The California Department of Technology’s cybersecurity center is scheduled this month to begin operating around the clock, providing the state with an added layer of defense against malicious hackers eyeing the state network for vulnerabilities.
The shift to a 24-hour, seven-day-a week set up comes just three months after the launch of the Security Operations Center (SOC) and positions IT experts in one place tasked with constantly monitoring the Internet traffic of about 100 state agencies, departments and other state entities.
“By having a centralized SOC looking at network traffic, we look at the front gate,” state Chief Information Security Officer Peter Liebert told Techwire in an interview Wednesday. “We’re the gatekeepers. We can provide that 24/7 monitoring.”
Launched in July, the Security Operations Center monitors network traffic for roughly two-thirds of the state’s departments, agencies, boards and commissions — any entity that uses the California Government Enterprise Network, otherwise known as CGEN.
The staff of 15 — six of whom are active military — specifically monitors the three ingress and egress points that connect users to the state’s network. These so-called pipes, Liebert said, are the key access points for a potential cyberattacker to try to get information into or out of the state network. They watch for suspect IP addresses and flag suspicious Internet activity.
“If someone bad is trying to get in, they would have to go through one of those three pipes,” Liebert said. “On a daily basis, CDT blocks millions of scans and attacks which target the state network looking for weaknesses and vulnerabilities.”
The SOC is also tasked with providing state customers resolutions to new threats — a service that the California Department of Technology provided in the past, but on a limited basis during working eight-hour shifts. So, for example, when threat reports are issued by the U.S. Department of Homeland Security or other entities, the SOC can respond and patch up any state vulnerabilities.
It also works with the California Cybersecurity Integration Center (Cal-CSIC), which Gov. Jerry Brown created in 2015, to analyze and share cyberthreat information across the state. As alerts come into the Technology Department’s security center, it can pass them along to Cal-CSIC at the Office of Emergency Services to share — part of an effort to have a coordinated state approach to cybersecurity rather than siloed efforts at dozens of different agencies.
“You have islands of excellence, 140 different state entities, 140 different levels of security that are out there, different levels of expertise and different levels of funding,” Liebert said of the state. “If you have weak links in that chain, that can become a problem.”
Liebert, who joined the Department of Technology in November, came to the role of chief information security officer with experience in cybersecurity analysis and positions at the United States Cyber Command, Department of Defense and the U.S. Navy. He was most recently a senior product manager for FireEye and a threat assessment manager for the company.
And he said he’s pulled from the private sector to ensure the state has the capabilities it needs, such as private intrusion protection and intrusion detection systems, a security event management system and a workflow platform that brings in third-party intelligence.
The cost of the state’s new security operations center — the equipment and staff that operate out of the state data center in Rancho Cordova — is not public and Liebert declined to disclose the center’s budget, saying the department charges its state customers for the services it provides.
Liebert’s vision for the SOC is to ensure that all state entities — whether they use the state network or not — communicate and have a strong cyberdefense.
“By 2020, I want to have 100 percent visibility across the state,” Liebert said. “That means everybody talking to each other. Everybody needs to have a system of defense. There should be no island.”
This story was updated to clarify the number of cyberthreats the state faces daily.