Paul Baltzell talking with students at Purdue University in West Lafayette, Indiana. Photo Credit: Graig Lubsen, Communications & Marketing Director, Indiana Office of Technology
Indiana state government is building a new Security Operations Center (SOC) to be housed at Purdue University in West Lafayette, Ind. The new security center, which will be called the Indiana Information Sharing & Analysis Center or IN-ISAC for short, is a central piece of Gov. Mike Pence’s cybersecurity upgrade plan that is being implemented over the next two years.
The new IN-ISAC will monitor and defend state systems and networks from cyberattacks and the new generation of cyberthreats faced by global governments. It will also help Indiana recruit and retain top young talent in the field of cybersecurity.
According to Indiana Chief Information Officer (CIO) Paul Baltzell, “The IN-ISAC will bring together Indiana state government network and security staff, our Indiana State Police Fusion Center, Indiana National Guard expertise, Purdue University security personnel and students as well as private sector experts from companies like Cisco and McAfee. We have developed a comprehensive cybersecurity upgrade plan covering all aspects of how we deliver services to the citizens of our great state.”
The overall security plan includes projects to improve and upgrade patch management, accelerate application migration off of end-of-life technology systems, provide enhanced outbound network traffic monitoring, provide computer network segmentation, enhance security awareness training, strengthen Indiana’s cloud computing options, as well as offer integration between the state of Indiana’s Network Operations Center (NOC) and the Security Operations Center (SOC).
Indiana CIO Paul Baltzell and Chief Information Security Officer (CISO) Tad Stahl are leading this upgrade to Indiana’s overall security programs, with an additional $25 million investment requested in the 2015-16 biennium budget, which requires legislative approval.
One major benefit of this new plan is the opportunity to build a pipeline of students who can enter government and gain experience in cybersecurity activities while still in school. Another benefit is the unique public-private partnerships which will allow private-sector companies to assist the state in staying current in the latest cyberstrategies and secure network architectures.
The students will be primarily used in a monitoring capacity, but there will be new opportunities for gaining experience in cyberforensics and network management as well.
Pending financing, the IN-ISAC is currently slated to open in September of this year.
Analysis of the IN-ISAC Announcement Breaking News
As far as I can tell, this unique strategy is the first comprehensive approach to cyberdefense in the nation that cuts across state and local government as well as Indiana’s public universities, while bringing in leading private-sector partners to assist. While several other states have announced (and even implemented) top cybertraining programs for their public and private sectors, the IN-ISAC will also integrate daily operations and real-time incident response to cyberevents from multiple business sectors.
This impressive plan brings together some of the best minds in the country from Purdue University’s excellent Cyber Forensics Lab and Purdue’s graduate programs in information assurance. Purdue University had been known as a leader in cybersecurity, with Eugene H. Spafford being recognized as a national expert in cybersecurity research.
According to Purdue’s website:
Dr. Spafford's current research interests are focused on issues of computer and network security, cybercrime and ethics, technology policy, and social impact of computing. He is the founder and executive director of the Center for Education and Research in Information Assurance and Security (CERIAS). This university-wide institute draws on expertise and research across many of the academic disciplines at Purdue.
Here is a brief video of Spafford at a CERIAS Symposium in 2014.
The timing of this announcement could not be better. With the Sony breach in December and the Anthem data breach just announced this week, the global attention on this topic of cybersecurity has never been higher. Also, the dialogue and showcase of workable solutions is about to ensue at the Cybersecurity Summit at Stanford University in California scheduled for next Friday.
In my view, this Indiana approach shows that Gov. Pence is serious about tackling the growing cyberchallenges by enabling the resources required to build a comprehensive and effective approach to cyberdefense. Indiana government leadership is rightly seeing this as a long-term strategic challenge and also an opportunity that includes building the needed workforce to defend and maintain government networks.
This blogger sees Indiana’s comprehensive strategy for government cybersecurity as a positive step forward and an excellent example for other states to follow.
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.
During his distinguished career, he has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader.
Lohrmann led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprisewide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan.
He currently serves as the Chief Security Officer (CSO) and Chief Strategist for Security Mentor Inc. He is leading the development and implementation of Security Mentor’s industry-leading cyber training, consulting and workshops for end users, managers and executives in the public and private sectors. He has advised senior leaders at the White House, National Governors Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses and nonprofit institutions.
He has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.
Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD for You: The Guide to Bring Your Own Device to Work. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington, D.C., to Moscow.
He holds a master's degree in computer science (CS) from Johns Hopkins University in Baltimore, and a bachelor's degree in CS from Valparaiso University in Indiana.
Follow Lohrmann on Twitter at: @govcso
Building effective virtual government requires new ideas, innovative thinking and hard work. From cybersecurity to cloud computing to mobile devices, Dan discusses what’s hot and what works in the world of gov tech.