California Plans to Launch Information Security Operations Center

California intends to create a state-of-the-art information security operations center to monitor cyber-threats and protect state and local government networks from attack.

The proposal is part of a sweeping five-year plan, released Thursday, Nov. 12 by state Chief Information Security Officer (CISO) Mark Weatherford, which is designed to safeguard government data and critical technology resources from increasingly sophisticated cyber-criminals.

The plan calls for creating a California Information Security Operations Center (CA-ISOC) that would provide real-time detection of cyber-attacks and security intrusions across all state government agencies. The center also would support local government networks that need assistance.

The CA-ISOC would watch for attacks on the state government's critical information infrastructure, including attempts to disrupt automated control networks for dams, power plants and other physical facilities. The plan also envisions creating a California Computer Incident Response Team that would work in concert with the state's Emergency Management Agency and Fusion Center, as well as the U.S. Department of Homeland Security.

"The challenges of cyber-security have been referred to as a 'Perpetual Arms Race, between hackers and criminals on one side and enterprises and governments on the other side.' In California, we are confronting the challenges in a coordinated and efficient fashion that will increase protections for the citizens and businesses of this state," said Weatherford, in a statement announcing the plan.

A California First

Weatherford's new statewide information security plan is the first ever developed for California state government, and it represents a significant milestone for the CISO, given the sprawling nature of California state government and the size and independence of its state agencies.

In an interview with Government Technology earlier this year, Weatherford said California state agency CIOs needed an enterprise security strategy to help guide their efforts. "Agency CIOs tell me that's what would help them the most -- consistent policies that let them know the direction the state is heading and what's expected of them," he said.

Weatherford's office conducted interviews and workshops with more than 200 state agency CIOs, CISOs and IT professionals to create the strategic plan. The plan includes five broad goals:

• creating a digital infrastructure that is resilient, secure and trustworthy;
• making Internet use a safer experience for Californians;
• creating a secure, trustworthy digital identity for every California citizen;
• using security as an enabler of more efficient technology; and
• implementing security that enhances collaboration and delivery of services.

Video: California CISO Mark Weatherford discusses social networks and other security challenges.