States Build Security Operations Centers Through University Partnerships
When Indiana established a security operations center in 2015, it went to Purdue University for help. The state and the university were already working together through the Indiana Information Analysis and Exchange Center, and Indiana chose Purdue to host the SOC to share information on threats and develop cybersecurity response strategies.
The SOC “provides real-time network monitoring, vulnerability identification and threat warnings from state government computer systems,” the university says. It is made up of state employees and Purdue students. Together, they control Indiana’s government networks. Students receive internships through the Purdue Pathmaker internship program. The program places students, often specializing in computer science, in entry-level positions at Purdue Research Park, the SOC headquarters.
Students help solve low-level problems, according to the university, and work under the direction of state employee managers. State employees, who work for the Indiana Technology Office, handle high-priority alerts and sensitive information.
Click on the banner below to access a personalized content experience by becoming an Insider.
With this model, Indiana obtains valuable resources through skilled assistance in a career field that state governments often struggle to get staff. By partnering with a university for its SOC, Indiana leverages the intellectual capacity of school residents and harnesses young talent eagerly to meet a great need. It is the kind of partnership that goes a long way in strengthening cybersecurity, while providing important experience to the next generation of security professionals. Experts from across the industry agree that it is a powerful tactic.
How state and local governments can address the IT competency gap
The Center for Digital Government recently determined that state and local governments must overcome obstacles to pursuing their cybersecurity strategies. In a CDG survey of state and local officials, 46 percent cited the lack of skilled labor in cybersecurity as their main challenge. 40% identified challenges with the integration of security tools and 36% said they could not respond quickly to threats.
EXPLORE: How state and local governments keep the public sector safe.
The National Association of Governors is well aware of the lack of IT skills among state governments. In 2021, the NGA launched its latest academy of cybersecurity policies, using Montana to host sessions on the development of the cybersecurity workforce, which concluded in January.
“The opportunity to collaborate with other states to implement best practices and improvements to advance our workforce in cybersecurity will pay dividends by creating a portfolio of jobs while ensuring that your data is protected “Misty Ann Giles, Montana’s director of administration, said in a press release.
The role of collaboration in government cybersecurity
The National Association of Heads of State Intelligence recommends greater collaboration between states and public higher education institutions to improve government cybersecurity.
In 2020, NASCIO reported that only 24% of state colleges and universities collaborate extensively with state governments on cybersecurity; another 63 percent reported limited collaboration. Twenty-seven percent said they did not cooperate.
REVIEW: Maintain secure higher education in blended learning environments.
In the 2020 report, NASCIO updated a call for states to collaborate on higher education. “CISOs should consider leveraging public-private partnerships and collaborations with local colleges and universities to offer a portfolio of new talent,” NASCIO says in the report. State CISOs should turn to colleges and universities to build this pipeline through internships, cooperatives, and apprenticeship programs. They should also work together to improve digital services in the states.
How hands-on experience can strengthen cybersecurity
In April, the Texas Department of Information Resources said it would establish a regional SOC in collaboration with Angelo State University. The SOC will provide real-time network security monitoring in an initiative to detect and respond to network intrusions. The regional SOC, or RSOC, will be available to assist local counties, municipalities, utilities and other public sector entities with cybersecurity operations.
As Government Technology reports, “While not specifically mentioned in the enacting statute, Senate Bill 475, a crucial element of the RSOC is to involve students in participating in the provision of RSOC services, giving- a valuable practical experience while offsetting staff costs “.
LEARN ABOUT: The best IoT security practices that are being adopted by certain states.
“The RSOC will also provide a network security infrastructure that local governments can use and provide college students with hands-on experience to strengthen tomorrow’s cybersecurity workforce,” Angelo State said in a press release.
If successful, Texas will double the RSOC structure in 11 additional districts. It is a model that all state governments must consider.