Insights From a Distinguished Law Enforcement Veteran

Insights From a Distinguished Law Enforcement Veteran

December 16, 2019 • Monica Todros

Our guest this week is Edward Davis. He’s president and CEO of The Edward Davis Company, a business strategy and security services firm, but he is perhaps best known for his role as former police commissioner for the city of Boston — a role he had during the tragic Boston Marathon bombing in 2013. In the aftermath of that event, he was the face of the city, as his team coordinated and collaborated with other local and national law enforcement agencies.

We discuss his experience with the Boston Marathon bombing, get his insights on law enforcement in the age of ransomware, and hear his thoughts on the role of threat intelligence. Joining this episode’s conversation is Recorded Future’s Allan Liska.

This podcast was produced in partnership with the CyberWire.

For those of you who’d prefer to read, here’s the transcript:

This is Recorded Future, inside threat intelligence for cybersecurity.

Dave Bittner:

Hello everyone, and welcome to episode 138 of the Recorded Future podcast. I’m Dave Bittner from the CyberWire.

Our guest this week is Edward Davis. He’s president and CEO of The Edward Davis Company, a business strategy and security services firm, but he is perhaps best known for his role as former police commissioner of the City of Boston, including during the tragic Boston Marathon bombing in 2013. In the aftermath of that event, he was the face of the city as his team coordinated and collaborated with other local and national law enforcement agencies.

We discuss his experience with the Boston Marathon bombing, we get his insights on law enforcement and the age of ransomware, and we’ll get his take on the role of threat intelligence. Joining me in the conversation this week is Recorded Future’s Allan Liska. Stay with us.

Ed, let’s start out by getting to know you a little bit. Can you take us through what has your career journey been like? How did you get your start, and what was the path that led you to where you are today?

Edward Davis:

Sure. I was a police officer in Lowell, Massachusetts. In 1980, I started as a patrol officer. I became a detective and worked sexual assault cases, and eventually started working organized crime and narcotics task forces with the DEA and the FBI and other agencies. I did that for about 10 years, and then I moved into a community policing role for a few months and then eventually was selected to be the police chief in Lowell, Massachusetts. I did that for 13 years, and then I moved on to the Boston Police Department where I was the commissioner there for seven years. I was there during the Boston Marathon, and then I did a fellowship at Harvard and ultimately started my own company in 2014.

Dave Bittner:

Well, before we dig into some of the questions I know that Allan has for you, I have to ask you about what it was like being on the job there when you had that Boston Marathon bombing. I mean, that must’ve been quite an experience.

Edward Davis:

It really was. It was a terrible tragedy for the victims and the families of the victims. You know, people died here in that attack, and the whole community was rocked by such a vicious and unwarranted strike at an event that is very community-oriented. So, it was a tough thing to handle. I’m very proud of the work that the men and women of the Boston Police Department did and our other partners in running these guys down and holding them accountable for this terrible attack.

Dave Bittner:

From a technology point of view, what goes into the work when you’re investigating something like that? I’m imagining things like security cameras, but there’s more to it than that.

Edward Davis:

Yes, there is. It starts off with communication, command, and control, making sure that you can rescue as many victims as you can, making sure that the scene is stabilized and preserved for evidence, and then urgently pursuing the people responsible.

In our particular case, cameras played an enormous role in what happened, and that’s evolved over the years. I remember when trace evidence and fingerprints was the most important thing that we dealt with at a crime scene. Now, it’s about collecting digital data and reviewing video and other possibilities for collecting evidence, like social media.

Dave Bittner:

Well, we’re fortunate to have Allan Liska with us today. Allan, you have some questions for Ed?

Allan Liska:

Yeah. First of all, again, I echo Dave’s comments that the work that you did and that your whole force did in Boston after the bombing was incredible and the whole country was obviously paying close attention to that and really impressed with everything that you and your team did.

Edward Davis:

Thank you both.

Allan Liska:

So, you were on the force for, it sounds like 30-plus years. Is that about right?

Edward Davis:

32 years, yep.

Allan Liska:
Obviously, you saw a big change in the evolution of the use of computers in what you’re doing, but then also the types of crimes that involved computers over that 32 years. Is that right?

Edward Davis:

Yes. I started doing my work on an Underwood typewriter, so I watched the whole evolution.

Allan Liska:

That’s pretty impressive. What do you think as far as the use of computers, how has that helped and how has that made things easier or better for law enforcement in general?

Edward Davis:

Well, the benefits are enormous. Starting with our initial point of contact in an emergency situation, which is the 911 systems. We’ve moved from a simple 911 to e-911 where we have the enhanced ability to identify locations not only on land lines, but also importantly and ever more importantly each year, on mobile phones. We can get the information and know exactly where people are calling from. We can dispatch help there even if we don’t establish any kind of voice contact.

And then, you know, moving on from compiling data that comes in there, having that data sent to analytical teams that we have in something called a fusion center, which is very extensive in police agencies across the country right now, where information and data is fused into a product that can help police officers on patrol and detectives who are identifying crime patents.

And then, the whole issue of digital evidence. You know, we’ve got data-driven decision makings, but we also have a lot of digital evidence that’s part of the evidence that needs to be presented at court. That needs to be preserved, there needs to be a chain of custody on that evidence. Our technical ability, technological ability, I should say, has gained enormous importance in the provision of justice in this country.

Allan Liska:

That’s really interesting. On the other side obviously, commensurate with your technical capabilities, you’ve also seen a growth in the technical capabilities of the bad guys. How broadly are the local police involved in cybercrime activities?

Edward Davis:

Well, for a while that tended to be the purview of the FBI when we had a case that came in, largely because we couldn’t really establish the location of the bad guy. We use that jurisdictional argument to flip it up to the feds. But, as time has gone on and the cases have become so common, more and more police departments are developing an expertise and having people assigned to cyber investigations, particularly in partnership with the Secret Service. So, in Boston we have five or six officers that are assigned, I shouldn’t say officers, they are detectives, that are assigned to the Secret Service task force who handle these cases for us.

Dave Bittner:

You know, Edward, it strikes me that along with the growth in this technology and the tools that are available to you in law enforcement also comes a responsibility to respect people’s privacy, to respect their constitutional rights and those sorts of things. What have you experienced over your career in terms of the complexity of guarding that responsibility?

Edward Davis:

That’s a huge responsibility the police departments have, really in every component of what they do, from taking people into custody, which we do almost every, well, every day, frankly, making sure that evidence is presented in a constitutional and appropriate way to a court of competent jurisdiction in these cases. It’s our basic responsibility as a police official, and the digital challenge makes this even more complex.

We found out that over time, that before you do anything in the technology arena, you really have to have conversations with the community. These things have to be transparent. They have to be published and noticed to the community before you do something, and that requires a debate, a presentation, and consultation with organizations like the ACLU so that we can get everybody’s perspective on what should happen and try to deliver the best protection we can to the community, while protecting people’s rights.

Dave Bittner:

Allan, you want to follow up?

Allan Liska:

Right, that balance is really important between making sure that you’re tracking the cybercriminals but also protecting the rights of people, absolutely.

I want to move into the topic of ransomware, and there are really two sides to this conversation. Obviously, as a cybercrime itself, sometimes the police are called on to help investigate, but then also police forces themselves have been targeted by ransomware, so I do want to start on the investigative side first. We often hear when an organization gets hit with ransomware that they’ll reach out to the FBI, but often local police are actually equipped to handle these kinds of investigations as well. How often did the Boston police force get involved in investigating ransomware attacks?

Edward Davis:

I can tell you that it’s a fairly frequent responsibility right now, but that’s evolved over the years. I’ve been out of the position for six years. We had a bit of a presence in that arena six years ago, but I sent some of the first officers to the Secret Service school to study ransomware attacks and other cyberattacks, and those units are growing not only in the Boston Police Department but throughout the nation. So, as each year goes by, the responsibility for investigating these things becomes more and more part of the local duty and responsibility, and we partner with federal agencies when the cases get complicated.

Dave Bittner:

So Ed, bring us up to date on your day-to-day these days. What sort of things are you working on?

Edward Davis:

Well, I have a security consulting firm. We do cyber investigations, we do physical assessments, dealing with things like active shooter situations. We have a wide range of responsibilities. I’m very lucky to work with Admiral Mike Brown, who used to set up the DHS Cyber Command and the Admiral runs that section of my office. Because of that, we get phone calls from companies all the time about ransomware attacks, other cyber incursions, people that have problems with their perimeter defenses, but also with internal actors. We all know that the great majority of attacks, successful attacks are as a result of malicious links, and so training the people while increasing defenses on the perimeter is really a big part of what we do nowadays.

Dave Bittner:

Let me get your take on threat intelligence and the part that you think it plays in people’s defenses.

Edward Davis:

Threat intelligence is critical. We could not do any investigation or securing of premises, either physical or cyber, without understanding the threat vectors. And so, no matter where we’re working, intelligence is extremely important. We do a lot of protection of news outlets, national companies that unfortunately are subjected to threatening emails and text messages and phone calls, but to properly analyze those incidents, you really need to understand the system where these things are coming from. You have to look at open source information. You also have to mine the dark web, and we’ve done that extensively in our investigations, especially with some of the biggest media outlets in the country. We spend a lot of time working on those cases. They’re very complex, but we have been very successful, in one case, working with the FBI to arrest a man on the west coast who was heavily armed. So, these are real threats. The convergence of physical security and cybersecurity is something that we work with every single day.

Allan Liska:

We’ve talked about the work you’ve done with helping citizens, but unfortunately police departments themselves are under attack, either directly being hit with ransomware or indirectly because somebody in a town got hit and the cybercriminal jumped from the town network to the police network and was able to do encryption. What are police forces doing to combat ransomware attacks internally?

Edward Davis:

Well, this is a very complex problem, and my former colleagues, I met with many of them in Chicago just last month, they were extremely concerned about this problem that’s been cropping up around the country. Atlanta is one example, Baltimore. There’s been an enormous number of small- to medium-sized police departments that have been hit for very, relatively small amounts of money.

So, in the Baltimore case, the ransom was over $100,000, but in most of the cases that we deal with in the smaller towns, the attacker has asked for $500 or $1,000, and quite frankly, it becomes a cost benefit analysis whether you try to pursue these people, and as distasteful as it is to deal with them, in a lot of cases you end up paying the ransom.

And, here’s the reason. These are critical operations. People’s lives hang in the balance when a 911 system goes down, for instance, or when an attacker has secured control of things like digital photographs or other digital evidence that’s needed to prosecute cases. If you don’t get that back, you’re going to lose cases in court. People who are victims are not going to receive the satisfaction of the criminal justice system. It’s an enormous liability that really affects not only public safety, but also the provision of justice.

Allan Liska:

That’s a really important point that I think a lot of people don’t understand. It’s really easy if you’re external to the situation to say, “We’ll never pay the ransom,” and of course that’s always the best advice when possible. But, if you are in a situation where a criminal may walk because that evidence has been encrypted and you no longer have access to it, that’s potentially a huge problem and that changes, as you say, the cost benefit analysis. That’s got to be a tough problem for police departments to wrestle with.

Edward Davis:

It certainly is, and many of my colleagues have simply, with a bad taste in their mouth, they’ve paid the ransom because the stakes are so high. You know, the other thing that you have to be aware of is that if you’re storing digital evidence on a system that’s been hacked, all of the evidence now is in question. Things like the chain of custody that is a requirement before we can put any information before a jury, that can be adversely affected. Files can be corrupted. Photographs can be amended. It’s just, the scope of the problem is mind boggling.

Dave Bittner:

I want to wrap up with you both. Ed, I’d like to know from your perspective and all your experience with being in law enforcement, do you find that there are some common misperceptions that folks have when it comes to their interactions or their perspectives with people like you who are in law enforcement?

Edward Davis:

Yeah. Well, especially in this area, people don’t know who to call when something like this happens. They know that there’s been an incident. Sometimes they call their best computer expert to take a look at it. But, if you’re dealing with the loss of financial resources, the loss of personal information, if you’re being held ransom for something that you control, these are criminal acts and the best thing that you can do is call the police. This is happening more and more throughout the country. This is not a shock to police when they get this call. If they can help you, they will. If they can’t help you, they should be able to direct you to places that can try to put you back on your feet.

Dave Bittner:

Our thanks to Edward Davis for joining us, and thanks to Recorded Future’s Allan Liska for helping me with the questions this week.

Don’t forget to sign up for the Recorded Future Cyber Daily email, where every day you’ll receive the top results for trending technical indicators that are crossing the web, cyber news, targeted industries, threat actors, exploited vulnerabilities, malware, suspicious IP addresses, and much more. You can find that at recordedfuture.com/intel.

We hope you’ve enjoyed the show and that you’ll subscribe and help spread the word among your colleagues and online. The Recorded Future podcast production team includes Coordinating Producer Monica Todros, Executive Producer Greg Barrette. The show is produced by the CyberWire, with Editor John Petrik, Executive Producer Peter Kilpe, and I’m Dave Bittner.

Thanks for listening.

New call-to-action

Related Posts

Countering 5G Conspiracy Theories

Countering 5G Conspiracy Theories

November 30, 2020 • Caitlin Mattingly

The global transition to 5G mobile technology is well underway, with ongoing network build-out and...

Cyber is as Much Psychology as it is Technology

Cyber is as Much Psychology as it is Technology

November 23, 2020 • Caitlin Mattingly

Joining us this week is Pierre Noel, managing director for Europe at ISTARI, a company providing...

Inside the World of Cyber Venture Capital

Inside the World of Cyber Venture Capital

November 16, 2020 • Caitlin Mattingly

Our guest this week is Mark Goodman, managing director at MassMutual Ventures Mark shares the story...