2021 Government Innovation Awards
Cyber Risk Portal consolidates LA’s vulnerability data
Half of the 40 departments and 18 offices for elected officials in Los Angeles have their own digital services beyond what is provided by the central Information Technology Agency, creating a vast set of IT assets that are susceptible to cyberattack.
To make it easier to manage risk and give IT departments and city leaders a way to quickly identify, prioritize and remediate the growing number of vulnerabilities, the city created the Cyber Risk Portal. The solution consolidates vulnerability scan results from multiple sources, identifies the most critical ones and recommends fixes. It also compiles an easy-to-read cyber risk score for each IT asset and department, which ITA’s Information Security Office sends monthly to department executives and IT directors.
The portal merges threat data from city departments and external partners, including the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, which also provides weekly vulnerability scans. The normalized vulnerability data is then correlated to IT asset records maintained by the city’s IT departments in an enterprise IT service management system.
When the pandemic hit, the city transitioned from 200 remote workers to 18,000 in 11 days, and many departments scrambled to deploy new public-facing, online citizen services. Preparations to launch the Cyber Risk Portal went into overdrive, and it was deployed in the latter half of 2020. By January 2021, the Los Angeles CIO kicked off the monthly distribution of cyber risk scorecards to department executives.
In just six months, the number of department vulnerabilities decreased by 10%, and vulnerabilities have been resolved 30% faster — a key metric for limiting cyber risk. Armed with a clear understanding of cybersecurity risks, the city’s IT staff and executive leaders can better identify priorities for remediation and investment.
The success of the Cyber Risk Portal proves that innovation can produce a simple, effective, human-centered solution to cybersecurity challenges.
Connect with the GCN staff on Twitter @GCNtech.