In the world of government, cybersecurity innovations can prove particularly difficult to implement. That’s why it’s so important to have strong, focused leaders on the innovation side of things.
The annual National Association of State Chief Information Officers (NASCIO) conference, held last month in Austin, Texas, brought together some of the top minds in government cybersecurity technology. Among those was Rajiv Das, Michigan’s Chief Security Officer, who chatted with GovLoop about what the state’s been up to, and what it’s planning for the future.
1. Build out Michigan Cyber Civilian Corps (MiC3)
Among Michigan’s top current priorities is the Michigan Cyber Civilian Corps (MiC3), an initiative announced by Gov. Rick Snyder in 2013. The corps consists of volunteer cybersecurity experts standing by to respond in the case of an attack on the state’s systems, something procedurally similar to a volunteer fire department.
Each MiC3 applicant must satisfy a set of requirements before being accepted. First, an individual must have at least one major certification in a core security competency, and they should have at least two years of hands-on cybersecurity experience in a relevant job.
If they satisfy these parts of the application, they’re then asked to take a series of online tests to prove comprehension of networking and security concepts. If they pass four of the five, they’re offered membership, which comes with a .gov email address and an impressive amount of training resources. As of the NASCIO conference in early October, MiC3 had 64 members. But it’s hoping to bump that number to 200 by the end of 2018 — a goal Michigan is pursuing “aggressively,” Das explained.
“That’s one of our major projects,” he said.
2. Continue to seed chief information security officer (CISO)-as-a-service program
Michigan has also dedicated resources for a chief information security officer (CISO)-as-a-service program for its local governments. It’s provided seed money to kickstart the initiative, but Das said the state expected smaller governments to have a workable model implemented in the next year or year and a half.
“This is a win-win situation because of the infrastructure,” Das said at NASCIO. “If the local governments are cyber safe, we are cyber safe.”
3. Enhance cyber analytics database
For 2018, Michigan wants to focus on cyber analytics. In initial phase plans, it will work with Michigan State Police and the National Guard to collect and process data. In later phases, it will look to include private partners, like those in healthcare, finance and critical infrastructure.
Aggregating these data sets in a "cyber hub" will help the state stay ahead of its vulnerabilities, Das said. With the information, cybersecurity personnel can pinpoint problem areas before they’re exploited, taking preventative measures to bolster defenses.
“Instead of being a reactive role, if we can go and find the problem beforehand, I think we will be in much better shape,” Das said.