Iowa will relaunch its cybersecurity operations center in the coming weeks, with 24-hour threat monitoring and heightened support for local governments, interim state Chief Information Officer Matt Behrens told StateScoop.
Though the state already runs a SOC out of an office building in Des Moines, it’s not staffed around-the-clock, said Behrens, who predicted an April launch of the new capabilities.
“[It’s] really going to provide us with continuous monitoring and visibility across the state enterprise with people who can actively respond in the event of a threat in real time,” Behrens said. “So that’s a huge step forward for us as we think about the future and how we want to manage the state’s cybersecurity footprint.”
The new capabilities follow the hire last September of Chief Information Security Officer Shane Dwyer, who was previously CISO of a state agency in Wisconsin. Behrens said the relaunched operations center follows advice from Dwyer on how Iowa could improve its cybersecurity posture. In addition to having constant staffing, Behrens the center is also acquiring new security tools and monitoring capabilities.
The announcement arrives as technology officials around the country watch the Russian invasion of Ukraine, which was followed by an announcement from the Conti ransomware gang that pledged fealty to the Kremlin and promised to retaliate against the infrastructure of any nation that organizes a cyberattack or “war activities” against Russia. (The group later softened its position, but not without referencing “Western warmongering.”) Several state CISOs questioned about Russia did not mention any new threats related to the war, but said they’re staying vigilant.
“Vigilance continues to be important,” Behrens said. “And states are not exempt from being targets as a result of geopolitical activity. We have a responsibility to make sure we’re looking not only at domestic threats but foreign threats, working with our vendors, our partners all across this ecosystem to make sure we’re prepared for when these things can occur. It’s a dynamic landscape and these things are changing and shifting all the time.”
Behrens also said the state has combined its cybersecurity and infrastructure groups because the two are so frequently related. He said this change also prepares the Iowa for upcoming requirements outlined by last year’s $1.2 trillion infrastructure law, including the creation of a multiagency cybersecurity team.
And Iowa, like an increasing number of states, isn’t just seeking to protect the state government. Behrens said the state is also seeking to expand its service offerings to local governments. Iowa already provides some form of cybersecurity service — such as security monitoring or malware detection — to all 99 of its counties, which Behrens said provides a foundation for the state to extend more services and share existing vendor contracts with both county and city governments.
“I think counties are continuing to look at how they evolve and advance some of their activities and practices and they’ve got room to grow,” he said. “So there may be legacy systems, they may not have adopted cloud services yet, they may not have the newest security tools. And so it’s where we want to make sure that we’re helping to provide them with some baseline layers of visibility, but also beginning to share a message about how they can radically improve and transform their IT footprint by consuming regular everyday IT services from us.”