Electricity. Water. Law enforcement. These are services companies and individuals expect to receive from municipal governments. The City of Los Angeles is adding another service to the list: cybersecurity intelligence. And some think the project by the City of Angels could be the model for other US cities to emulate in expanding the services they offer to their own citizens.
Since August 2017, the LA Cyber Lab has been providing cybersecurity assistance to small and midsize businesses in the city. By sharing threat information and providing training opportunities, the Cyber Lab has tried to provide smaller organizations with some of the cybersecurity advantages that larger organizations can afford.
In the first two years of the Lab's operation, it built a standardized platform for accepting information from participating organizations and automating threat analysis reporting to those companies. Hundreds of organizations have participated in the program that Los Angeles Mayor Eric Garcetti, who chairs the Lab's board of advisers, has said is critical for addressing cybersecurity with the appropriate sense of urgency.
Now the Cyber Lab has expanded its capabilities and mission with the introduction of a mobile platform that can be accessed by businesses and individuals.
"We've got a mobile platform that citizens can log onto, can become members [of the LA Cyber Lab], and ultimately do things like submit pieces of mail that might be suspicious and then actually get information back that typically would only be shared more in a corporate setting," says Wendi Whitmore, vice president of X-Force Threat Intelligence at IBM Security.
IBM Security is a partner in the Cyber Lab. While there is obviously a financial relationship, Whitmore says each enjoys side benefits from IBM's participation in other ways. IBM Security provides the analytical platform the lab uses for generating its reports, and Whitmore says the data from Cyber Lab clients enhances the global data set X-Force analysts use in their work.
For the past two years, clients have been able to share internal company data — like login data, internal Web traffic, and user account activity — with the Cyber Lab. In the workflow until last month, Lab analysts would then review the shared data, looking for various indicators of compromise, such as data that shows a compromised user account or phishing links in email messages.
Notice of a compromise would then be sent in an email message — one of a series of email messages sent approximately five times a week. With the new mobile and Web-based system, messages can be forwarded via an app to the lab, which will then notify the client of compromise via the app within a few hours.
All of the analysis and threat indication is provided at no cost to businesses in Los Angeles. In conversations at Black Hat USA 2019, lab management stressed that the lab and its free nature is a recognition of the importance of small businesses in the economy of the city. And that importance is not limited to Los Angeles.
"I think the goal for everyone in this project is it really becomes a great example and a benchmark for other cities to learn from and take on," Whitmore says. While there are other municipal cybersecurity programs, like New York City's Cyber NYC, most of these focus on growing the local cybersecurity industry and workforce, not protecting local small businesses.
As threats like ransomware become more devastating for small businesses and small government units, other governments may well look to Los Angeles as a model. The real question may be which governments can afford to offer this particular service to their citizens — and which groups of citizens are willing to pay for the service through their taxes.