The initiative is early stage but aims to bring robust cyber services to municipalities and local organizations, while also building up the state’s base of cybersecurity talent.
“The big idea that we have right now is to create an SOC that delivers operational cyber services to municipalities, nonprofits [and] small businesses, and is used to train new cyber professionals,” said Peter Sherlock, who is consulting with the MassCyberCenter on the project. “This is very much analogous to the way our great teaching hospitals in the state educate for medicine.”
Massachusetts’ effort stands out for its broad scope, which calls for establishing ranges and SOCs statewide, Sherlock said.
While the initiative is still nascent, Sherlock envisioned that higher ed students might work in the SOCs as a “capstone experience.” Students who train up in the range and reach a certain level of ability could move into internships or employment at the SOC, said Mary Kaselouskas, vice president and chief information officer of Springfield Technical Community College (STCC), one of the participating institutions.
The hope is that students would either remain in that employment or — with real-world experience at the SOC under their belts — find positions at companies in the region. That could address a pain point new graduates frequently encounter: entry-level cyber jobs that nonetheless require several years of experience.
There’s an equity goal as well, Sherlock said: “Anchoring this program in community colleges and state universities really connects us to the communities that haven’t had the opportunity to join this career field,” he said.
WHAT ARE CYBER RANGES AND SOCS?
A cyber range is a “laboratory for cybersecurity,” Sherlock explained. Teams or individual users can practice responding to cyber incidents in the facility, which provides them with a simulated IT environment and “simulated threat actors” that use various technologies to mock-attack the systems, he said.
As such, ranges are a powerful part of cyber education — including for degree and certification programs as well as reskilling and team training programs.
“In a few years, we’re going to wonder how we taught cybersecurity without these things,” Sherlock said.
While ranges support teaching and training, SOCs support active cybersecurity operations. They are central locations for bringing together security systems and information where analysts and other staff can assess for any indicators of potential cyber issues and respond.
“An SOC is really the focal point for an organization’s cybersecurity people, processes and technology,” Sherlock said. “[They’re] the heartbeat of a security operation.”
The complexity and costs of running such operations means that organizations often outsource them, he said. The dynamic nature of these operations also means they’re particularly valuable career experiences for professionals able to land a position at one.
Massachusetts’ initiative looks to address both matters and provide affordable SOC services to communities throughout the state, while expanding SOC employment opportunities for students.
“An SOC is considered one of the best developmental assignments for a new cyber professional,” Sherlock said. “But those assignments are kind of hard to come by.”
“FORCE MULTIPLIER”
Mike Steben, network administrator for the city of Westfield, Mass., said access to an SOC or a cyber range would be “extremely beneficial” to his municipality.
“Try as we might, we simply have no way to provide 24/7 IT coverage using our own resources,” Steben said. “To have the SOC backing up municipal IT operations is invaluable.”
That resource would be “a force multiplier” for his team, which consists of a dozen people about evenly split between municipal and school cybersecurity.
A range, meanwhile, would “provide insight into the tactics, techniques and procedures that threat actors are leveraging against organizations,” giving deeper understanding of the growing risks.
The ranges could potentially also be used by municipalities to test their teams or work with other officials on cyber incident response ideas, while businesses might use them to train employees on new cyber skills, said MassCyberCenter Director Stephanie Helm.
THE PRACTICALITIES
Government entities, colleges and businesses are collaborating to make the project possible, said Sherlock. As part of this, a recently formed nonprofit called Cyber Trust Massachusetts will bring together members of the higher education and business communities into a consortium, facilitating their collaboration.
Schools would run most of the programs, while corporate members are expected to let employees spend some company time helping, he said.
The state is funding the establishment of the SOCs and ranges, Helm said, but Sherlock said the consortium will “be the economic entity that generates funding to support this on a sustainable basis.”
Efforts are still early stage. Cyber Trust Massachusetts recently incorporated, and the higher education institutions slated to host the first ranges and SOCs are at work building out facilities in preparation, according to Helm. STCC and Bridgewater State University are among those campuses.
Sherlock emphasized that things are just getting started.
“It’s going to take us time to ramp this stuff up, because there are some pretty ambitious plans,” Sherlock said. “We will be getting started on both the SOC front and the range front in the coming year.”