Connecting state and local government leaders

How States Can Improve Cyber Threat Intelligence Sharing With the Feds

Virginia Gov. Terry McAuliffe sees an opportunity in community colleges to double his state's cyber ranks while growing its workforce.

Virginia Gov. Terry McAuliffe sees an opportunity in community colleges to double his state's cyber ranks while growing its workforce. Steve Helber / AP Photo


Connecting state and local government leaders

Virginia has taken a number of steps to boost interoperability with federal agencies: consolidating network infrastructure, investing in fusion centers and filling its cyber workforce gap with community college grads.

WASHINGTON — State agencies must consistently improve interoperability with each other and the federal government to secure against cyber threats. Intelligence sharing is critical to that defense.

For instance, the Virginia Information Technologies Agency wants to enhance its already good working relationship with the FBI and U.S. Department of Homeland Security to speed up information sharing.

In 2005, Virginia consolidated its network infrastructure under VITA to better monitor statewide threats and protect constituent services provided by various departments from Transportation to Motor Vehicles to Social Services.

"That’s really where the rubber meets the road is getting [intelligence] down, in my case, to 89 state-level agencies,” said Nelson Moe, VITA chief information officer, during the Threat Intelligence Sharing panel discussion Thursday at the 2016 Akamai Government Forum in the nation’s capital.

Panelists stressed the importance of developing a common lexicon making it easier for agencies to incorporate each other’s data and automate information sharing.

The FBI’s National Cyber Investigative Joint Task Force functions as a domestic cyber analytics hub for federal, state and local agencies—disseminating actionable information to disrupt attacks before they occur. But Director Donald Freese, another panelist, admitted the decentralized nature of intelligence sharing was a pain point in the process.

That’s not to say the federal government hasn’t had successes. The Office of the Director of National Intelligence worked with agencies like DHS to create portals training state and local public safety agencies on cyber threats like hacktivism and doxxing. A National Network of Fusion Centers was also built out by the partnership for real-time information sharing between federal, state and local governments.

Still, cybercrime thresholds remain higher than agencies’ ability to handle them, said panelist Kshemendra Paul, ODNI Information Sharing Environment program manager.

Brig. Gen. Maria Barrett, the U.S. Cyber Command’s Cyber National Mission Force deputy commander, recommended state and local agencies like utilities join groups like the Information Sharing and Analysis Center.

“Being able to hook those entities, whether its industry or state, into the intelligence community . . .  has gone a long way with that information sharing,” she said.

State agencies are primarily consumers of intelligence, Moe said, and defer to the “big boys,” the feds, as far as interoperability standards—focusing instead on securing constituent applications.

Government agencies can improve in that regard, in part, by training employees to avoid phishing scams to acquire sensitive information and implementing two-factor authentication in lieu of easily hackable passwords. They must also encourage “rational discussions” weighing privacy concerns against security benefits, Freese said.

Other challenges government agencies face include acquiring and retaining cyber talent. While the Cyber National Mission Force’s job description is an exciting one, Barrett conceded the public sector is limited in the incentives it can provide employees.

“And I love that because I need them too,” joked moderator Fran Trentley, Akamai senior director of global security and government services, albeit with a ring of truth.

All levels of government have the responsibility of developing a cyber workforce, panelists agreed, and part of that is proper resourcing.

Virginia is investing in its fusion centers and has the goal of doubling its cyber staff across all agencies, Moe said—Gov. Terry McAuliffe’s ancillary priority being growing the state’s workforce.

“We’re going to try to fill the gap at the community college level and move up,” he said. “If you’ve got kids in high school, try and force them down this way because I’ll guarantee they’ll get a job.”

Dave Nyczepir is a News Editor at Government Executive’s Route Fifty.

NEXT STORY San José Partners With Facebook on Accessible, Gigabit Internet