Municipal governments finding impact of cyber threats can be mitigated if prepared
With all the attention that database breaches have received during the last 18 months, both the public and private sectors find themselves facing the same dilemma; how to protect sensitive data to their organizations when many have either no or little funding to do so. Mitigating cyber risk at the state and municipal level are front of mind topics for government IT departments. They are tackling the issue with efforts like detailed security audits, penetration testing and simple end-user security awareness programs, but still find they are waging a losing battle.
The municipal cyber threat issue is also a priority of solutions providers like IBM. Robert Griffin, who is the General Manager for IBM’s Safer Planet division, which includes the i2, Threat Counter Fraud and Smarter Cities portfolios, has been a key player and successful serial entrepreneur in the Software and Services industry for more than 35 years.
In October of 2011 he facilitated the sale of his company, i2, to IBM. He then joined i2 as the CEO following its merger with his company, Knowledge Computing Corporation (KCC). In his current role Griffin has global leadership responsibility for solutions that address the intelligence, law enforcement and city operations communities and for the development and deployment of cross industry Counter Fraud and Financial Crimes solutions.
As a key sponsor of the upcoming Secured Cities Conference in Houston on November 10-12, IBM’s Griffin will be featured as an opening keynote on Wednesday morning (9 am) at the Crowne Plaza Reliant Park Hotel. His address, “Protection in the Data Explosion Era”, will discuss how fraud, financial crime, cybercrime and terrorist threats are all on the rise, and that these threats are coming more often and becoming more severe. He will explain what's driving this explosion and what opportunities exist for those whose mission it is to protect our cities, communities and companies to adapt to the ever changing threat landscape.
SecurityInfoWatch.com Security Media editorial/conference director Steve Lasky recently had the opportunity engage Griffin on an array of topics from technology to policy in the cybersecurity environment. Here are those out takes.
Editor Director Steve Lasky: Many computer security experts are concerned that the Cybersecurity Information Sharing Act of 2015 (CISA) may not be effective in preventing cyberattacks and will likely create more information overload. Do you agree and just what will the impact of this legislation have on public safety and municipal governments when it comes to protecting its data?
Robert Griffin, IBM: Cyber threats and breaches are an ongoing security concern today, and determined threat actors are going to exploit their target organizations’ weaknesses until they find a way inside. Nothing is likely to dissuade those actors entirely, but IBM strongly believes that CISA, together with its peer legislation in the House, is essential to helping security professionals strengthen their digital defenses against constantly evolving attacks. We are actively supporting this legislation, and are hopeful the Senate bill will be brought to the floor in the coming weeks. Frankly, the time to act was yesterday.
As far as cyber threat information sharing causing an information overload goes, we are already living in a big data society, and there are many solutions and technologies that exist today that can help organizations quickly turn that information overload into a wealth of insights and intelligence. In fact, law enforcement, defense and national security organizations have already illustrated how critical and beneficial information sharing can be with Fusion Centers. The private sector also is acting in forums like our own IBM X-Force Exchange where over 1,000 companies have joined us to share cyber threat intelligence. Cyber threats and cyber criminals are not that different from physical threats and criminals - the more you know about them, their methods and their motivations, the better prepared you will be to counter and mitigate them. But that kind of intelligence requires comprehensive analysis of data from a variety of sources, and that requires the sharing of information. Exchanging technical data on the latest cyber threats may require adoption of additional practices and steps upfront, but in the long run, we feel strongly it will help organizations develop a contextual understanding of their threatscape, and ultimately strengthen their collective security measures to protect their data, while quickly mitigating existing threats.
Lasky: How should we be advocating for more public-sector efforts to promote general awareness, education, and training across America as it relates to data and information protection?
Griffin: October is National Cyber Security Month – and it’s encouraging to see this critical issue getting significant attention in Washington and beyond. The public and private sectors are teaming during this time to run campaigns like Stop. Think. Connect, which focuses on the shared responsibility of the government, private institutions like banks, healthcare organizations, retailers, insurers, and the general public to protect them from cyber crime. Education is key. Not that long ago, we were talking about the digital divide, but today in the United States, more than 80 percent of the population is using the internet. Mobile phone usage is prolific. This means that virtually every citizen is at risk of becoming a cyber victim. We must continue to educate the population on how to stay safe, and we must continue to demand that the businesses that house our personal information act with the utmost responsibility.
Lasky: Explain how initiating solid public-private partnership initiatives can help drive safer and smarter cities using technology, analytics and information sharing, and where do see these initiatives going in the next 5 years?
Griffin: Sensor networks and the Internet of Things is already creating smarter cities, but I believe with the addition of cognitive technologies, we will see an absolute transformation in what it means to be a safe, secure, smart city. The promise of technology is that it can move faster than the speed of threat, having the ability to detect and differentiate between a manmade and naturally occurring event – which can be the difference between mission failure and success. The value of public-private partnership initiatives is that we can take lessons learned and best practices from across the landscape and apply them to this problem.
We are already seeing how a sophisticated sensor network and centralized command center can help communities and organizations like the New Jersey Turnpike Authority reduce congestion and delays faced by motorists on some of the most heavily traveled highways in the United States.
Lasky: When it comes to emergency management operations, working with law enforcement and first responders to coordinate real-time collaboration is essential to protecting assets and saving lives. What steps can be taken to ensure cities have a realistic roadmap for successful collaborative response and action plans?
Griffin: Successful Emergency Management (EM) agencies view planning and response to crises as a four-step process: prepare, respond, recover, mitigate. The EM process is iterative, and each phase is intertwined with the others. Various entities and jurisdictions lead efforts depending upon the phase and the activity within that phase. And ultimately, the lessons learned from a specific incident and its response should impact subsequent adjustments within the preparedness phase.
Technology can help emergency management leaders break down agency silos and manage the complex interconnections that exist in even the smallest local jurisdictions today. Advancements in information gathering, analysis and sharing help integrate siloed domains and resources and provide improved situational analysis and the agility that remains essential for adapting to rapidly changing environments.
At IBM, we’ve introduced new 'what if' tools to help planners simulate different response actions and evaluate effectiveness to determine the impact of potential and forecast events. Impact analysis performed on a possible occurrence of the operating picture provides actionable intelligence for planning the most effective response before the actual event occurs or during a crisis. This kind of simulation can help agencies self-assess their readiness from multiple angles and build action plans to mitigate possible impact.
Post-emergency collaboration tools can help speed resource application and rebuilding efforts as well as integrate mitigation measures into the rebuilt infrastructure. Big Data tools can help analyze after-action reports as well as track the success of long-term recovery efforts over many years.
Lasky: With the threats to both information and data constantly evolving, what can city governments and public safety officials do to stay ahead of the hacker tsunami?
Griffin: It takes more than just good cyber hygiene – a dedicated bad actor has time, energy and adaptive technology on their side, in addition to vast networks of online communities he or she can turn to for support and guidance. Organizational barriers, HR issues or information sharing restrictions do not encumber them. They are paid for performance, and given enough time will facilitate a penetration. So if there is an infiltration, one has to ensure that they can do no harm. I am a strong believer in the importance of and need for encryption of data at rest and data in motion. We see preserving the integrity of commercial encryption technology as essential to international business in the 21st century.
Governments and public safety officials already apply an intelligence-led approach to many of their systems. They collect and analyze data from a variety of sources to ensure they are protecting their citizens from natural or manmade disasters and criminal activity. They also collect and analyze data to manage traffic systems and allocate resources. This same approach should be incorporated into their cyber security strategy. This is about improved situational awareness: the more they know about their threats and their systems' weaknesses, as well as the latest threats being uncovered by peers in other organizations, the better prepared they will be to fortify them. Incorporating cyber threat analysis into their security strategy will enable public and private organizations to turn their defensive security strategy into a proactive, intelligence-led approach. Cyber threat analysis augments and enriches existing perimeter security strategies with contextual insights gleaned from a variety of non-traditional security sources. By equipping analysts and investigators with multi-dimensional analysis and advanced analytic capabilities, like our solution IBM i2 Enterprise Insight Analysis, those analysts and investigators can quickly uncover hidden connections and patterns buried in disparate and overwhelming data sets that can help organizations separate the anomalies or non-threat actors, from the aggressive and dangerous ones and then counter and mitigate those threat
Lasky: Predictive analytics and situational awareness are terms that are now becoming common in the public safety world. How can cities initiate these concepts into their strategic smart and secured cities infrastructure and what are the realistic benefits that can be realized by having them integrated?
Griffin: One of the big breakthroughs in improved policing was the advent of multi-jurisdictional regional/statewide information sharing initiatives. It was the recognition that 80 percent of all crime is committed by 20 percent of the criminal population and that this 20 percent, that helped drive this adoption, is from mobile. The benefit of this initiative, besides the improved situational awareness, was improved and advanced predictive analytics.
Whether information is shared across an organizational enterprise or with others (i.e. local, state, federal), the benefits are game changing. The incorporation and use of advanced analytics in addition to collaboration helps close the operational gap, positioning organizations in the best place to fight crime, respond rapidly and more effectively to emergencies, and ensure public safety not just today, but tomorrow.
Predictive technologies – technology that identifies patterns that human analysts then interpret to predict incidents - can mean the difference between investigating a situation or preventing it. Situational awareness becomes more and more accurate with the aggregation of multiple data sources. Again, the more data we have to pull from (in near real -time) the better we can protect first responders when entering dangerous situations. An optimal response to emergencies like severe weather or other unforeseen events that threaten our communities occurs when cyber attacks are stopped before data is compromised.
For more information about the Secured Cities Conference, it’s more than 40 sessions and panels, 65-plus sponsoring solutions providers, on-site security tours and Security Innovation Awards luncheon, and how to register, please go to www.securedcities.com.
