North Dakota’s interstate cyber operations center expands to 10 states

State CISO Michael Gregg said the North Dakota-led interstate cyber operations center could grow to 15 states by the end of the year.
U.S. Map
(Getty Images)

The interstate cybersecurity operations center that North Dakota officials launched last year recently expanded again and now features participation from 10 states, with plans to add at least five more before the end of the year.

Michael Gregg, North Dakota’s chief information security officer, told StateScoop on Thursday that the Joint Cybersecurity Operations Command Center has allowed IT and cyber officials from member states to share threat intelligence with each other directly, without an intermediary like a federal agency or the Multi-State Information Sharing and Analysis Center.

“There’s real benefit in getting the states to talk to each other,” he said. “If we’re being targeted, the odds are another state is being targeted too. We share the same types of applications and services.”

The center launched only with the inclusion of North Dakota’s neighbors in Montana and South Dakota, which Gregg said was the result of a law that only allowed state agencies to collaborate with their counterparts in bordering states. That law was overturned, he said, allowing the interstate cyber operations center to expand nationwide.


“There’s real benefit in getting the states to talk to each other.”

Michael Gregg, North Dakota’s chief information security officer

Gregg declined to name which states have been added in recent months, but he said the list includes states on the East and West coasts in addition to other parts of the Midwest. He also said the expanded membership has allowed the center to convene multi-state tabletop exercises, which he called a first for North Dakota and its partners.

“What we did was make these teams up of multiple members from different states,” he said. “This allowed individuals to talk together. We got a lot of lessons learned out of this to increase our cyber services and decrease our response time.”

Members of the operations center are also continuing to build out their database of threats, incidents and indicators of compromise, following a model established by the annual Data Breach Investigations Report published by Verizon.

“We’re tagging all the information that’s shared in our threat environment,” Gregg said. “We can share national standards with what’s used in private industry.”


Gregg said that by the end of the year, he expects to have 30% of states involved with the interstate cyber operations center, recruiting another five to the group that’s already joined. “Generally what we do through various events, we reach out to other CISOs,” he said. “Those that want to join, we try to onboard those and bring them into the process and look for the next one.”

Gregg also said he’s hopeful the $1 billion federal cybersecurity grant program created by last year’s Infrastructure Investment and Jobs Act will be available to interstate programs when the Department of Homeland Security publishes its long-awaited guidelines, possibly at the end of this month.

“Hopefully there are opportunities to work with other states,” Gregg said. “We want to work with other states for cost savings and have more joint exercises.”

Latest Podcasts