California Technology Agency

The Tech Blog

Mark Weatherford Blog

Mark Weatherford
Director and Chief Information Security Officer
Office of Information Security
Office of the State Chief Information Officer



Office of Information Security receives $3.69M in DHS Grant Funding

MARK WEATHERFORD: At a press conference yesterday, CalEMA Secretary Matt Bettenhausen announced that the Office of Information Security was being awarded Department of Homeland Security grants totaling almost $4,000,000.  The two cyber security projects funded by this grant are the “State Enterprise Cyber Security Risk Assessment Program” and the “Secure Domain Name System Project.”

The State Enterprise Cyber Security Risk Assessment Program will result in implementation of a standardized, cross-agency risk assessment framework for all mission-critical systems across all state agencies and is directly in line with the State CIO’s goals of streamlining IT operations within the state.  The risk assessment methodology will leverage standards developed by the National Institute of Standards and Technology (NIST) to identify and manage risks across the enterprise and decrease the siloed operations currently employed in California’s decentralized IT environment.  This standardized framework will also provide better reporting of common metrics resulting in better decision making capabilities and more transparency to executive leadership, legislators, and the public.  The $2,337,000.00 in DHS grant funds will go directly to development of the enterprise program including policy development, IT risk assessment hardware and software, a web platform, and training for Information Security Officers across state government.

The Secure Domain Name System (DNS) Project will address the significant vulnerabilities associated with DNS by upgrading the current infrastructure to Domain Name System Security Extensions (DNSSEC) which includes a Public Key Infrastructure (PKI) for authentication and digital signatures for secure DNS transactions.  DNS is a distributed database that is critical for the operation of Internet communications and operational services for California State and Local governments.  DNS data integrity and source authentication is critical to maintaining system operation and guarding against common cyber hacker attacks.  This Secure DNS project will align California state government with federal .gov security objectives and establish trustworthy and reliable e-government throughout state agency/county/city communications and operations.  The$1,353,000.00 Secure DNS project funding will include development of the overall plan to include gap assessments and remediation, expert DNSSEC support services, establishment of a PKI framework, and training for DNS Administrators across state government.

We are extremely pleased to receive this funding and look forward to enhancing the state’s information security posture across the enterprise.