Iowa offers public-sector network clients a la carte security services
Connecting state and local government leaders
To underscore the need for upstream cybersecurity, the Iowa Communications Network is offering its offering clients a free, extensive threat assessment.
Iowa has long been ahead of the curve in delivering affordable network services to the public sector. Nearly 25 years ago, the state established the Iowa Communications Network – as both an executive branch agency and a certified telecommunications broadband carrier -- to deliver reliable network connectivity to government, public safety, education and health care clients.
And now ICN is serving as a middleman between private-sector security companies and its clients, offering an array of a la carte security services. To highlight the need for enhanced security, the agency recently announced that it was offering clients a free, extensive cyber threat assessment test.
Specifically, ICN will use a Fortinet FortiGate firewall to monitor clients’ networks. After several days of collecting data, the agency will issue a report on security and threat prevention, user productivity (use of social media and messaging), and network utilization and performance.
“The security testing, products and services that we are offering [will] identify security threats and risks,” said Ryan Mulhall, ICN’s security services officer. “We are looking to create a proactive intelligence-driven carrier network environment that provides relevant products and services to our customers, hopefully at economies of scale that they can afford."
"Eighty-five percent of our customer base is education," he added, "which generally does not have a lot of money.”
Even though it is a state agency, ICN doesn’t receive appropriations from the state. “We run strictly on revenue,” said Mulhall. Trying to strike a balance between being an agency and being a business is, he said, “always fun.”
When ICN started in the mid-1990s, it was simply a video distance-learning network, a way to connect classrooms. As it matured, it began offering more internet services. “As we started seeing bandwidth as more of a commodity, we have started to evolve other relevant services,” Mulhall said. “Security was a natural fit.”
ICN launched a managed firewall service in March 2017. And last September, it introduced BoronDDoS, a service providing protection against distributed denial of service attacks. “The best place to mitigate a DDoS attack is upstream at the internet service provider level,” Mulhall said.
According to Mulhall, all the other security products offered by ICN are managed with outside contractors. The network's public-sector clients get the benefit both of ICN’s screening and selection of those products as well as some economy of scale. “They can generally buy almost any service from us without having to go to an RFP or another kind of proposal,” he said.
According to Mulhall, the feedback ICN has received, especially from educational organizations, has been very positive. “I think the greatest concerns that they have is that they don't know what they don't know,” he said. “They don't have dedicated security personnel, so they don't really know where to start. A lot of the school districts have instructional technology teachers who are PE teachers that manage their technology.”
As a result, serving educating clients is an important part of what ICN does. According to Mulhall, the agency sends “area education aides” to meet with organizations technology directors as well as to education tradeshows in the state. And, of course, it offers free security assessments.