The Department of Homeland Security is consolidating its network and security operations centers to ensure services remain available when analysts must investigate a cybersecurity incident, according to the department’s new chief information officer.
The resulting network operations security center (NOSC) model represents a shift from traditional cyber incident response, where the SOC’s goal typically is to take the system offline until the problem can be identified and fixed.
“It’s not just consolidation for consolidation’s sake,” CIO Karen Evans said during an ACT-IAC event Wednesday. “It’s the next evolution of providing and managing risk to keep the business going while we are then analyzing, being aware of and being able to protect our operations.”
Evans said she held planning sessions internally, as well as with the department’s CIO Council. The department is currently considering how best to staff the NOSC in terms