More than two decades after 9/11, retired NYPD Intelligence Bureau Ltn. Gus Rodriguez says he believes our nation is facing another existential threat with similar challenges.
CHDS alum Rodriguez (Master’s Program cohort 0905/0906), who worked for years on the FBI New York Cyber Task Force, said while serving as an expert panelist during the October CHDS Alumni Hour that the challenge of cyber attacks on critical infrastructure requires cooperation and coordination among government agencies at all levels to prepare for and prevent major damage.
“With cyber we are where counter-terrorism was (on 9/11),” he said during the online event. “Here we are again 21 Septembers later and we have this [cyber] problem. It’s the intersection of public safety and technology.”
Titled “Protecting Cyber and Preventing Ransomware in Government,” the Alumni Hour event held on Thursday, Oct. 20 featured an expert panel that included CHDS instructor and alum Bijan Karimi (Master’s Program cohort 1401/1402) serving as moderator along with fellow CHDS alums Department of Homeland Security Cybersecurity and Infrastructure Agency Deputy Director Nitin Natarajan (Master’s Program cohort 0601/0602), U.S. Secret Service Special Agent in Charge of the San Francisco Field Office, Shawn Bradstreet (Master’s Program cohort 1803/1804), and Rodriguez.
The event held via Zoom focused on the growing threat of ransomware to local, state and federal governments, and the criticality for all public agencies to protect their infrastructure.
The takeaway? The value of partnerships aimed at sharing information among law enforcement agencies, the intelligence community, and the private sector regarding the tactics, techniques, and procedures used by criminal organizations to launch cyber attacks against government and critical infrastructure.
“Cyber is not [just] an IT problem, it’s everyone’s problem,” Karimi, who also works as Assistant Vice President for Business Continuity at the Federal Reserve Bank of San Francisco, said during the event’s introduction. “The first line of defense is all of you.
“We’re only as strong as the weakest link.”
During the hourlong discussion, the panel addressed a number of topics ranging from the ever-evolving cyber crime threat landscape to what government agencies are doing about it and what comes next.
Natarajan pointed out that infrastructure and cyber are now more intertwined than ever and cyber criminal organizations are the major threat, and in response the goal is trying to change awareness about the threat landscape through education, and working with partners to convey the best prevention and mitigation guidance.
He added that a more convincing argument has to be made to state, local, and tribal agencies on the importance of investment in cyber security, and that the focus should be on “target-rich and resource-poor” areas because such investment “helps cyber resilience across the nation.”
“The days of battling over budgets have to be over,” Natarajan said. “The days of keeping cyber in a separate bubble need to be over.”
Rodriguez said there needs to be an understanding of the importance of cyber responders as first responders, adding, “When we start calling digital (staff) first responders we’ll start looking at (the issue) differently.”
Bradstreet noted that all government agencies regardless of size have access to cyber training and assistance through the National Cyber Investigative Joint Task Force, which includes more than 20 partnering agencies from law enforcement, the intelligence community, and the Department of Defense, and is responsible for coordinating cyber threat investigations.
Natarajan said the goal is to get as much intelligence on cyber threats out as possible so agencies and organizations can take action.
During an active chat session, one participant suggested current mitigation efforts are focused “downstream” and asked what efforts are being made “upstream,” including efforts to “close gaps and seams industry creates as they rush products to market without better security.”
Another participant asked how best to “leverage the Intelligence Communities’ indications and warnings, classified reporting and analysis, and threat assessments to inform industry and [the] private sector,” adding that, “We ask industry/private sector to provide [the] U.S. Government with information on attacks, penetrations, vulnerabilities, but the reverse information flow from the US government and intelligence community makes it very difficult to advise, warn, and notify [the] private sector of emerging threats.”
Before the event, CHDS Strategic Communications Director Heather Hollingsworth Issvoran announced that the Nov. 10 Alumni Hour would focus on mental stress, and that next year’s Alumni Professional Exchange event would be held Feb. 21-23 and has issued a call for presentations. She also noted the Dec. 1 deadline for applying to the CHDS Master’s and Emergence programs.