DHS Offers Incentive to Adopt Framework
States Could Qualify for Free IT Security Managed ServicesThe Department of Homeland Security is offering managed cybersecurity services free of charge as an incentive to get financially strapped local, state and territorial governments to adopt the cybersecurity framework.
See Also: Building Your OT Security Business Case
DHS will pay for services that would be provided by the Multi-State Information Sharing and Analysis Center. In revealing the new program during a Feb. 25 presentation at the RSA Conference 2014, DHS Deputy Undersecretary Phyllis Schneck did not disclose the program's cost, but said it would come out of the department's budget.
"Our state and local governments protect and enable citizens and critical infrastructure and often don't have a lot of budget," Schneck says in an interview with Information Security Media Group. "We want to make sure they have the best cybersecurity in conjunction with adoption of the cybersecurity framework. The combination of the policy guidance and the managed services will improve the security posture of our state and local governments, which is key to our nation's cybersecurity and infrastructure resilience."
The managed services to be offered will include intrusion detection, intrusion prevention and firewall and network traffic monitoring.
Schneck, the highest ranking DHS cybersecurity official, says the services provided by the MS-ISAC do not change the local and state governments' abilities to govern their own networks. "It's simply great security free of charge in conjunction with their adoption of the cybersecurity framework," she says.
Risk Management
Another DHS official tells Information Security Media Group that the agency is encouraging local and state governments that will use the managed services to continue participation in the Critical Infrastructure Cyber Community program, known as C³, or C-cubed. C³ aims to support industry in increasing cyber resilience, increase awareness and encourage organizations to manage cybersecurity as part of an "all hazards" approach to enterprise risk management.
The National Institute of Standards and Technology earlier this month unveiled its long-awaited cybersecurity framework, which provides best practices for voluntary use in all critical infrastructure sectors. President Obama in 2013 issued an executive order that called on NIST to collaborate with the private sector to develop IT security best practices that critical infrastructure providers could voluntarily adopt.
MS-ISAC, a unit of the not-for-profit Center for Internet Security, provides two-way sharing of information and early warnings on cybersecurity threats and furnishes a process to gather and disseminate information about cybersecurity incidents.
Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.