Rhode Island’s Cyber Disruption Team Wants to Work with Businesses to Fend Off Hackers

The sharing of cyberintelligence between government security agencies and non-government entities is a new frontier — another progression — in the wave of intelligence-sharing that followed the terrorist attacks of September 2001

by Mark Reynolds, The Providence Journal, R.I. / August 23, 2016

(TNS) -- The cyberattack threatened to permanently encrypt a Rhode Island police department’s computer data. Years of arrest records were at risk of being lost forever.

At the time of the crisis, about two years ago, hackers were making great forward leaps in their use of "ransomware," which hackers use to lock down data before requesting ransom.

But in this case, the hackers were foiled by Rhode Island’s Cyber Disruption Team, a panel of more than 30 cyberexperts from law enforcement, academia and the private sector who work together to protect networks and defeat attackers. In short, someone on the disruption team knew how to write the necessary code to save the files and defeat the attack, says state police Capt. John Alfred.

Although Alfred won’t say too much more about the case, he stresses that it exemplifies the type of information-sharing that state police hope to cultivate on a much larger scale.

The sharing of cyberintelligence between government security agencies and non-government entities is a new frontier — another progression — in the wave of intelligence-sharing that followed the terrorist attacks of September 2001, says the superintendent of the Rhode Island State Police, Col. Steven G. O’Donnell.

"Twenty five years ago, the number one priority was... La Cosa Nostra for the state police detective bureau... the No. 1 priority for the state police in 2016 is cyber," O'Donnell says.

After 9/11, the coordination focused on getting government agencies on the same page. Now, says O’Donnell, state police are working to develop stronger ties with companies, universities and others who are heavily invested in efforts to protect networks from cyberattack.

"They get information all the time about their own... cyberthreats and all the hacking that goes on within their business structures," O’Donnell says. "...The information that we look at from a law enforcement perspective may be really helpful to them and the information they can provide us can be very helpful to us."

Last spring, O’Donnell combined the state police computer crimes unit and the fusion center, a state police-run intelligence-sharing entity.

The computer crimes unit, previously part of the organization’s detective unit, had formed about 10 years ago, with its responsibilities and workload growing ever since.

The fusion center had evolved from a post-9/11 entity focused on sharing of homeland security-related intelligence to an entity that handled analysis and exchange of information regarding all sorts of criminal matters beyond terrorism.

In late April, both units were put under the command of Alfred.

And in June, state lawmakers allocated funding to hire three civilian staffers to join Alfred’s team.

O’Donnell says the changes should help state police expand on the previous efforts of the Cyber Disruption Team and increase outreach.

- Some businesses and other entities can benefit from public education campaigns designed to spread the word about the best ways to guard computer networks, according to Alfred.

In May, for example, members of the Cyber Disruption Team gave presentations about securing cyber assets to the representatives of 32 Rhode Island cities and towns.

"Eighty-five percent of computer problems can be stopped by having proper computer hygiene," Alfred says

Some non-government entities, who have much to lose in a cyberattack, already staff their own teams of highly skilled specialists.

Some of these specialists have the necessary expertise and government security clearances to work quite closely with Alfred’s team. This can make it possible for their companies to benefit from the latest intelligence on cyberthreats, which course through a secure portal in the fusion center.

Such sharing is already happening, just not on the scale that O'Donnell hopes to see in the near future.

He envisions a specialist from a large company such as Raytheon working closely with Alfred’s team, perhaps even keeping a desk at state police headquarters in Scituate.

"If you can prevent a $2-million loss, why wouldn’t you do that?" O’Donnell says. "If that means you have to pony somebody up two days a week, I’m going to do that if I’m a CEO."

"If we’re all talking to each other on a daily basis or bi-daily basis or weekly and we’re all on a task force together, much more information is shared," he says.

Already, members of the Cyber Disruption Team, including representatives of companies such as National Grid, CVS, Lifespan, some banks and universities, meet on a monthly basis, Alfred says.

O’Donnell says he can’t give a more comprehensive list without seeking permission from the participants.

Tim Horan, president of National Grid Rhode Island, said the utility company has a team of specialists who have the right skills and tools to look after cybersecurity.

These specialists, said Horan, can increase their collaboration with state police and the cyber disruption team if that’s called for. Such networking, he says, "is the right thing to do."

"It’s an area that’s changing every day," Horan said. "What we’re doing now and what’s affecting us a year from now will be different."

"The bottom line is the attacks are out there," he said. "They are increasing. They are getting more sophisticated."

©2016 The Providence Journal (Providence, R.I.) Distributed by Tribune Content Agency, LLC.