One city fends off cyberespionage attacks, and collaboration is key
Connecting state and local government leaders
Seattle's collaboration with the FBI and a DHS fusion center helped thwart attacks from China, but that kind of information sharing doesn't happen enough, a new report says.
Back in March, a U.S. commission released a report saying that the Chinese military was likely targeting critical infrastructure and intellectual property in the United States.
“That came out on a Tuesday,” Michael Hamilton, CIO of the City of Seattle, said in a recent white paper by IID, an Internet detection and mitigation company. “By 10 o’clock that Tuesday morning, the FBI was standing on my desk holding a CD saying, ‘Here’s a whole bunch of indicators; don’t be talking to these addresses and watch out for these binaries and these tactics,’ etc.”
“And so we searched the city of Seattle and we found some hits,” Hamilton said in the report. Seattle’s IT department touches much of the city’s critical infrastructure, including utilities, communications, clean water and transportation. It also works closely with other nearby city and county IT departments, including Tacoma, Bellevue, and Kirkland.
Then Hamilton’s team took the CD to the Seattle fusion center. The analyst there “searched our regional monitoring system and was able to identify all of the contributing jurisdictions that had been in contact with those Chinese military addresses,” Hamilton said.
Among the findings was that 50 percent of the hits involved maritime ports, with others targeting universities and corporate networks — sure signs that infrastructure and intellectual property were being targeted. Hamilton’s office contacted the ports and affected organizations, which then had the opportunity to examine their systems.
The Seattle case is good example of the kind of information sharing and collaboration that cybersecurity leaders say is necessary to protecting U.S. networks, but which still faces some hurdles.
A primary means of collaboration is through fusion centers, the information sharing centers created under the guidance of the Homeland Security Department. The centers are designed to prevent and effectively address cyberterrorism by promoting information sharing at the federal level between agencies such as the FBI, CIA, Justice Department, U.S. military and state and local governments. Today there are 72 state- and locally-run fusion centers operating across the nation.
In addition to assets provided by the fusion centers, state governors have recommendations for improving cybersecurity in the form of a report released by the National Governors Association (NGA). The report suggests governors can improve their state’s cybersecurity posture by:
- Establishing a governance and authority structure for cybersecurity.
- Conducting risk assessments and allocate resources accordingly.
- Implementing continuous vulnerability threat monitoring practices.
- Ensuring compliance with current security methodologies and business disciplines; and create a culture of risk awareness.
The report was released in tandem with Michigan Gov. Rick Snyder’s briefing to Congress on governors’ efforts to protect against cyberattacks. Snyder and Maryland Gov. Martin O’Malley have led NGA’s Resource Center for State Cybersecurity (Resource Center) since October 2012.
Snyder also released an electronic dashboard designed to provide governors with an overview of their state’s cybersecurity environment and to assist them in implementing the paper’s recommendations. The dashboard currently is being pilot-tested in Michigan and Maryland in conjunction with the Multi-State Information Sharing & Analysis Center, according to a press release from NGA.
NSA chief Gen. Keith Alexander echoed the need for a collaborative approach to cybersecurity at the Billington Cybersecurity Summit last month, reported Anthony Freed of TripWire. Government agencies, the private sector and allied nations should all be sharing threat and vulnerability intelligence data, he said.
“We need the authority for us to share with them and them to share with us. But because some of that information is classified, we need a way to protect it,” Alexander said. “Right now, we can’t see what’s happening in real time. We’ve got to share it with them, and potentially with other countries.”
While DHS maintains a list of fusion center success stories, not everyone believes the centers are living up to their potential. A 2012 report from the U. S. Senate Permanent Subcommittee on Investigations on fusion centers found that they did not produce useful information to support federal counterterrorism intelligence efforts, wasted taxpayer money and trampled civil liberties.