The State of Colorado’s new Chief Information Security Officer (CISO) Ray Yepes is urging all state and local governments (SLGs) to develop a threat intelligence program to stay one step ahead of cyber adversaries.
Yepes – who started his new role on April 25 – said that while many SLGs do not have a threat intelligence program, it is vital for agencies to be “proactive” and know about a cyber threat “before it happens.”
“Most governments, they do not have a threat intelligence program,” Yepes said May 12 during a FedInsider virtual event. “If you do not have a program like that, at least try to outsource it to a vendor. That way, you can be ahead of the game knowing what’s out there, whether or not people can find information – such as somebody selling passwords for the state, for instance – on the ground, and trying to be one step ahead.”
Yepes emphasized the importance of collaboration and partnership when it comes to threat intelligence, which he said is “always key for being one step ahead.”
One example of a state-wide partnership in Colorado, Yepes said, is the Colorado Threat Information Sharing (CTIS) group. Yepes said this group works to “share information among the state and local governments – and even private industry – to improve the coordination and response to cybersecurity intrusions and attacks.”
“We might have all the protection, but with threat intelligence, we’re being proactive – knowing before it happens,” Yepes said. “That’s one of the things that, in my opinion, helps to ensure a response to a cyberattack happens quickly and unified.”
Brian Dennis, principal technologist for the public sector at Akamai, agreed with Yepes and urged state and local governments to not put cybersecurity infrastructure “on the back burner,” because “these threats are going to continue.”
“Every state really needs to begin focusing on these international threats as they begin to grow,” Dennis said during the event. “There’s a lot of hard decisions coming in the next few years for states that are going to have to figure out how to allocate the right dollar to make sure that everything that they’re trying to protect is considered an asset and is protected well.”