Cyber Security Operations Centers (SOC) and the employees that staff these centers are often integrated with law enforcement departments, multinational companies and federal agencies. Municipalities employ emergency management personnel and prepare emergency operations centers for weather related and natural disasters but not cyber-security. Public sector agencies and K-12 schools rarely designate a Chief Information Security Officer or staff a full-time cyber security operations center, but they should!
School board and town/city council officials need to acknowledge that cybersecurity requires a top down approach and should not be delegated to the technology director/department without guidance, policy guidelines, accountability and adequate funding. School superintendents, First Selectman and Mayors don’t want their names or their schools or towns in a headline story about the latest cyber breach or ransomware attack. Taxpayers, insurance underwriters and auditors will increasingly demand greater accountability for securing assets, protecting personally identifiable information and guaranteeing the service levels of public digital infrastructure.
Why you need a SOC!
The cyber threat crisis is real, but despite the warning signs, many schools and government agencies have no cybersecurity strategy in place. It took mass public shootings to prompt board level policy reviews and investment in securing physical access to our school buildings and public facilities.
Designating a Chief Information Security Officer and a security operations team is a long overdue response to the reality of digital pedagogy, web-based delivery of public services and cyber threats. A physical or virtual SOC may be integrated with current technology, facilities, operations, curriculum or other current personnel. SOC’s may also be shared between schools and municipalities with representation from the first responder community; SOC’s should be automated and/or outsourced for faster response. While current business and technology personnel are the logical candidates for CISO, key SOC personnel must be equal members of the school or town leadership team.
Silos of Data
Competing firewall, antivirus, intrusion detection, internet filtering, SIEM, 2FA and other security products create silos of complex, uncorrelated data. Detecting potential threats in this hodgepodge of data is the proverbial “needle in a haystack” often resulting in a sea of false alarms or false positives. By some estimates there are more than 3,000 security product companies, and many “are a feature not a firm. They solve one narrow problem and really should be part of a platform offering a mutually supporting mesh of integrated security products.” See Note 1
Migrate Now to a Next Generation Security Platform
Todays’ attackers don’t just target email accounts or endpoint devices, they use stealth techniques and sophisticated tools to move laterally across networks and organizational units in order to exfiltrate valuable data or compromise network operations. New defensive and automated security platforms are increasingly available incorporating artificial intelligence and machine learning (AI/ML). Unlike legacy firewall, antivirus or intrusion detection systems which rely on port blocking or blacklisting known malware, Next Generation security systems using AI/ML, ask “is it really you” and is the user trying to do something they have never been done before. In other words, is the user behavior normal or does it warrant investigation.
A Skills Gap
One of the key challenges facing our K-12 schools and municipalities is a shortage of trained security analysts and a growing IT skills gap, especially, cyber security skills. According to a recent Global Information Security Workforce Study, the cybersecurity workforce gap is expected to reach 1.5 million by 2020, with 66% of the respondents across all industry categories, report not having enough workers to address current and future cyber threats.
Consider Managed Security Services
The leadership team in your school or town may choose to staff and manage a SOC locally or contract with a Managed Security Services Provider (MSSP) for a fixed monthly fee. Managed security service providers provide continuity with experienced employees, audited process controls, 24 x7 network operation facilities, software tools and the ability to monitor and manage the logical network infrastructure remotely as well as on-site. The MSSP can reduce the time, cost and complexity of event triage, incident investigation, response and minimizing false positives.
Take Action NOW
Remember, the cyber threat crisis is real and the time to take action is NOW!
NOTE 1 – The Fifth Domain by Richard Clarke and Robert Knake, published by Penguin Press, 2019