How one state looks to shared cyber services to defend rural areas
LordHenriVoton/Getty Images
Colorado plans to leverage federal grant dollars to help its smaller communities protect themselves and expand a shared security operations center to track threats.
Colorado is planning to offer shared cybersecurity services to under-resourced government IT departments across the state and expand its cyber operations center to better monitor threats, a top official said this week.
The need for cybersecurity assistance is particularly acute for rural areas, said Trace Ridpath, director of IT governance and cybersecurity in the Colorado Governor’s Office of Information and Technology (OIT). Those municipalities often lack the IT staff and resources to support their own operations, so they outsource that work to vendors, an arrangement that can leave them without adequate incident response plans.
The $1 billion in grants coming from the Cybersecurity and Infrastructure Security Agency for state and local cybersecurity, in particular its requirement that 80% of funding be allocated to local and rural communities, can help get every jurisdiction up to the same standard, Ridpath said.
“It's critically important to get everyone at a baseline competency and awareness of cybersecurity issues,” Ridpath said in a presentation during Nextgov and GCN’s Cyber Defenders event.
Additional funding may come from the legislature, which Ridpath is looking at ways to match federal funds with state grants. Lawmakers want to help local governments with incident detection and response as well as standardizing cybersecurity tools and processes. This “whole of state” approach to cybersecurity would still allow localities to tailor the cybersecurity training and services they receive from the state based on their needs, he said.
“We look at that being a buy-in model where the funding is supplied, and then the county or the rural community has an option or can pick from a list of services … important to them, based on understanding of their needs around cybersecurity,” Ridpath said.
The state also wants to expand its shared security operations center, which Ridpath said he envisions as a public-private partnership with the National Cybersecurity Center (NCC), based in Colorado Springs. The SOC could be housed in the state fusion center or somewhere that would promote a statewide response to cyber incidents.
Colorado also is part of the state-level Joint-Cybersecurity Operations Command Center founded by North Dakota to monitor and respond to regional threats, Ridpath added.
Ridpath noted that the state and its local governments have suffered some “fairly significant ransomware incidents” in recent years and have been “incredibly lucky to not have had more impactful, more debilitating ransomware attacks.” He estimated there are around 8.5 million recordable cyber events a day in Colorado, and with resource constraints it can be difficult to monitor them and respond when needed.
Those constraints will make staffing that shared SOC a challenge, so state officials are already thinking about how to build a pipeline of qualified cybersecurity workers. Colorado has several cyber education initiatives and partnerships with colleges as well as K-12 schools, Ridpath said, with the federal government and private companies playing a role in those initiatives too.
There is a lot of “cross pollination” between those talent development programs, Ridpath added. They can be a catalyst for “sparking that interest” in cybersecurity and help students develop the critical thinking skills they will need to solve problems.
Through the state legislature, Colorado has also established a program to help returning veterans transition into cybersecurity jobs with the state through internships when they leave the armed services. OIT received funding to train eight veterans per year, with the only requirements being an interest in cybersecurity and veteran status.
The veterans in the program spend eight weeks learning in a virtual operations center, then go into the real environment having been trained in areas like monitoring, logging events, alerting suspicious activity and incident response.
Ridpath said Colorado also benefits from the Governor’s Cybersecurity Council, which advises on how best to make use of state and federal dollars for cybersecurity. Composed of public sector representatives as well as business leaders and members of the Colorado National Guard, Ridpath said council members’ subject matter expertise help provide “a force” and “a will” when targeting cybersecurity investments.
NEXT STORY: How to talk to users about cybersecurity