City

Big-city CISOs form cyberdefense group

The Coalition of City CISOs launched this month to help cities cybersecurity chiefs collaborate and get the attention of their political leaders.

By Benjamin Freed

October 22, 2020

(Getty Images)

A group of big-city chief information security officers recently formed an organization to help each other, and the jurisdictions they serve, collaborate on sharing threat intelligence, improving cyber defenses and educating their constituents about online risks.

The Coalition of City CISOs was born out of a lunch between San Francisco’s Michael Makstman and Boston’s Greg McCarthy during the 2019 RSA conference, Makstman said Thursday during a CyberTalks session. A larger group of citywide CISOs coalesced at this year’s RSA event, and the group met for the first time Oct. 14.

“We found so much in common,” Makstman said. “We want to have others in that conversation.”

In addition to Makstman and McCarthy, the new association’s founding members include the CISOs from Dallas, Detroit, Los Angeles and Seattle, Makstman said. Though little-known to the public, information security officials can be hugely influential in how city governments interact with their residents, especially at a time when local governments are routinely targeted by threats like ransomware, McCarthy said.

“With the majority of citizens living in cities, we have a real direct impact on our constituents,” McCarthy said. “We’ve seen how devastating a cyber disruption can be to government operations and the constituents they serve.”

Makstman said the group is focused on three audiences: peers, politicians and the public, noting that many elected officials are becoming more attentive of cybersecurity matters.

“They’ve seen Atlanta, they’ve seen Baltimore, they’ve seen New Orleans, and they don’t want to be in the same boat,” Makstman said. “Our job is to support them and educate them, and tell them how they can support us.”

But Dallas CISO Brian Gardner admitted it can still be hard to break through.

“The CIO said to me one day ‘we don’t really talk about cybersecurity,'” Gardner said. “That’s something we need to be elevating to the politicians, mayors, city councils. It may be quiet right now but we need to prepare, we need funding, we need to allocate all those resources to get what we need to be in a good place.”

Still, the nascent effort is growing, the CISOs said, and has yielded results on the intel-sharing front. McCarthy credited the involvement of Los Angeles CISO Timothy Lee — and the nonprofit LA Cyber Lab — with sharing information about threats against police departments during the summer protests against police violence and racial injustice.

The coalition’s also been noticed by federal cybersecurity officials, drawing praise during a Tuesday CyberTalks session from David Stern, who leads state, local, tribal and territorial outreach at the Cybersecurity and Infrastructure Security Agency.

“We figure there’s strength in numbers, so it’s really important we come together as a group,” McCarthy said Thursday.