California's Proactive Approach to CyberthreatsMark Weatherford on State Cybersecurity Integration Centers
The creation of the California Cybersecurity Integration Center demonstrates that the state is taking a proactive approach to securing its digital assets, says Mark Weatherford, a former California state chief information security officer and onetime Department of Homeland Security deputy undersecretary for cybersecurity.
"It's important from a visibility perspective because it shows that California is actually leaning forward here and chooses to be proactive instead of reactive," Weatherford says in an interview with Information Security Media Group. Being reactive, he says, "is inherently bad in our business because it means something bad has already happened. Having the center will provide the kind of visibility to the threat environment that doesn't exist today."
Gov. Jerry Brown on Aug. 31 signed an executive order establishing the California Cybersecurity Integration Center, known as Cal-CSIC, that will be responsible for strengthening the state's cybersecurity strategy and improving inter-agency, cross-sector coordination to reduce the likelihood and severity of cyber-attacks. Cal-CSIC will work closely with DHS's National Cybersecurity and Communications Integration Center with the aim to facilitate a more integrated approach to cyberthreat information sharing. >
In the interview, Weatherford:
- Questions why Brown, in issuing the executive order that establishes the integration center, decided to locate the center in the Office of Emergency Services rather than the Department of Technology, which is headed by the state CIO;
- Explains why few other states have set up cyberthreat information sharing centers; and
- Discusses the challenges states face in finding skilled technologists and analysts to staff cybersecurity integration centers.
Weatherford is a principal at the security consultancy The Chertoff Group and advises clients on cybersecurity and risk management matters. He's a founding member of the CyberCalifornia Board of Advisers. Weatherford is the former state CISO of California and Colorado and served as vice president and chief security officer at the North American Electricity Reliability Corp. before joining DHS as deputy undersecretary for cybersecurity. A retired Navy captain and cryptologic officer, Weatherford led the Navy's computer network defense operations and Naval Computer Incident Response Team.