The state transportation department requested $4 million toward the overhaul late last year and "received all of the funding that we requested," Caltrans CISO Karl Koppertold Techwire in an interview.
The funding will cover hardware, software and consulting services.
"We selected consulting contracts to help us address the areas that we determined to be the most critical, based on the cybersecurity framework published by the state, and deep technical knowledge in different verticals within those areas," Kopper said. The framework is the "risk-based approach to cybersecurity" presented in the California Department of Technology's Statewide Information Management Manual, released in October.
The roadmap has been divided into 11 projects to address six concerns highlighted in the CDT's framework, including:
- Endpoint security
- Data security
- Access management
- Network security
- Security analytics
- Contingency management
"We have hardware and software procurements that have taken place or are taking place for some of these efforts. With those additional positions, we will be moving forward with those projects, even out ahead of any consulting engagement," Kopper said. "At a hardware, software procurement level, they are all in flight."
Phase 1 of the project, including "the most high-risk, critical vulnerability areas," should be complete by mid-2018.
Caltrans spokeswoman Angela DaPrato told Techwire: "At each step, they are trying to make sure they accomplish their goals. Once they complete that first phase, they will be looking at the next phase."
The department plans to continue working with the CDT's Security Operations Center when it is functioning.
