America’s state and local government cybersecurity leaders are preparing to gather in Nashville, Tenn., in early October for the first MS-ISAC Annual Meeting in more than two years. (Note: Last year’s meeting was canceled due to Department of Homeland Security (DHS) budget issues with sequestration.)
There is plenty to discuss and act upon.
Never in the brief history of cyberspace has there been a time with such an explosion of new innovative business opportunities but increasing number cyberthreats facing organizations at the same time. Not only are the bad guys (such as organized crime, nation-state actors, and insider threats) getting more dangerous, the breadth and depth of cyber problems can cause a sense of hopeless inevitability regarding the topic of breaches that affect both sensitive data and critical infrastructure.
The need for more robust partnerships, real-time coordination and practical security answers has never been greater for all levels of government. What has become very clear over the past few years is that any public- or private-sector organization that tries to address cybersecurity threats alone is bound to fail. Thus, the need for collaboration, coordination and information sharing is vital to defend critical assets from sophisticated cyberattacks.
Outside Albany Airport
I traveled to New York this past week on business, and I was able to visit the MS-ISAC headquarters in person, which is part of the non-profit Center for Internet Security. It was a beautiful mid-September day outside Albany, and the pictures you see in this blog are intended to show the great working atmosphere and impressive facilities that in place for this important task of guiding and supporting state and local government cybersecurity coordination across America.
But what impressed me the most were the outstanding staff and information assurance expertise on display. The facility is collocated with other New York state government law enforcement capabilities, and the synergy and professionalism were obvious. The 7x24 Security Operations center (SOC) and the coordination between various cybersecurity functions demonstrated best practices and an attention to detail that is necessary for such an important task.
The Leaders (left to right): Laura Iwan, Julie Evans, Will Pelgrin and Mike Aliperti
On a personal level, it was great to see the MS-ISAC operations in person for the first time – after working closely with its teams as Michigan’s cybersecurity leader for almost a decade. It has established numerous outstanding programs, such as state and local response to cyber incidents, tailored toolkits to support National Cyber Security Awareness Month and the national CISO mentoring program. Needless to say, I was very impressed with the visit.
Outside Entrance to Center for Internet Security (CIS)
An Overview of the MS-ISAC
The growth and maturity of the Multi-State Information Sharing & Analysis Center (MS-ISAC) over the past 11 years is truly a remarkable story.
You may wonder: What does the MS-ISAC actually do?
You may think of the MS-ISAC as similar to the US-CERT, except that it coordinates action amongst federal, state and local entities. The DHS has named the MS-ISAC as the ISAC for state, local, tribal and territorial (SLTT) governments. (There are also ISACs for the Financial Sector, IT-Sector and many other areas.)
The MS-ISAC website lays out its mission and these objectives:
· Provide two-way sharing of information and early warnings on cyber security threats.
· Provide a process for gathering and disseminating information on cyber security incidents.
· Promote awareness of the inter-dependencies between cyber and physical critical infrastructure as well as between and among the different sectors.
· Coordinate training and awareness.
· Ensure that all necessary parties are vested partners in this effort.
The national cyber alert map at the MS-ISAC website provides the cyber status of different states from all over the USA. In addition, the National Webcast Initiative provides excellent information on a wide variety of information security topics and opportunities for governments to solve pressing issues.
Monthly member-only calls provide the backbone of MS-ISAC activity, with sub-committees providing updates on numerous new initiatives as well as standing operational topics. Special calls are set up at times when significant threats face governments and immediate action is needed.
The Upcoming 2014 Annual Meeting
Almost 300 federal, state and local government cybersecurity leaders are expected to converge on Nashville in the biggest MS-ISAC Annual Meeting ever. And the audience will look dramatically different than even a few years ago. Yes, state CISOs, security directors and some of the senior security deputies will be in attendance. But this year’s meeting will also include more than 70 cyber experts from state and major urban area fusion centers. In addition, many more local governments have joined the MS-ISAC, bringing nationwide membership into the thousands of government organizations.
The annual meeting will start with a bang, as a joint meeting of diverse groups will kick-off the 2014 version of National Cyber Security Awareness Month (NCSAM). The Oct. 1 events will also include The National Association of State CIOs (NASCIO), The National Cyber Security Alliance (NCSA) – who run StaySafeOnline.org and many other public- and private-sector organizations.
Topics covered at the MS-ISAC Annual Meeting will include the status of various security services provided by the MS-ISAC, significant updates on global cyberthreats, new projects that can assist state and local governments regarding awareness campaigns and much more. Federal and nonprofit partners will also offer presentations at the meeting.
And the best part is the networking and personal relationships that are built across state lines. It is essential to build trusted partnerships and connections for security leaders to engage prior to incidents hitting their governments. These relationships prove invaluable during a cybersecurity emergency.
The last MS-ISAC Annual meeting was held in Atlanta in 2012, and you can learn more about that last meeting here.
A Brief History of the MS-ISAC
All emergencies are local. Even cyber-emergencies.
Will Pelgrin, who is the president and CEO of the Center for Internet Security and chair of MS-ISAC, realized the importance of state and local government coordination on information security matters back in 2003. Will understood that cyberdefense on an island will fail, and his founding vision was to establish coordination amongst state government chief information security officers (CISOs) and other cyber leadership officials.
The MS-ISAC quickly got the support of the DHS and other federal and nonprofit organizations. Over time, all states joined the MS-ISAC, but local governments remained separate and received cyber information via their state CISOs in state-specific ISACs.
MS-ISAC & Center for Internet Security (CIS) Senior Staff
As cyberthreats grew over the past few years while state resources to support local governments remained relatively low, the MS-ISAC started to allow local governments to join the MS-ISAC directly. In addition, fusion centers and other government entities started to join as well as the benefits of MS-ISAC information became more apparent. The MS-ISAC started to also work with the Governor-appointed Homeland Security Advisors in the states.
Governance is provided by an MS-ISAC Executive Advisory Board, which is voted upon by member organizations from state, local and tribal governments, and the board helps steer the future direction of the MS-ISAC. Federal partners are also very active with the MS-ISAC.
Some of the organizations that work closely with the MS-ISAC include the DHS, various law enforcement agencies such as the FBI, National Institute of Standards and Technology (NIST), the National Governors Association (NGA), the State, Local, Tribal and Territorial Government Coordinating Council, the White House and others.
Challenges Ahead – But Failure Is Not An Option
There is no doubt that the cybersecurity challenges ahead for state and local governments are immense. In discussions during my visit this week, it is clear that many state, local and tribal governments are still struggling with implementing the most basic elements of the Cybersecurity Framework released earlier this year by NIST.
In addition, even the governments that are implementing security will need to raise their game and become more effective in successfully detecting, responding to and recovering from cyberattacks in a repeatable way. There is a new approach coming with a push regarding cyber hygiene for the nation that will be very important.
So what can you and your government do now?
First, attend the MS-ISAC Annual Meeting in Nashville. When I was the CISO and later the CSO in Michigan, I always found these meetings to be the highlight of the year for state and local government cybersecurity engagement. You will learn a ton, and your government will improve in cyberdefense as a result of your active participation. At the meeting, ask for help, and you will gain more than you invest.
Second, report significant cyber incidents in your government. Working with other experts can help to provide essential services – many of which are free to state and local governments thanks to DHS funding for the MS-ISAC.
Third, coordinate and partner with the MS-ISAC on a wide variety of levels to improve your program. Whether you are CISO, fusion center analyst or just a one-person information technology shop in a small local government, you can benefit by working with the MS-ISAC to improve all aspects of your security program.
Remember, if you are trying to secure your infrastructure and sensitive data as an “organizational island” you will fail. Partnership with a sector-specific ISAC is no longer optional. It’s a matter of cyber life and death. You can’t do this alone.
My final recommendation: If you are not in government-related work, join your sector-specific ISAC.
If you are in a state, local or tribal government join the MS-ISAC and become engaged.
Note: All photos taken by Dan Lohrmann, unless otherwise noted.