INDIANAPOLIS (Oct. 19, 2022) – Today, the Indiana Office of Technology (IOT) partnered with Purdue University and Indiana University (IU) to create an unprecedented and unique agreement to provide cybersecurity assessments for local governments across the state. Under the arrangement, Purdue’s cyberTAP and IU’s Center for Applied Cybersecurity Research (CACR) staff and students will analyze the cybersecurity posture of local government entities and provide a blueprint on how they can further secure their environments.
“Indiana is home to some of the most highly-regarded universities in the world and through a partnership we will be able to utilize their skills and talent to assess and secure potential vulnerabilities across all sections of government,” said Governor Eric J. Holcomb. “This is a collaboration that brings together research, technologies and the experts necessary to quickly assess and adapt necessary cybersecurity measures for a safer tomorrow.”
This initiative is about both economic security and physical safety for everyone who relies directly or downstream on local government information and operational technology
Craig Jackson, deputy program director for IU’s Center for Applied Cybersecurity Research
Purdue University and Indiana University, two of the nation’s leading universities in applied cybersecurity research, have complementary strengths and shared commitments to practical cybersecurity protections and providing cybersecurity assessments. This collaboration is an agreement by all to combine capabilities to help secure the state and local governments.
“Indiana is fortunate to have a robust higher education system that is focused on research, practical application and education. This project is a first-of-its-kind partnership and is a tremendous benefit to local government and the state as a whole,” IOT CIO Tracy Barnes said. “Local governments collaborate with the state in various ways, and the computer systems are intertwined. A vulnerability on either side leaves the other at risk. We have invested heavily in protecting state systems, and now this is an opportunity for local government to see definitive steps toward improvement for its systems.”
The agreement funds both universities to develop and conduct a cybersecurity assessment methodology for local government that incorporates evaluations from the Trusted CI, CIS and NIST frameworks. Overseen by IOT, the universities will complete at least 342 assessments over the next four years.
The project accomplishes three primary goals: 1) Inform the state’s local government cybersecurity policy and strategy, 2) Inform local cybersecurity priorities, 3) Improve the overall security posture of Indiana.
The project team will be led and resourced by a joint Purdue cyberTAP, IU CACR and a team of approximately 10 people covering the requisite range of cybersecurity subject matter expertise, assessment development and execution experience, program/project management expertise, and resources to coordinate recruiting.
While professional staff leads the assessments, students will also have opportunities to participate in the project.
“Local governments are an increasingly valuable target for sophisticated adversaries, but they often lack the resources and funding to maintain cyber and information security,” said Mat Trampski, executive director of the Purdue Technical Assistant Program (TAP) and cyberTAP. “That puts the private data we entrust to them at risk, and Purdue cyberTAP is very pleased to participate in this program, which is designed specifically to help safeguard those data and services.”
Purdue cyberTAP is a pioneer in the effort to improve cyber and information security services at the level of local government, a critical task most recently recognized with a grant from the National Centers for Academic Excellence in Cyber within the National Security Agency.
“Local government cybersecurity has implications for all Hoosiers, and it’s about more than technology,” said Craig Jackson, deputy program director for IU’s Center for Applied Cybersecurity Research. “This initiative is about both economic security and physical safety for everyone who relies directly or downstream on local government information and operational technology. CACR’s mission is focused on real-world impact and collaboration. Being a part of this public service effort with IOT leadership, our close partners at Purdue, and public servants around the State is a perfect fit for our capabilities.”
IU CACR will coordinate with IU’s Cybersecurity Risk Management Program and Cybersecurity Clinic to provide assessment experience opportunities for students and Purdue will offer members of the Purdue Cyber Apprenticeship Program opportunities to receive assessment experience as part of this project.
Local governments who wish to receive an assessment may fill out the following application.
Indiana University: April Toler
Executive Director of Communications Office of the Vice President for Research
Purdue University: Mary Martialay
Senior Science Writer
Indiana Office of Technology: Graig Lubsen
Director of Communications and External Affairs
About the Center for Applied Cybersecurity Research:
The Indiana University Center for Applied Cybersecurity Research (CACR) provides leadership in applied cybersecurity technology, education, and policy by identifying and addressing cybersecurity problems facing public and private communities, while inviting collaboration to foster innovation and creativity. CACR provides a variety of services, assessments, consulting, training, and virtual security teams. CACR is affiliated with the Indiana University Pervasive Technology Institute and is a member of the Indiana University cybersecurity community.
As an extension of Purdue University’s Technical Assistance Program (TAP), cyberTAP offers custom-tailored cybersecurity education and cybersecurity services for a wide array of partners to meet the growing demand for cyber services and education. Cybersecurity training programs range from basic theory to hands-on defensive and offensive simulations on the Purdue Cyber Range. Cybersecurity-related professional services include security risk assessments, cybersecurity awareness campaigns, penetration testing, and vulnerability assessments.
About the Indiana Office of Technology:
The Indiana Office of Technology (IOT) provides cost-effective, secure, consistent, reliable enterprise-technology services to state government so that they can better serve our mutual customer, the Hoosier taxpayer. Created in 2005, IOT offers more than 120 technology products maintained and serviced by expert staff with licenses or certifications in 62 technical areas.