New Jersey opens recruitment for volunteer cyber corps
After many years of wanting a volunteer corps of cybersecurity experts, New Jersey state officials on Wednesday announced they’ve finally begun recruiting for one.
Michael Geraghty, who’s been serving as New Jersey’s chief information security officer since 2017, said that soon after he started the job that year, he registered a domain name (a .org), in hopes of creating the state cyber corps — “I realized that we needed help, as far as helping others with cybersecurity.” It wasn’t until this year that the corps, and its website, managed to materialize.
New Jersey’s cyber corps will in its first year be grown to a “manageable” size, Geraghty said, and run out of the New Jersey Cybersecurity and Communications Integration Cell, where he serves as director. He said it may eventually grow, but that organizers first want to “make sure we can get this right, because we don’t want to overpromise and underdeliver. That’s things we do poorly in government everywhere.”
The corps, officially titled the New Jersey Civilian Cyber Resilience Corps, will run under the authority of a domestic security task force in the state’s Office of Homeland Security and Preparedness. The corps’ unpaid volunteers, a press release says, “may be deployed to assist organizations with preparedness, response, and recovery activities as needed.”
A handful of other states, including Ohio and Wisconsin, run their own volunteer cybersecurity corps, primarily to lend aid when responding to cyberattacks or other urgent incidents requiring specialized expertise. Michigan’s MiCyberCorps has, since its start in 2016, grown to more than 60 members. They were required to pass criminal background screenings and knowledge tests, and have at least two years’ experience in information security. They conduct cybersecurity assessments and respond to IT emergencies at public agencies across the state.
While incident response is part of the New Jersey corps’ mandate, Geraghty said he wants the emphasis to be on prevention.
“I wanted to be a first-preventer, to do things before we have to respond,” he said. “If we can make ourselves a harder target, that means less work for everybody. And as they say, it’s easier to keep Humpty Dumpty on the wall than to put him back together again.”
It’s rare to find a state where its chief executive and lawmakers haven’t made cybersecurity a greater priority in recent years. Concepts like two-factor authentication and ransomware have long since emerged from obscurity in the public sector. But even before the backdrop of rising technological sophistication, New Jersey’s state government enjoyed status as being security-minded. Geraghty said it might have something to do with New Jersey being the nation’s most densely populated state, a highly digitally connected state or that it’s a state housing so much critical infrastructure — from gas pipelines and railways to chemical plants.
Like many state governments, New Jersey has in recent years begun deploying more resources to assist smaller governments and public-sector agencies within its borders, such as school districts, sheriff’s offices and local governments. And, as in other states, New Jersey has pursued this effort, often called “whole of state” cybersecurity, with the financial support of the federal government, drawing on programs like the State and Local Cybersecurity Grant Program and the Homeland Security Grant Program. With New Jersey’s density and high level of connectivity in mind, Geraghty said the corps is a chance to remediate even more of the state’s sensitive cyber shortcomings.
“[The corps] was really to go after a true whole of state, rather than just say we’re whole of state and we only do government things,” he said, “We want to work with those community organizations, food pantries, local health clinics, so that we can provide them cybersecurity services, as well.”
New Jersey may be advancing cautiously, but having delayed the project for so many years, Geraghty’s ambitions for the corps might also be fueled by a sense of lost time, and of its potential.
“As we do something good for one organization,” he said, “word of mouth will expand the demand.”
