States to get security services to boost cyber info sharing
Source: GCN
The Department of Homeland Security is rolling out a plan to offer
states and territorial government organizations a set of free managed
security services, including intrusion detection and prevention, netflow
analysis and firewall monitoring.
The services will be provided by the Center for Internet Security’s Multistate Information Sharing and Analysis Center
(MS-ISAC), a 24x7 operations center that provides real-time network
monitoring, threat warnings and incident mitigation and response.
The plan is part of a multipronged effort to boost government threat
information sharing and cooperation called for in the National Institute
of Standards and Technology’s Cybersecurity Framework,
a set of voluntary guidelines released by NIST in February to promote
the protection of critical systems and management of cybersecurity
risk.
Phyllis Schneck, DHS deputy undersecretary for cybersecurity for the
National Protection and Programs Directorate (NPPD), said making the
managed services available and adopting the NIST framework a key step
making local government information systems secure.
“The adoption of the framework will encourage longer term risk-based
planning and better security overall – this is a win-win and we are
excited to be able to provide such tactical assistance to our state and
territorial stakeholders,” she said in a recent blog post.
To help promote the use of the NIST framework and coordinate projects
to strengthen information sharing, DHS this February launched the Critical Infrastructure Cyber Community (C3) Voluntary Program, which will help coordinate critical infrastructure operations, DHS said.
In its first year, the C3 Voluntary Program will focus on engaging
with “sector-specific agencies,” including the defense industrial base,
energy and emergency services sectors to adopt the NIST framework.
Later phases of the program will “reach out to all critical
infrastructure (groups) interested in using the framework,” according to
DHS.
The C3 program will also encourage the critical infrastructure
community to “manage cybersecurity as part of an ‘all hazards approach’
to enterprise risk management,” according to DHS.
Posted by GCN Staff on Mar 04, 2014 at 11:48 AM