top young talent in the field of cybersecurity.
According to Indiana Chief Information Officer (CIO) Paul Baltzell, “The IN-ISAC will bring together Indiana state government network and security staff, our Indiana State Police Fusion Center, Indiana National Guard expertise, Purdue University security personnel and students as well as private sector experts from companies like Cisco and McAfee. We have developed a comprehensive cybersecurity upgrade plan covering all aspects of how we deliver services to the citizens of our great state.”
The overall security plan includes projects to improve and upgrade patch management, accelerate application migration off of end-of-life technology systems, provide enhanced outbound network traffic monitoring, provide computer network segmentation, enhance security awareness training, strengthen Indiana’s cloud computing options, as well as offer integration between the state of Indiana’s Network Operations Center (NOC) and the Security Operations Center (SOC).
Indiana CIO Paul Baltzell and Chief Information Security Officer (CISO) Tad Stahl are leading this upgrade to Indiana’s overall security programs, with an additional $25 million investment requested in the 2015-16 biennium budget, which requires legislative approval.
One major benefit of this new plan is the opportunity to build a pipeline of students who can enter government and gain experience in cybersecurity activities while still in school. Another benefit is the unique public-private partnerships which will allow private-sector companies to assist the state in staying current in the latest cyberstrategies and secure network architectures.
The students will be primarily used in a monitoring capacity, but there will be new opportunities for gaining experience in cyberforensics and network management as well.
Pending financing, the IN-ISAC is currently slated to open in September of this year.
Analysis of the IN-ISAC Announcement Breaking News
As far as I can tell, this unique strategy is the first comprehensive approach to cyberdefense in the nation that cuts across state and local government as well as Indiana’s public universities, while bringing in leading private-sector partners to assist. While several other states have announced (and even implemented) top cybertraining programs for their public and private sectors, the IN-ISAC will also integrate daily operations and real-time incident response to cyberevents from multiple business sectors.
This impressive plan brings together some of the best minds in the country from Purdue University’s excellent Cyber Forensics Lab and Purdue’s graduate programs in information assurance. Purdue University had been known as a leader in cybersecurity, with Eugene H. Spafford being recognized as a national expert in cybersecurity research.
According to Purdue’s website:
Dr. Spafford's current research interests are focused on issues of computer and network security, cybercrime and ethics, technology policy, and social impact of computing. He is the founder and executive director of the Center for Education and Research in Information Assurance and Security (CERIAS). This university-wide institute draws on expertise and research across many of the academic disciplines at Purdue.
Here is a brief video of Spafford at a CERIAS Symposium in 2014.
The timing of this announcement could not be better. With the Sony breach in December and the Anthem data breach just announced this week, the global attention on this topic of cybersecurity has never been higher. Also, the dialogue and showcase of workable solutions is about to ensue at the Cybersecurity Summit at Stanford University in California scheduled for next Friday.
In my view, this Indiana approach shows that Gov. Pence is serious about tackling the growing cyberchallenges by enabling the resources required to build a comprehensive and effective approach to cyberdefense. Indiana government leadership is rightly seeing this as a long-term strategic challenge and also an opportunity that includes building the needed workforce to defend and maintain government networks.
This blogger sees Indiana’s comprehensive strategy for government cybersecurity as a positive step forward and an excellent example for other states to follow.