You've seen it in the news... large government agencies compromised by cyber criminals. Agencies such as LAUSD, HACLA, City of Toronto, and many others are getting hacked by evolving groups of cyber threat actors. In the past few months, the City of Los Angeles has seen a 20x increase on attempts to compromise City of Los Angeles systems and networks. The reason we are not in the news is the hard working and talented ITA professionals that secure our city.
Today, our ITA Spotlight shines on a critical cyber defense group, the ITA Information Security Office - Integrated Security Operation Center (ITA-ISO ISOC). This team has been pivotal in identifying, mitigating, and coordinating response for cybersecurity incidents for not only themselves, but also for their partners that may impact them. One of the primary missions at the ISOC is to work as an integration point for the various security teams throughout the City and to help respond quickly and effectively.
In addition to helping create a more unified and standardized Cybersecurity response, the ISOC has been critical in a number of citywide projects to help protect the city, some of those projects include:
- Protecting City Websites - Attacks against the City of Los Angeles Websites have increased over 20x in the past few months. More importantly, there have been a number of threat actors increasingly targeting City services such as the Los Angeles World Airport (LAWA) and the 311 call center. The ISOC team has been working closely with these groups to identify and mitigate these threats before they could take down these critical services.
- Connect2LACity - The ISOC team has been critical in helping not only quickly deploy the original remote access solution at the beginning of COVID, but also help maintain and run the remote access solution for over 24,000 employees across 42 departments that is critical in these trying times.
- Endpoint Protection and Response - In light of the ever evolving Cybersecurity threats, the ISOC team has identified a number of potential deficiencies in the previous endpoint protection, or antivirus solution which was widely deployed through the City. The ISOC has evaluated, tested, and deployed a number of solutions and identified the current endpoint protection standard that will help protect the City users while working in the office or remote.
- Cyber Watch List / Department Risk Portal - Each year there are over 22,000 new vulnerabilities in various systems that the City of Los Angeles uses which are potential targets for Cybersecurity attacks. Due to the overwhelming number of systems and vulnerabilities we are facing, the ISOC has created an easy to use Metric system for the various 42 different departments to quickly identify their overall risk associated with the vulnerabilities in relation to the City Average.
- Protecting Users on the Web - One of the primary ways a City of Los Angeles employee may be infected by malicious code or targeted by Malicious Actors is through the Internet. In order to help combat the constant threat to users who now work both on-site or remotely, the ISOC has tested and deployed a new cloud-base Web proxy to replace their aging on-prem devices.
- Protecting Their Users through Email - Social engineering and Phishing attacks, or ways for Malicious Actors to steal information from over 24,000 employees across 42 departments, have grown increasingly sophisticated in their methods and techniques. The ISOC works ever-vigilant in identifying and mitigating these attacks which can bypass their current email security tools and filters. In addition, we have deployed an easy way for users to quickly report emails and get a response back on the initial analysis for most emails in under 5 minutes in a couple of quick clicks.