IE11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Who Are the 'Four Amigos' of California Cyberdefense?

At the Techwire Insider Industry Briefing held Wednesday, state Chief Information Security Officer Peter Liebert spoke on work being done to create a new Security Operations Center and the agencies involved in the initiative, referred to by officials as the “four amigos.”

The California Department of Technology (CDT) is making moves to develop a Security Operations Center (SOC) in partnership with the Office of Emergency Services’ California Cybersecurity Integration Center (Cal-CSIC), Military Department and California Highway Patrol.

At the Techwire Insider Industry Briefing last week, state Chief Information Security Officer Peter Liebert spoke about the work being done to create the SOC and the agencies involved in the initiative, referred to by officials as the “four amigos.”

Each agency has its own wheelhouse in terms of cyber, according to Liebert. Under government code, CHP has the authority to go out and conduct investigations in events where a state agency is victimized. While patrol is charged with the enforcement, CDT runs network analysis, Cal-CSIC facilitates interagency communication and the Military Department primarily manages assessment services necessary to support critical network infrastructure. Liebert explained how each of these agency functions will integrate with the SOC.

“The vast majority of the traffic that’s traveling on our state networks comes through [the CDT] building,” Liebert said. “It only makes sense that we centralize protection and analysis as much as possible to utilize that central gateway aspect and provide value from a 24/7 SOC that will be looking at malicious traffic, analyzing that traffic and then responding accordingly.”

CDT will focus on the data that comes across the state network and work with Cal-CSIC, which will act at the primary coordinating body. If a threat is found as CDT oversees detection and analysis, the Cal-CSIC will be brought in to organize response. In order to ensure that the “hand-in-hand” relationship between the agencies continues, Liebert said there will be a representative from CDT in the Cal-CSIC SOC on a 24/7 basis.

The "four amigos" have been meeting multiple times a week to determine the procedures they will use to tackle potential network hazards and issues. Liebert said the goal is to develop a comprehensive communications plan that will show how managing an event escalates, starting from either third-party notifications or a customer agency, all the way up to the Governor’s Office if necessary. 

Liebert highlighted an upcoming bid opportunity for vendors related to building the center. Although he couldn't give a precise date for when the bid would be issued, Liebert said it would involve establishing interoperability between all the SOC’s functions. State Deputy CIO Chris Cruz, another speaker at the event, also said CDT will be integrating the state data center into the Cal-CSIC program as part of standing up the SOC. He noted that there will likely be a solicitation issued in the future to assist in transition planning for the data center.

Maggie Cabrey is a staff writer for Techwire.