DIG IT AWARD FINALIST: CYBERSECURITY
How LA corralled its security data
- By Suzette Lohmeyer
- Sep 28, 2016
IT staff in Los Angeles manage IT systems and network traffic for more than 37 departments with 35,000 full-time employees and more than 120,000 networked devices. Collecting and correlating siloed security data from all the city’s departments proved to be a challenging and labor-intensive task -- and one that often delivered inaccurate results.
“If an inconsistency or potential security breach was found, the protocol in place required pulling security logs from each individual department, reviewing and analyzing the disparate reports and then correlating the data manually with multiple security tools,” said Timothy Lee, the city’s chief information security officer. “This was a time-consuming process that resulted in slow resolution and errors.”
This past spring, the city realized how dire the situation was after recording more than 135 million attacks in April alone and a 200 percent increase in cyberattacks on Los Angeles over the previous year. “This is when we realized the enormity of the threat, its growing nature and how this project was direly needed,” Lee said.
The project -- the Integrated Security Operations Center -- is a centralized 24/7 monitored system that provides real-time cybersecurity situational awareness across all city departments. The ISOC also enables information sharing with the FBI and other states through the Multi-State Information Sharing and Analysis Center (MS-ISAC).
The system has three primary elements:
- A Cybersecurity Posture Dashboard that provides stakeholders with a graphic representation of the city’s cybersecurity status.
- A Cyber Alert Indicator that displays real-time malicious cyberactivity on the city’s network.
- A Threat Intelligence Portal that allows city departments, external states (through MS-ISAC) and federal partners to share intelligence to speed and coordinate response.
The new ISOC has bolstered Los Angeles’ collaborative cyberdefenses and situational awareness. In May 2016 alone, the city blocked over 127,600,000 cyberattacks and identified and remediated 14,189 pieces of malware.
Suzette Lohmeyer is a freelance writer based in Arlington, Va.