The California Department of Technology (CDT) launched California’s first-ever Security Operations Center (SOC) within the Office of Information Security (OIS) at the beginning of Fiscal Year 2017. The CDT SOC is tasked as a major player in providing the protection against, detection of, and response to malicious activity targeting the California Government Enterprise Network (CGEN – which is the Statewide WAN) as well as IT systems owned and/or managed by CDT.
The CDT SOC is intended to be a 24/7 365 day/year operation that is constantly monitoring for malicious activity and is staffed utilizing a unique model. The SOC is operated by a team of both State civil service staff as well as State active duty staff from the California Military Department. As is widely known, acquiring and retaining IT security specialists is difficult due to the vast shortage of individuals with these skills and this innovative model allows for tapping multiple sources for those skills.
The CDT SOC is being implemented in a four phase, two year approach: 1) the initial standup of the SOC with a focus on innovative protection/detection of the CGEN network; 2) expansion of that protection/detection focus to cover the IT assets owned and/or managed by CDT; 3) implementation of a pilot program with a partnering State entity who utilizes the SOC to monitor that entity’s IT assets; 4) expansion of that pilot to other State entities who choose to opt in to those services.
The CDT SOC is also partnering with the California Cyber Security Integration Center (Cal-CSIC) which has a mission to provide curated IT threat intelligence as well as large scale IT incident response to State and local government and beyond. The CDT SOC interacts with Cal-CSIC to exchange valuable IT threat intelligence as well as supporting the Cal-CSIC incident response mission as needed.
CDT is proud of this new and critically beneficial capability as it is believed to be one of the few SOCs of its type in state government within the United States. CDT is looking forward to expanding the CDT SOC’s role and scope to reap increasing security benefits for the State and its constituents as we mature this operation.