Section 97g of the 2023-24 School Aid Fund allocated $9,000,000 to provide a statewide Security Operations Center (SOC) and Managed Detection and Response (MDR) services for ISD, LEA & PSA servers in the State of Michigan. The MiSecure Operations Team was formed in October 2023 and immediately began researching and developing resources to address the MDR portion of the project. After a thorough evaluation, Crowdstrike Falcon Complete was selected as the supported Michigan K12 MDR solution. By May, 2024, schools began installing Crowdstrike sensors on ISD and district servers. This protection proved successful with detections and incidents being addressed 24x7x365 by Crowdstrike incident responders. By October 2024, 90% of ISDs had begun protecting their servers.
The Crowdstrike Falcon Complete product includes several components you can review here. Most critically, is the Crowdstrike team responsible for monitoring and responding to cyber events and incidents 24x7x365. This process requires a relationship to be established between Crowdstrike and each participating ISD. This participation will group the ISD, LEA and PSA servers into a single organization, or CID (Customer ID). While the CID is assigned to an individual ISD, the ISD is able to create individual user accounts for LEAs and PSAs. Once on-boarded, the ISD CID will establish contact lists, policy groups for servers and escalation processes.
In addition to supporting the MiSecure MDR project, the Security Operations Team is also authorized to work with “K to 12 statewide connectivity partners to install and monitor intrusion detection systems.” (97g, sec 4(b)). To help identify potential tools and funding sources for this project, the team has been engaged with the Michigan State Education Network – or MiSen
Still have questions? The most common questions are addressed below.
Most Common Questions
Q: What’s included in Crowdstrike Falcon Complete?
Crowdstrike Falcon Complete is a package of several components, most notably: Insight (EDR), Prevent (NGAV), Discover (IT Hygiene), Overwatch (24×7 Threat Hunting), Spotlight (vulnerability monitoring) and the Falcon Complete Team (24×7 responders). We have put together a page with Information on each of these modules.
Q: What is a CID (Customer ID)?
A CID is the term Crowdstrike uses to refer to a “managed organization” This organization will be on-boarded and supported 24x7x365 by a dedicated Crowdstrike team. The on-boarding process will address such things as thresholds, responses, contacts and escalation procedures. These CID settings will apply to all ISDs, LEAS and PSAs in the organization. MiSecure will supply each ISD with a single CID. MiSecure will hold a Parent CID which supports all ISD CIDs. Entities within a single ISD CID may have visibility into other entities and ISDs need to consider this when providing access to LEA/PSA staff. LEAs or PSAs that would like their own CID may purchase through the MiSecure project, leveraging the statewide pricing (estimated cost is ~$2,000/CID one-time). Those LEAs should reach out to MiSecure to make arrangements.
Q: My ISD never contacted me, how can I participate?
Yes! Please reach out the MiSecure team at [email protected] and we’ll ensure your servers are included. For larger or more autonomous LEAs/PSAs, you may elect to purchase your own CID, which also allows you to identify your own, individual contact list in the event that Crowdstrike needs to contact you. There is a charge for an LEA/PSA CID that is not covered by the 97g project, so many districts elect to work closely with their ISD in order to protect their servers. Our team can help you with that decision.
Q: I utilize a neighboring ISD rather than the one to which I’m assigned. How can I participate?
You should first contact the ISD you do work with to determine precisely how your servers will be added into the CID. Once determined, you will have the same access as other districts while getting support from the ISD you normally do.
Q: Is there a hard timeline? Am I too late?
There is no deadline to participate. ISDs, LEAs or PSAs may join or add licenses anytime. All licenses are available until June 30, 2027.
Q: What are we committing to?
According to the 97g legislation, participating ISDs/LEAs/PSAs agree to:
- Complete an assessment using a tool such as the MiSecure Quick Self-Audit
- Install and maintain the MDR software
- Provide access to the software to MiSecure
- Coordinate responses with MiSecure and their ISD
Q: I have a question that isn’t addressed here
A complete Frequently Asked Questions page is available and updated regularly. If you still can’t find your answer there, please email [email protected]