Online security breaches continue to be a serious and growing problem for public agencies. In April, the U.S. Department of Labor website was hacked, while just a couple of years ago, Anonymous wreaked havoc on San Francisco’s Bay Area Rapid Transit online portal, leaking contact information for various site subscribers.
In response to these types of attacks and more sophisticated threats, states and municipalities have sought to employ the latest cybersecurity software to protect their interests. But quite a few have gone a step beyond that, creating dedicated cybersecurity operations centers and task forces to respond to and prepare for digital threats.
New Jersey is one of the most recent examples. The state launched the Cyber Fusion Cell as a part of its Regional Operation Intelligence Center in January. The intelligence center interfaces with the state’s law enforcement community by being a primary point of contact for collection, analysis and dissemination of intelligence data.
The Cyber Fusion Cell takes those efforts further by improving New Jersey’s ability to share information on cyberthreats by collaborating with key public- and private-sector entities.
The unit is made up of two parts. The first half consists of New Jersey staff members who monitor the state’s network infrastructure, computer systems and firewalls. The other element is a workgroup of high-level executives that meets to discuss intelligence and strategies to handle the latest cyberthreats.
New Jersey’s Cyber Fusion Cell isn’t unique, however. Similar entities exist in Washington state, Washington, D.C., and other large urban centers nationwide. For example, in the Pacific Northwest, regional jurisdictions have combined to launch the Public Regional Information Security Event Management System. Local governments there send security logs to the group, which watches for threats against the region’s digital landscape.
Back in New Jersey, officials are still ironing out the operational component of the Cyber Fusion Cell. Although trained specialists are available to handle a cyberevent if one occurs, state CIO Steve Emanuel says the state is adjusting its processes in the wake of two cyberattack drills conducted last year.
First, a one-day, state-run exercise enabled cybersecurity analysts to fine-tune their response capabilities. The second event was the FEMA 2012 National Level Exercise that focused on the nation’s response to a series of cyberevents. New Jersey is studying the experiences to devise more effective strategies to address digital attacks with the Cyber Fusion Cell.
“We were able to test when a simulated attack occurred and what steps were to be taken to address the threat and respond,” said John Essner, New Jersey’s chief information security officer. “And that allowed us to run procedures, identify gaps and hopefully correct those gaps over a period of time.”
Emanuel and Essner declined to name how many cybersecurity analysts are dedicated to the Cyber Fusion Cell, but New Jersey isn’t relying solely on state staff to protect its digital landscape. Emanuel added that he’s looking to use every resource possible, including the New Jersey State Police, additional government agencies and other groups.
If a cyberincident does occur, New Jersey usually receives information from its own systems or a third-party source, such as the U.S. Department of Homeland Security or the Multi-State Information Sharing and Analysis Center. Essner said that depending on the severity of the threat, the team immediately tries to respond to it while also implementing mitigation strategies and notifying key state government management personnel.
In addition, the state uses a tool called the Suspicious Activity Reporting System to bolster its effectiveness. The system protocols were initially set up so that citizens can alert the New Jersey Office of Homeland Security and Preparedness when they witness suspicious activity or items like an unattended bag in public places. But the state also has adopted the system for cybersecurity.
By using the same reporting process, both the New Jersey Office of Information Technology and law enforcement can be alerted to a cybersecurity concern.
“They can look at it from a response standpoint and be able to bring their analysts to try to collect as much detail about the incident so we can hopefully identify the source of the attack,” Essner said. “We are able to work with our partners in the federal agencies to hopefully correlate this information [in case] certain entities might be attempting to cripple or directly impact big business.”
The workgroup portion of the Cyber Fusion Cell spends its time coordinating business processes and designing response plans with local, state and federal law enforcement partners. Emanuel said high-level executives meet monthly to talk about and tackle cyberthreats they see now or expect to encounter in the future.
Funding is provided by a mix of sources. Although nothing is formalized yet, contributions to keep the fusion cell active come from the Office of Information Technology as well as other state departments and federal agencies. According to Emanuel, a long-term sustainability plan is on the group’s agenda and the members are aware they need to get to it soon.
For now, the program aims to stay flexible to address cyber-related issues as they arise.
“Cybersecurity has been more of a responsive activity, and in order to truly provide the long-term plan for cyberissues, we must find a way to cross that line to become more proactive,” Emanuel said.