A North Dakota-led interstate cybersecurity operations center years in the making is finally nearing its launch, officials told StateScoop.
North Dakota Chief Information Security Officer Michael Gregg said his technology department expects to announce news on the project — which would, at a minimum, also involve neighboring Montana and South Dakota — by the end of the first quarter of the year. Gregg said North Dakota is also currently in talks with other states to participate in what would be the first state-led information-sharing organization of its kind.
In 2019, North Dakota Chief Information Officer Shawn Riley described the then-nascent project as an apolitical organization that would allow states to quickly share information related to cyberthreats. Riley said such an organization is imperative because he believes states acting alone are “screwed.”
Gregg said the new security operations center, an organizational structure found within many individual state governments, would allow states to understand and respond to threats more quickly.
“Really what this is about is taking those indicators of compromise we see and sharing those out,” Gregg said. “So as an example, if I see phishing attacks coming in from a specific domain or IP address and I can share that with the others, then they also have that intel. Or if they’re getting hit with that, odds are I’m going to see it coming in from the same threat actor.”
In North Dakota, the center was made possible by changes last year to the duties and powers of the state technology department. The changes permit North Dakota to work with other states and local governments on the “reciprocal exchange of resources or services for mutual benefit” when responding to “active” cybersecurity incidents.
Gregg said the latest work on the project involved standardizing the state’s database of threats using a common industry framework called the Vocabulary for Event Recording and Incident Sharing. Using common terms will help states coordinate with each other and compare their organizations to public reports like Verizon’s annual Data Breach Investigation Report, he said.
States and local governments sometimes share other technology resources, such as server space, mainframe computing power and disaster recovery capabilities, but officials in North Dakota said this center would be the first time a state-led center involved other states. And Gregg said that although North Dakota started the project, it would be governed by all states that choose to join the consortium.