Information sharing at machine speed
The California Cybersecurity Integration Center (Cal-CSIC), launched in 2016, was tasked with strengthening the state’s cybersecurity strategy and improving inter-agency, cross-sector coordination, as well as well as facilitating more integrated information sharing and communication across various public and private entities across the state.
Deloitte starting working with the Cal-CSIC on phase one of the project, which lasted four months. Priorities for the initial phase were helping the new organization conduct a gap assessment across security capabilities, design the program’s framework, and define the program development strategy and target state. Deloitte then recommended the implementation of an automated information sharing program, which began six months after the close of phase one.
Deloitte conducted interviews with 22 information security officers across the state, helping Deloitte and the Cal-CSIC identify critical business requirements for the organization and to recognize specific challenges. Because the Cal-CSIC’s processes and technologies would take time to reach maturity, Deloitte recommended a six-month pilot program.
Implementation of the information sharing program included automating the information sharing life cycle to enable Cal-CSIC and its partners to accomplish more with fewer resources. Deloitte helped the Cal-CSIC enhance the utility of the partner agencies’ SIEM tools and defined 20 foundational cyber threat detection use cases that each partner entity would be expected to implement.
Upon completion of the pilot, Deloitte brought together the partners and the Cal-CSIC stakeholders to identify and document opportunities to streamline onboarding and integration of the next cohort.
Working side by side, the Cal-CSIC, partner agencies, and Deloitte were able to:
- Identify and procure the appropriate technologies for a threat intelligence management platform and a cybersecurity event reporting platform to aggregate partners’ security events
- Onboard three pilot partners
- Deploy both platforms within the Cal-CSIC and at each of the partner agencies
- Integrate intelligence sources into the threat management platform from private sector intelligence sources, federal government intelligence sources, and industry threat-sharing entities
- Implement 20 threat detection security use cases in the SIEM technologies used by the partners
- Develop dashboard requirements for analyzing collected data
- Document all the Cal-CSIC processes for partner onboarding to drive efficiency across future partner engagements
- Build a governance model to drive decision making and support faster issue resolution
The Cal-CSIC has now grown to a team of 10 members. After the initial three pilot partners, three more partner agencies have been onboarded and 10 others are on deck, including a major utility and a bank. Onboarding time for partner agencies has been reduced from three-to-four months down to about two months.
Leadership now receives regular updates on cyber threats facing the State of California. The Cal-CSIC has been able to identify many phishing and ransomware attacks against partner agencies and, in some cases, prevent incidents from spreading.
Get answers to your questions about anything Kinetic.