State CIOs ready plans for security center
- By Dibya Sarkar
- Aug 05, 2002
State chief information officers are putting the finishing touches on a plan to develop a central organization through which states can share information with one another and federal security organizations.
Now in its final draft, the plan includes a request for approximately $25 million in federal funds to help participating states set up offices and develop internal communications for state agencies and first responders.
The Interstate Information Sharing and Analysis Center (ISAC), built on the federal model, would provide aggregate state incident data as well as provide early warnings and notices, officials said.
The center "will allow us to exchange information as well as create intelligence that can be used by both federal and state and even local" officials, said Matthew DeZee, chief information officer for South Carolina and chairman of the security team at the National Association of State CIOs (NASCIO), which is developing the plan.
In a recent case, South Carolina officials realized their systems were being scanned by someone apparently working in Beijing, a breach they were able to stop, DeZee said. At a later meeting with other CIOs, three other states had the same story.
The center could also help participants repair affected systems, develop cybersecurity plans and test new technologies.
Don Heiman, a former CIO of Kansas who recently authored a report that called for better cybersecurity and information sharing among all public-sector levels, said the final draft was "an aggressive proposal."
NASCIO, which published Heiman's report, has been working on such a proposal at least since last fall.
NASCIO also recently announced it would begin sharing information with the FBI's National Infrastructure Protection Center to receive prompt notifications of possible cyber and physical threats to critical infrastructures. It's regarded as a first step toward an Interstate ISAC.
Heiman, who has been at the forefront of the push for state cybersecurity and protection of critical infrastructures, said it will take the leadership of NASCIO, the federal government and the private sector to propel the issue forward.
"The problem that we experience as a state is we're so fractured in [how] we interconnect with the federal government," he said. "Each state agency has their own connection point. And you get into the bureaucracy of the federal government and you get lost in it because you don't have these central overarching directives."
The situation may be changing because of homeland security, Heiman added.
The ISAC likely will involve a project director in the Washington, D.C., area who would oversee the center and work with the appropriate homeland security-related offices there, and someone else to coordinate communications among the states, DeZee said. The ISAC also will have an analytic component to sift through the security data shared by the states, he said.
But for such an ISAC to be effective, it also must include municipal officials, and that is not yet the case, Heiman said (see box).
"We have systems built in the United States, like 511 truck routing systems, that are very, very important to emergency response, and if we forget about emergency response being part of security that's a huge mistake," he said. Local officials "have to be at the table. They absolutely have to be at the table."
John Monroe contributed to this report.