In Michigan, public and private sector officials aren’t waiting for the governor to declare a state of emergency in the event of a major cyber incident — they’re planning for it.
Nearly a year has passed since the official launch of the Michigan Cyber Civilian Corps (MiC3), a growing team of cyber experts from government, education and the private sector, who have volunteered to provide assistance in the wake of a large-scale cyberattack in the state. The team functions much like a volunteer fire department, but for cybersecurity, and is expected to grow to about 75 people.
The MiC3 has about 30 members today and is actively recruiting volunteers to serve across the state’s 10 regions, says Michigan Chief Technology Officer Rodney Davenport. This will ensure that companies and government agencies in all parts of the state, but especially rural areas, have access to trained security professionals in the wake of a major incident. "The MiC3 is created in partnerships with the Michigan Department of Technology, Management and Budget, Michigan State Police, National Guard and other public and private partners," according to its website. Davenport says the corps does not receive state funding.
Volunteers in the cyber corps must first undergo an application process, which includes an interview, online test and resume review. (Read more about the application process here.)
Davenport explains that participants must agree not to disclose sensitive issues that they handle while volunteering with the MiC3. To date, the corps has not been activated, but members are keeping their skills sharp through hands-on exercises and annual certifications. Big name companies, such as Ford, that are major players in the state’s economy would be prime candidates for MiC3 expertise in the wake of a large-scale cyberattack, Davenport says. Part of the cyber corps’ response would include forensics assistance.
Michigan is also part of a larger effort to boost state and federal cyberdefense capabilities. The state was selected by the Army National Guard to host a so-called cyber protection team (CPT). The cyber team will be staffed by National Guard citizen soldiers, many of whom work in the IT sector or academic sectors and have expertise about cyberdefense policies, tactics and techniques, according to the National Guard. There will be some level of coordination between the CPT and the cyber corps, depending on the nature of an incident, Davenport says.
The state also hopes to boost its own cyberdefenses for securing internal networks.
Gov. Rick Snyder’s fiscal 2016 budget proposal includes an additional $7 million “to strengthen cybersecurity efforts to protect the state’s computer systems, networks, and critical data from daily and growing cyber threats,” according to budget documents. But the additional cyber funding may not survive the budget process unscathed. According to Kurt Weiss, spokesman for the state’s budget office, there is the potential that things like cyber could get cut a bit because of lingering tax credits that must be paid out to businesses.
The final budget is expected to be signed around early June.