Alabama Gov. Kay Ivey announces state’s first security operations center

The state becomes one of about a dozen that have opened a SOC, creating a "one-stop shop" for cybersecurity resources and talent.
(State of Alabama)
(State of Alabama)

Alabama Gov. Kay Ivey announced the opening of the state’s first cybersecurity operations center, or SOC, on Monday, which officials say will aid in faster detection and response to threats to the state’s networks and data.

“There is such a wide range of uses for our technology in today’s world, which means we must do our part to ensure cybersecurity, especially on our state’s technology system,” Ivey said in a press statement. Ivey joined officials from the state’s Office of Information Technology to unveil the center, which officials told StateScoop has now been operational for about 45 days.

Already since opening, the SOC has “provided 800 million blocks” on the state’s firewalls and four million antivirus blocks for servers and personal computers, according to Ivey’s office.

Alabama joins a group of an estimated 10 to 15 other states that operate their own SOCs, said Brian Calkin, vice president of operations with the Center for Internet Security. The facilities provide a centralized location for monitoring things like log data and, subsequently, can aid in identifying and notifying the relevant agencies more quickly when an incident occurs, he said.


“They really become a one-stop shop for building up talent, building up and focusing resources in a central location that many agencies can leverage,” Calkin said.

He added that having a SOC allows a state to greatly simplify its cybersecurity operations across many agencies.

“It just scales well, so that each agency doesn’t necessarily have to have cybersecurity professionals,” he said. “They’re seeing and responding to threats on a regular basis, so chances are when something comes in they may have already seen it and they may already know how to deal with it, so they’re not trying to reinvent the wheel at the time of the incident.”

A centralized location for cybersecurity management for the state’s 146 agencies is precisely what has been on the state’s wish list for several years, said Ryan Allen, Alabama’s chief information security officer.

“Everybody’s trying to do a good job with cybersecurity but there’s never been a centralized location for monitoring and reporting,” Allen said. “So now that we have this in place, if something happens at one agency anywhere in the state, we want to have that visibility and be able to communicate with other agencies if it’s something we feel can spread.”


Responding to incidents quickly is a critical factor both in reducing downtime and the amount of data that’s compromised by a cyberattack and, by association, the financial cost to an organization. A report published by the Ponemon Institute earlier this year found that the average for any type of organization to identify a breach is 190 days — plus an additional 57 days, on average, to contain the breach.

“Most of the time when you have a big incident people think it just came in in the middle of the night, but really people have been in your network, watching and learning how you do things and use that against you to be more effective,” Allen said.

Allen said the new facility represents a major advancement for the state, which has held cybersecurity awareness and training as a major priority under Ivey. The Republican governor has advanced cybersecurity workforce development and training through various initiatives, from a $10 million contribution to the U.S. Space and Rocket Center’s Cyber Camp last year to a mandate soon after assuming office in April 2017 that all of the state’s some 30,000 employees undergo cybersecurity training.

Along with its new SOC, Alabama also announced a new website designed to educate the public about cybersecurity issues and terminology. And on Oct. 18, OIT will host a cybersecurity briefing at the Alabama State Capitol Auditorium in Montgomery in which speakers from government and industry will share stories and thoughts on the current threat environment.

“If it can happen to Facebook, it can happen to anybody,” Allen said, referencing an announcement by the social media company last week that a security issue had affected 50 million of its users . “I think the training and the teamwork aspect by building a SOC and having a centralized place is our best defense.”

Latest Podcasts