Using Intelligence to Defend Two of the World’s Largest Cities

How do you protect the two most populous cities in the United States? New York City and Los Angeles have a combined population of over 12 million people and cover vast swaths of land. The differences between the two cities are well documented—cultural, weather, geography, etc.—but when it comes to securing the cities against threats the two cities are more alike than different. 

During Predict 21: The Intelligence Summit, hosted by Recorded Future, a discussion was held with Geoff Brown, Chief Information Security Officer for the City of New York, and Timothy Lee, Chief Information Security Officer for the City of Los Angeles. The session was moderated by Niloofar Razi Howe, an executive, investor, and entrepreneur who served as Chief Strategy Officer and Senior Vice President of Strategy and Operations at RSA.

To start the discussion both Brown and Lee kicked off with a description of the breadth of the threats they face, as well as the impact they have. 

“The vision for New York City is to be cyber resilient,” said Brown, articulating how the famous characteristic of the city carries through in their mission to protect its residents.  “We like to speak of our mission in two folds. One, we defend those services that New Yorkers rely on because those services are delivered through technology each and every day. And then two, we build and bring cybersecurity to New Yorkers themselves.”

Lee also revealed that Los Angeles has its own set of guiding principles for their security program and said it boils down to a simple motto: “We aggregate all security events into the central platform and then provide two things based on the very simple concept of the motto: know yourself and know your enemy.”

Razi Howe steered the discussion in the direction of the concept of knowing your enemy. “Who is the enemy, how broad is the threat landscape that you each face and how do you bring together the various categories of harm—not just cyber, but the physical, the logical, the geopolitical in a way that improves the security of the city and fulfills the mission?” she asked. 

“We have law enforcement entities, health services, response entities, sanitation entities, water utilities. The most interesting thing to your question about your adversaries is on behalf of a municipality. We have every enterprise,” Brown said. “We're in charge of defending each and every one of those. So as you contemplate your adversaries, the municipality you live in probably is an attractive target to every single one of them. So we have to understand each type and then apply that intelligence into our defenses.”

Lee agreed and offered the City of Los Angeles’ perspective. “For L.A., the threat landscape is very similar to New York and very broad. One of the things that is essential for today's security operation is cyber threat intelligence. We rely heavily on that to identify who the attackers are and what and their methods.”

Intelligence was a key topic for the discussion. Namely, what is intelligence? How do you gather it, disseminate its importance, and then use it to achieve your mission?

“Intelligence in many ways is all the different ways that you collect information, you analyze that information, how you produce it, insight it offers and then more. How do you take action, right? When you think about the municipalities, the cybersecurity mission is, of course, perhaps most interested in those pieces of information that are germane to enriching defenses, reacting to vulnerabilities that are released from a technical perspective in the landscape, and then also trying to understand the geopolitical context that could incite an adversary of various disposition to hold your environment that you're protecting at risk,” Brown said.

Of course when you’re at the helm of protecting millions of people and the resources they rely on, how you build trusted relationships is a key concern. Collecting information, distributing it, and acting on it are all incredibly important questions when it comes to protecting constituents. 

Lee outlined how he views the City of Los Angeles’ responsibility to build trust. “Number one is you have to deliver what you promise. Second is: the quality of the service or quality of information that you provide has to be relevant to your audience. So we always try to collect the data from our constituents, but the key thing is you also need to provide the quality information back to them and relevant to them. So that it is actionable for them and benefits them.”

“As you're thinking about your intelligence mission and when it comes down to it, there is a lot of information out there. And the distilling of that information into something that is useful for decision support or useful to take defensive measures around is an important process,” said Brown. “If you are working on that process, to Tim's point, you might be a trusted partner because what you're providing people can make decisions around. People can enrich their defenses. But it's easy to get lost in the noise. You know, we talk in our industry a lot about signal versus noise. So creating the right tooling, having the right processes to understand your own environment, maybe producing your own information or intelligence, collecting everything that's happening externally and then distilling it to signal before sharing, I think is incredibly important in order to garner trust.”

To round out the discussion Razi Howe asked the panelists how they view the maturity of their intelligence programs. “How mature are we on this journey of having a true public private partnership. “Not just consuming threat intelligence, but, as you said, contributing back to the partnership and back to the ecosystem, where are we on this journey?”

“To me, I think that we are at the beginning level still sharing raw data and threat information. But there's a lot of room to grow. The good news is we are more aware of cooperative cyber defense—a must because our adversaries are coordinating so and you'll see recent attacks are coordinated. We need to collaborate and coordinate, and make a push to keep growing and improve our maturity on threat intelligence sharing,” said Lee.

Brown agreed and sees great potential for the intelligence community. “I think I would put it quite simply: we have the right ambitions as a community. We have the right ambitions. You look at that model that Tim has and they're actually cooperating and they're sharing information with New York City. We have similar capabilities. But where we're aiming, we hope, is to get more collaborative in how we're doing our defensive operations. And as we pursue maybe those correct ambitions now, we're starting to see that the entities that we need to sort of stand shoulder to shoulder with and then collaborate with are also being stood up. That's an encouraging future.” 

To watch the full session, as well as all of the other great sessions at Predict 21, click here.