The day of meetings had yet to end and already Traci Marques was sending emails to the Pikes Peak Small Business Development Center to inform the organization about the free resources the Department of Homeland Security offers to bolster cybersecurity capabilities.
Marques, customer service and community relations director at the Pikes Peak Workforce Center, is part of the Colorado Springs Chamber of Commerce & EDC’s D.C. Fly-In contingent. This year’s trip to the nation’s capital allows representatives from various industries and governmental entities from the Pikes Peak region the opportunity to meet experts as part of military, infrastructure, economic development and cybersecurity tracks.
Yesterday’s cybersecurity group had the opportunity to visit the National Cybersecurity Center of Excellence & National Institute of Standards and Technology in Rockville, Md., before traveling to Arlington, Va., for a discussion with representatives from the Department of Homeland Security.
The other NCC
At the NCCoE, Kevin Stine, applied cybersecurity division chief at NIST, provided an overview of the center’s mission and capabilities.
“Broadly speaking, our mission is to develop and apply standards, guides and practices and bring in measurement science to help organizations manage cybersecurity risks in the context of their missions and business objectives,” Stine told the group. “Whether you’re a federal agency, state or local government, academic institution or a business of any shape or size in any industry, you likely have some technology with some sort of cybersecurity risk or consideration to make.”
Stine explained that the center allows collaboration between sectors to address cybersecurity issues in business. The public-private partnership is meant to enable practical cybersecurity solutions for specific industries, to include finance, health care and energy.
“Through consortia under Cooperative Research and Development Agreements, including technology partners — from Fortune 50 market leaders to smaller companies specializing in IT security — the NCCoE applies standards and best practices to develop modular, easily adaptable example cybersecurity solutions using commercially available technology,” the center’s website said. “The NCCoE documents these example solutions in the NIST Special Publication 1800 series, which maps capabilities to the NIST Cyber Security Framework and details the steps needed for another entity to recreate the example solution.”
Following a tour of the NCCoE, members of the cybersecurity track made comparisons to the fledgling National Cybersecurity Center in Colorado Springs.
Mark Seglem, head of Colorado Technical University in Colorado and the trip’s cybersecurity track lead, pointed out that, while the NCCoE works with businesses to find cybersecurity solutions, the organization differs from its counterpart in Colorado Springs in that it doesn’t offer a rapid response center to deal with cyber crises and is less involved in the educational aspects of cybersecurity.
Department of Homeland Security
The group’s meeting with DHS primarily revolved around information sharing, assessments and educational support offered through the department.
DHS shares intelligence products to protect networks within the private sector, as well as state, local and tribal entities, and the organization partners with other government agencies to aggregate indicators (IP addresses and other threat intelligence and tactical programs) and that information is available through a Multi-state Information Sharing Analysis Center, which can be accessed for free.
DHS also offers assessments to small and mid-sized businesses for free via a question-based web tool (cyber resilience reviews) that provides a report on cybersecurity capabilities and exposes gaps. Cybersecurity advisers are also available to administer the review for free.
Princess Young, program manager for the National Awareness Programs in the Cybersecurity Education and Awareness branch of the DHS’s office of Cybersecurity Communications, discussed how the department is facilitating a cybersecurity workforce.
“One of the biggest stats we promote is that by 2020, there will be a cybersecurity career gap of 1.8 million [workers],” Young said. “That’s a problem for you guys. You need the support and we need you guys in Colorado Springs to be well ramped up in your cyber efforts.”
Young said one of the most powerful tools to address that gap is the National Cybersecurity Framework, a recent NIST special publication that can be found at niccs.us-cert.gov.
“We looked at cybersecurity professionals who were in academia, the private sector and public sector in state and local governments and even non-profit organizations and asked how they define their cyber employees. They all call their employees something different.”
Young said it was important to create common lexicon so a student majoring in cybersecurity can be sure they are gaining the appropriate skills for their career track.
“And how do we make sure the employer is seeking the right person?” she asked. “The framework has gone through many iterations and is a living document, so you’ll continue to see it evolving as the field evolves.”
‘A great day’
“What a great day for Colorado Springs to bring together folks from government, our universities and private industry,” Seglem said. “Talking with folks who are at the federal and national levels of cybersecurity is a fantastic opportunity.”
Seglem said the reception his group received “reveals how appreciative [the presenters] were for us being here and, what it really says, is how engaged Colorado Springs is in cybersecurity and to me, cements our position in that arena.”
From the university side, Seglem said the meeting provided “the ability to build important relationships with important partners in furthering the sharing of cyber security information and making sure [Colorado Springs] stays relevant in cybersecurity, which is such a fast-growing sector.”
Marques said DHS’s standardized job descriptions and framework is key for the Pikes Peak region because businesses have different definitions of what a cybersecurity professional does, “so having access to that data will be very helpful to the small businesses in our community.
“I think the resources we learned about today are huge assets to bring back to the community and coordinate with the different organizations we work with,” she said.
Cyber track participant and El Paso County Commissioner Stan VanderWerf was equally enthusiastic.
“We have a great cyber community in Colorado Springs with more than 100 [affiliated] companies. It’s a robust and growing new industry.
“I’m looking forward to the success of the National Cybersecurity Center and am very hopeful they’ll provide many outstanding services on the commercial side for cyber protection,” he said.
VanderWerf touted Catalyst Campus and its Specially Compartmented Information Facility, which is available for small cyber companies to use to bid on classified programs.
He also pointed to the Air Force Academy’s Cyberworx program as “an outstanding new capability in the Colorado Springs area that deals with rapid prototyping services that is going to be helpful locally, regionally and ultimately at the national level.
“If there are any federal agencies or state agencies that want to work with the Air Force Academy, they would ultimately have access to a lot of the cyber industry in Colorado Springs.”