The Indiana Office of Technology (IOT) partnered with Purdue University and Indiana University (IU) to create an unprecedented and unique agreement to provide cybersecurity assessments for local governments across the state. Under the arrangement, Purdue’s cyberTAP and IU’s Center for Applied Cybersecurity Research (CACR) staff and students will analyze the cybersecurity posture of local government entities and provide a blueprint on how they can further secure their environments.
“Indiana is home to some of the most highly-regarded universities in the world and through a partnership we will be able to utilize their skills and talent to assess and secure potential vulnerabilities across all sections of government,” said Governor Eric J. Holcomb. “This is a collaboration that brings together research, technologies and the experts necessary to quickly assess and adapt necessary cybersecurity measures for a safer tomorrow.”
Purdue University and Indiana University, two of the nation’s leading universities in applied cybersecurity research, have complementary strengths and shared commitments to practical cybersecurity protections and providing cybersecurity assessments. This collaboration is an agreement by all to combine capabilities to help secure the state and local governments.
“Indiana is fortunate to have a robust higher education system that is focused on research, practical application and education. This project is a first-of-its-kind partnership and is a tremendous benefit to local government and the state as a whole,” IOT CIO Tracy Barnes said. “Local governments collaborate with the state in various ways, and the computer systems are intertwined. A vulnerability on either side leaves the other at risk. We have invested heavily in protecting state systems, and now this is an opportunity for local government to see definitive steps toward improvement for its systems.”
The agreement funds both universities to develop and conduct a cybersecurity assessment methodology for local government that incorporates evaluations from the Trusted CI, CIS and NIST frameworks. Overseen by IOT, the universities will complete at least 342 assessments over the next four years.
The project accomplishes three primary goals: 1) Inform the state’s local government cybersecurity policy and strategy, 2) Inform local cybersecurity priorities, 3) Improve the overall security posture of Indiana.
The project team will be led and resourced by a joint Purdue cyberTAP IU CACR and team of approximately 10 people covering the requisite range of cybersecurity subject matter expertise, assessment development and execution experience, program/project management expertise, and resources to coordinate recruiting.
While professional staff leads the assessments, students will also have opportunities to participate in the project.
“Local governments are an increasingly valuable target for sophisticated adversaries, but they often lack the resources and funding to maintain cyber and information security,” said Mat Trampski, executive director of the Purdue Technical Assistance Program (TAP) and cyberTAP. “That puts the private data we entrust to them at risk, and Purdue cyberTAP is very pleased to participate in this program, which is designed specifically to help safeguard those data and services.”
Purdue cyberTAP is a pioneer in the effort to improve cyber and information security services at the level of local government, a critical task most recently recognized with a grant from the National Centers for Academic Excellence in Cyber within the National Security Agency.
“Local government cybersecurity has implications for all Hoosiers, and it’s about more than technology,” said Craig Jackson, program director for IU’s Center for Applied Cybersecurity Research. “This initiative is about both economic security and physical safety for everyone who relies directly or downstream on local government information and operational technology. CACR’s mission is focused on real-world impact and collaboration. Being a part of this public service effort with IOT leadership, our close partners at Purdue, and public servants around the State is a perfect fit for our capabilities.”
IU CACR will coordinate with IU’s Cybersecurity Risk Management Program and Cybersecurity Clinic to provide assessment experience opportunities for students and Purdue will offer members of the Purdue Cyber Apprenticeship Program opportunities to receive assessment experience as part of this project.
To sign up for information about the program, go to: https://in.accessgov.com/cybersecurity/Forms/Page/cybersecurity/assessment/0
