Vol. 3 No. 2 (2016)
Journal of The Colloquium for Information Systems Security Education
A Study of State Cybersecurity Capabilities for Local and Regional Collaboration
From the beginning, cross-sector collaboration - academia, government, industry - has been the hallmark of The Colloquium for Information Systems Security Education (CISSE) and is enshrined in its logo. Begun as the National Colloquium for Information Systems Security Education (NCISSE) in 1996, the organization was founded to provide a forum for cybersecurity dialogue among leaders from government, industry, and academia. In June 2002, NCISSE became The Colloquium for Information Systems Security Education (CISSE) or more simply--The Colloquium - when its mission expanded to include international participation.
While the focus of CISSE in the United States has been at the Federal level, providing support for educators, endorsing national curriculum standards, sharing best practices, encouraging the creation of NSA/DHS Centers for Academic Excellence (CAEs) in Information Assurance Education (CAE-IAD) and Research (CAE-R), there is an expanding role for CISSE emerging at the state and local level. Recently, this has been reflected in the development of cross-sector collaborations within states and regions for cyber incident preparedness and response.
In the event of a catastrophic event that would disrupt Internet-connected critical infrastructure, the effects will be felt locally and the response, likewise, will be at the local level, in collaboration with the appropriate Federal agencies. In this endeavor, academic institutions offer a neutral environment to convene the appropriate cross-sector participants who can plan for preparedness and assume roles in the event of a necessary response.
Example: Regional Economic Cyber Analysis Platform (RECAP) in Washington State
An example of a successful state-wide, cross-sector collaboration is the Regional Economic Cyber Analysis Platform (RECAP) (aka Public Regional Information Security Event Management, or PRISEM). This is a unique DHS-funded service which aggregates and processes cybersecurity alerts and extends cyber situational awareness over the greater Puget Sound area. RECAP is an operational partnership among the City of Seattle, the University of Washington's Center for Information Assurance and Cybersecurity (CIAC), a CAE-IAD and CAE-R, and the Dept. of Homeland Security, along with local governments, maritime ports and several local and public organizations that manage critical infrastructure systems.
While these local institutions are not resourced for the type of monitoring that detects modern attacks, impacts they sustain from cyberattack will have significant effects on the regional economy as a whole, as well as the Nation. This was the motivation for creating RECAP. In a proof-of-concept, RECAP has achieved real-time, cross-organizational, cross-sector data sharing, overcoming the legal impediments that make such sharing so difficult. RECAP collaborators are now mentoring replication to other regions, working with several states to establish similar collaborations that are being adapted to reflect the unique local institutions in each.
In each instance of replication, the local academic institutions provide a key forum for convening the proposed participants. Receptivity of each potential state to re-creating such a capability is correlated to the cyber awareness and readiness of each state and the availability of an interested and well-established CAE. For that reason, the editors of this volume have aggregated data reflecting the CAEs and cyber-readiness of each state in order to serve as a guide for those implementing this and similar local projects. CISSE, as the publisher of this information, is embracing local preparedness as an expansion of the services they can provide its membership of over 200 academic institutions.
A white paper entitled: Cyber Public Private Partnership ICS/SCADA and Critical Infrastructure Protection Strategic Vision follows that describes insight into a project spawned from RECAP. It's shared as an example of the types of projects that may be possible in your state or region. The table by state describes resources within your state that could be deployed on your projects.
Please note: It is the intent of the CISSE editors to update this volume on a regular basis and encourages its CAE membership to review information on their, respective, states/CAEs reflected in this volume and offer updates, corrections and further insights.
Editor of this Special Edition of CISSE Journal
Barbara Endicott-Popovsky, Ph.D.
Volodymyr Lysenko, Ph.D.
Justin Brecese, Casey Rodgers, Morgan Zantua