Set on the Port San Antonio campus, the Alamo Regional Security Operations Center has been built to provide public and private partners with 24-hour cybersecurity intelligence. It’s expected to house teams from the city, CPS, San Antonio Water System and VIA Metropolitan Transit. Pending agreements, it also will serve municipal agencies and school districts.
Port San Antonio is set to host a launch event Dec. 10, though it is unknown when operations will begin.
The center is opening as cyberattacks against public and private entities are increasing.
In June, a cyberattack paralyzed Judson Independent School District’s computer, telephone and email services. It took more than a month for authorities including the Texas Department of Information Resources to get the services back online. The district wound up paying nearly $550,000 to keep sensitive information private.
San Antonio and CPS officials say they hope the operations center can help beef up regional internet infrastructure to prevent and respond to such attacks.
“Cybersecurity does not stop at lines drawn on maps,” said Patsy Boozer, the city’s chief security officer. “It is our belief that when our neighboring communities are protected, ( San Antonio) is better protected.”
The concept for the regional center was hatched in 2017 when local leaders in cybersecurity began discussions about getting together to provide defenses for the city and mutual aid for regional municipalities. Last year, the San Antonio City Council approved an agreement with Port San Antonio to lease a 20,000-square-foot space rent-free for 15 years, with a renewal option after five years.
Will Garret, a former cybersecurity director at the San Antonio Chamber of Commerce who’s now vice president and director of cybersecurity development at Port San Antonio, said the city stands amid “unique assets, many of which are critical to national security.” Because of that, he said, there’s been “a lot of thought leadership” by city agencies and academic and private sector entities, many of which are customers of the port, to build systems to combat internet threats.
Statewide center
In a similar vein, the state of Texas has been strengthening cybersecurity operations after a ransomware attack that seized control of 22 city networks in 2019.
Gov. Greg Abbott in June signed Senate Bill 475, a bipartisan measure requiring the Department of Information Resources to establish policies to assist state agencies, cities, tax and appraisal districts, water districts, ports and school districts with cybersecurity.
As in San Antonio, the state department has plans to build a regional operations center and enter agreements with other entities. It also is creating the Texas Volunteer Incident Response Team to respond to cybersecurity threats statewide.
Earlier this week, Nancy Rainosek, the state’s chief information officer, said “ransomware is up exponentially over the past three years and is not limited to government or to Texas.”
“It’s a worldwide issue due to the prevalence of the internet and its integration into our everyday lives and increased sophistication of attackers,” she said. “Attackers are making a business of cyberattacks and are getting paid for their crimes.”
Currently, local municipalities aren’t required to report cyberattacks to the state. Only state agencies, higher education institutions and county election officers are required to report them. A new state law requires the Texas Education Agency to create a system for school districts to anonymously share information on such attacks.
Since 2019, the state has reported being aware of at least 115 ransomware events that affected governmental organizations. There were 39 against independent school districts, 35 against cities, 16 against counties, 15 against state agencies and universities, and 10 against other local entities.
Rainosek said she hopes state and local efforts to build mirroring operational centers will encourage open lines of communication. Boozer, the city’s chief security officer, said the city plans to share information with the state.
UTSA connection
The University of Texas at San Antonio also has a role in the new center.
Over the past five months, Joe Mallen, director of UTSA’s Cyber Range, has been speaking with local leaders to provide training to security analysts who will be staffing the center, and an agreement for 2022 is being finalized. City officials also purchased an annual subscription to the Cyber Range training platform.
Mallen compared the training facility to “a gun range” — where trainees can experience hands-on simulation of real-world cyberattack scenarios.
Boozer said the Cyber Range’s curriculum contract would provide training for the city’s IT Cyber Security Team and regional partners “to enhance skills for collective defense.”
Vic Malloy, a Cyber Range instructor who consults with the nonprofit CyberTexas Foundation, said he cheered the collaboration.
The former National Security Agency chief information officer said cities like San Antonio “are definitely on the heat map because we have large health care and military communities.” To fight against such attacks, the Cyber Range can offer training “to decrease the amount of time it takes to identify, respond and recover from future events.”
The training, he added, will provide the new center’s staffers the opportunity “to fail forward in a secure learning environment.”
“The place not to fail forward is in the industry or education system or government when an alert fires off and you miss that alert or an indication that this is a significant incident that requires your immediate attention,” he said. “It’s better to fail in a learning environment as opposed to failing forward on a mission.”
© 2021 the San Antonio Express-News. Distributed by Tribune Content Agency, LLC.
