The state’s Cyber Operations Center is seeing the benefits of a $15.4 million funding boost. The investment will allow for the hiring of new staff and the deployment of new cybersecurity tools, officials say.
As North Dakota sees new chief information security officer Kevin Ford take the reins, the state's cyberprofessionals are also busy expanding their cyberoperations and capabilities.
With a recent funding boost for the 2019-21 biennium, the North Dakota Information Technology Department will use $15.4 million to expand its Cyber Operations Center (CyOC), adding a host of new toolsets, employing increased contractor support and analysis, and hiring eight new staff members.
Sean Wiese, who is leaving the state CISO position to head the CyOC, said he hopes the center becomes a new model for state cybersecurity, both "strategically and operationally."
To protect the state's data, CyOC's 17 full-time staff members engage in a combination of defensive activities — which focus on identifying and combating incoming threats — as well as proactive, offensive activities aimed at hunting and predicting new threats before they have a chance to take hold.
Currently, the CyOC is responsible for a focused effort to conduct a statewide cybermaturity assessment to measure the level of cyber-readiness of 400+ public entities in the state. That effort is part of a larger initiative, launched by a bill passed earlier this year, to strategically align state government behind a unified cyberposture.
At the same time, the center is also leaning into automation to take care of some of the basic cybersecurity grunt work — a trend, reflected in both the public and private sectors, that streamlines scanning and detection processes to free up human labor for more complex tasks.
"The importance is that for the size of our environment, with 252,000 active devices at any one time, it’s virtually impossible for a group of 17 to defend at the maturity level we aim to provide to the citizens of ND — this is where automation comes in," said Wiese, speaking with Government Technology. "One way to slice through the mountain of log data is to have automated processes, CyBots, if you will, do some of the preliminary work prior to our defense analysts initial triage.
"This work can range from a variety of things, but an example would be to take a reported phishing message that arrives into the CyOC, glean key data points — domain, IP, suspicious keywords — and have our CyBots do the lookups of related information that can add a layer of clarity as the potential level of maliciousness the phishing message presents."
Wiese said the state will also use its funding boost to expand its partnerships with numerous private vendors, including Palo Alto Networks and Microsoft, while also seeking opportunities to collaborate with other state governments, aligning on issues of policy, process, and threat and intelligence sharing.
Looking to the future, Wiese said that he feels the CyOC can help elevate the cybermaturity level of entities across the state.
"We're trying to be the national leaders in this space," he said.