How LA corralled its security data


How LA corralled its security data

IT staff in Los Angeles manage IT systems and network traffic for more than 37 departments with 35,000 full-time employees and more than 120,000 networked devices. Collecting and correlating siloed security data from all the city’s departments proved to be a challenging and labor-intensive task -- and one that often delivered inaccurate results.

Dig IT Award Finalists

The GCN Dig IT Awards celebrate discovery and innovation in government IT.

There are 36 finalists this year. Each will be profiled in the coming days, and the winners for each category will be announced at the Oct. 13 Dig IT Awards gala.

See the full list of 2016 Dig IT Award Finalists

“If an inconsistency or potential security breach was found, the protocol in place required pulling security logs from each individual department, reviewing and analyzing the disparate reports and then correlating the data manually with multiple security tools,” said Timothy Lee, the city’s chief information security officer. “This was a time-consuming process that resulted in slow resolution and errors.”

This past spring, the city realized how dire the situation was after recording more than 135 million attacks in April alone and a 200 percent increase in cyberattacks on Los Angeles over the previous year.  “This is when we realized the enormity of the threat, its growing nature and how this project was direly needed,” Lee said.

The project -- the Integrated Security Operations Center -- is a centralized 24/7 monitored system that provides real-time cybersecurity situational awareness across all city departments. The ISOC also enables information sharing with the FBI and other states through the Multi-State Information Sharing and Analysis Center (MS-ISAC). 

The system has three primary elements:

  • A Cybersecurity Posture Dashboard that provides stakeholders with a graphic representation of the city’s cybersecurity status. 
  • A Cyber Alert Indicator that displays real-time malicious cyberactivity on the city’s network.
  • A Threat Intelligence Portal that allows city departments, external states (through MS-ISAC) and federal  partners to share intelligence to speed and coordinate response.

The new ISOC has bolstered Los Angeles’ collaborative cyberdefenses and situational awareness.  In May 2016 alone, the city blocked over 127,600,000 cyberattacks and identified and remediated 14,189 pieces of malware. 

About the Author

Suzette Lohmeyer is a freelance writer based in Arlington, Va.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.