Cities within Cook County, Illinois, are banding together to confront cyberattacks with the launch of a Cyber Threat Intelligence Grid.
The grid is a shared aggregator of threat detection tool streams, designed by Anomali, and part of the county’s three-year initiative to deploy a threat detection service that can facilitate two-way communication between city and county staff.
The grid went live in October and is now active in seven cities. IT staff will gradually connect all of the county’s 134 cities, adding about five to 10 each month.
Creating an effective threat notification service was no small task, because it requires the grid to format alerts in a way that’s actionable for security specialists yet easily understandable for city and county analysts, said Cook County Chief Information Security Officer Ricardo Lafosse.
Lafosse works within the county Department of Homeland Security and Emergency Management’s (DHSEM) Information Security Office. He explained the idea had originally focused on developing a system internally, but after investigating potential solutions it was apparent that more could be done expand the project’s impact.
“As we were building out the solution we realized there were other opportunities to share the threat intel that we are receiving and also creating with our local municipalities,” Lafosse said.
Another reason the county sought to widen the scope of the project was to alleviate some of the financial pressures on its smaller cities that — as is the case in many municipalities throughout the U.S. — can’t always afford the cost of cybersecurity solutions.
“So, we started a small pilot program to see how the feedback would be and how a smaller municipality would be able to benefit from it.” Lafosse said. “And we got very good responses from the initial pilot.”
Cities expressed a strong liking for the platform, which allowed them to create a city account and instantly gain access to the latest notifications, Lafosse said. What separated Anomali from the pack, he said, was its ability to integrate the intelligence grid into the county’s current information security tools and also its ability to be used between staff, jurisdictions and county’s “power users” scanning for attacks.
The vendor also provides early detection tools to identify hacking attempts within an organization’s network, and it does this with a system that can process tens of millions of threat indicators against an organization’s network activity logs in real time, Lafosse said.
As more cities join the network, government leaders across the county will be able to use each other as resources to confront a diverse number of threats in real-time. The responsiveness of the system and its ability to standardize data are its greatest assets, said James Frank, director of information technology in Berwyn, Illinois, in a press release.
“This partnership with Cook County and many other municipalities gives us a much better ability to rapidly pinpoint cyber threats and work together to neutralize them,” Frank said. “Ultimately, it provides direction toward a higher cybersecurity standard, allowing us to provide city residents and staff the best possible service.”
Lafosse said teamwork is especially helpful considering the region’s ample size and the variety of cyberattacks that target the county.
“We have threats ranging from your typical commodity malware to more sophisticated tech, it really varies and runs the gamut based on date, time and national events,” Lafosse said. “It’s really all over the place.”