No-Cost Network Monitoring for the Public Sector with PISCES

4 min read

Smaller cities and counties will soon be able to more easily get free network information security monitoring.

The Public Infrastructure Security Cyber Education System, aka PISCES, is reaching out and looking for new Washington State local governments to get free network monitoring. PISCES is also publishing a two-page brochure showcasing the non-profit’s work over the past decade – see the full brochure below.

Led by CISO Mike Hamilton and a coalition of public and private stakeholders, PISCES aligns with Critical Insight's mission to protect and defend critical services through local infrastructure protection, workforce development, and cybersecurity research. 

What is PISCES?

Many smaller cities and counties cannot afford threat monitoring, yet are targeted with the same attacks as large municipalities. PISCES gives them free monitoring by handing the data to students at Universities in Washington State. The cities and counties get the cyber defense they need, and students get to learn how to be cyber analysts. Mike explains the non-profit's mission and how it works in this 19-minute podcast with UberKnowledge, a cybersecurity training company with a focus on evangelization, ethics, and diversity. 

How Is Critical Insight Involved with PISCES?

Students working on protecting cities and counties use Critical Insight’s technology to look at cyber alerts.  Critical Insight’s staff, including founder Mike Hamilton, lend their time to PISCES to train students. The best of those students then come to work at Critical Insight when they graduate.

"I’ve been working on PISCES for a while because I saw first-hand how vulnerable smaller communities are," notes Mike, reflecting on his time as CISO for the City of Seattle in the late 2000s. "As CISO for a major U.S. City, I had the resources to implement controls – including security event monitoring. However, as I worked with the IT leaders managing smaller local governments in the state, I saw their security programs would impact my security program, and vice versa. The origins of PISCES began from the need to share event information in real-time. After 10 years working on the partnerships necessary to integrate no-cost security monitoring for local governments with university-level cybersecurity education, we are ready to accept new local government applicants to the program."

Read on for a deep dive into the PISCES program, how it works, and why it matters for local governments, local communities, and the future of cybersecurity. 

How can a potential partner apply to participate in PISCES?

Leaders who are interested in learning more about the PISCES program can reach out to Mike Hamilton on LinkedIn. If you represent a WA State-based jurisdiction or academic institution interested in participating in PISCES, you can contact PISCES NW on their website

PISCES: Public Infrastructure Security Cyber Education System

PISCES—the Public Infrastructure Security Cyber Education System—is an extension of the Public Regional Information Security Event Management (or PRISEM) regional monitoring system deployed in the Puget Sound region from 2009-2013. The Cyber Security Division of the U.S. Department of Homeland Security (DHS) Science and Technology Directorate (S&T) provided the initial grant funding. Now in partnership with the DHS Cybersecurity and Infrastructure Security Agency (CISA) and Pacific Northwest National Laboratory (PNNL), PISCES has since evolved into a non-profit organization that partners with the private sector, colleges and universities, and local governments to provide no-cost cybersecurity event monitoring to small public sector organizations. 

What We Do

PISCES Role – PISCES adjudicates legal agreements and serves as the ultimate curator of the partnerships with educational institutions (including those housing the data collection stack), the private sector (providing the technology for collectors and analytic stack as well as necessary professional services and support), and local governments.

Private Sector Role – PISCES executed an agreement with Critical Insight (CI), a cybersecurity detection and response company with security operation centers in Bremerton and Ellensburg WA. CI provides a reduced-functionality version of the commercial monitoring and analytic stack to facilitate on-premise data collection, aggregate intrusion detection and network flows, and allow analyst access for investigation and event confirmation. CI also provides the necessary professional services to perform stack maintenance and upgrade and conduct the customer provisioning process. 

How It Works

Using metadata collected from customer networks, students act as cybersecurity analysts by evaluating events observed. When a security compromise is confirmed or suspected with a high degree of confidence, it is reported to the impacted jurisdiction for assistance to be provided to quickly remediate. 

Data Collected

Data privacy and public disclosure limitations are described in the data sharing agreement. The data PISCES collects is limited to:

  1. Packet headers – metadata about how content is delivered but not the content itself (no e-mail, health records, criminal justice data, financial transactions, or privacy information).
  2. Intrusion Detection System (IDS) alerts – the Suricata IDS is a component of the collector system and updated daily with new public signatures or detection patterns.


Partner Requirements – At a minimum, local government organizations seeking to execute a data sharing agreement must:

  • Be a public sector organization (e.g., cities, counties, ports, school districts, public utilities).
  • Employ 150 employees or fewer.
  • Purchase a computer to be used as the data collection device. The computer must match the line speed of the internet connection and have 500G-1Tbt of data storage.
  • Acknowledge that this is not a commercial service and the analysts are students.
  • Agree to share anonymized event information.

Academic Institutions – Educational partners must sign an agreement that stipulates:
The standard curriculum framework will be used, summarily:

  • Operation of the technology stack
  • Analyst tools and investigation techniques
  • Experiential, laboratory, exercise, or extracurricular time as a cybersecurity analyst

Improvements to the curriculum will be integrated back into the standard distribution.

Our Partners: State, Local, Tribal, and Territorial Partners

- Current – PISCES jurisdictions in Washington State include the cities of Anacortes, Arlington, Burien, Cle Elum, Covington, Ellensburg, Kittitas County, and Washougal. San Juan County

and Stevens County are recent deprovisioned jurisdictions. Additional state, local, tribal, and territorial partners will be added as the program expands outside the State of Washington.

Academic Institutions – Western Washington University, Central Washington University, and Spokane Falls Community College are currently teaching courses using PISCES and more Washington schools are interested in the program. Discussions are ongoing with institutions in South Carolina, Alabama, and Idaho as well.

Looking Ahead

CISA and PNNL are supporting the project through 2022, with the objective of creating a sustainability model that will address administration and technology costs.

Become a Partner

If you represent a jurisdiction or academic institutions interested in participating in PISCES, you can contact PISCES NW on their website here.