While many large cities have grown their cyber capabilities in recent years, some are also increasingly concerned with helping local businesses defend themselves from online threats. Historically, though, governments simply sharing threat information with members of their communities hasn’t necessarily resulted in better defenses, as small mom-and-pop operations typically lack the resources and knowledge to secure their data and devices.
But that’s been changing in Los Angeles in recent years, speakers said Tuesday during a CyberTalks session, thanks to the work of the three-year-old LA Cyber Lab, a nonprofit organization that provides cybersecurity assistance to small and mid-sized businesses in the greater Los Angeles area.
“In the past we’d share information with people who didn’t know what to do with it,” said Glenn Haddox, the chief information security officer for the Southern California Edison energy company and the president of LA Cyber Lab’s board of directors. “So it’d create anxiety. The bad guys share everything. We need to act as more of a team.”
LA Cyber Lab was founded in 2017 to serve as a vehicle for Los Angeles’ public and private sectors to collaborate on cybersecurity initiatives, including intelligence sharing and professional development. It grew last year when, with the backing of IBM, it added an online threat-intelligence platform and a mobile app designed to help businesses weed out phishing emails.
From the government’s perspective, said citywide CISO Timothy Lee, the lab has helped it get information out to the business community and build its partnerships with Los Angeles’ many colleges and universities.
“From the City of Los Angeles alone, we have a massive amount of data we handle, and that produces a lot of good threat intelligence,” Lee said during the event. “LA Cyber Lab is not just threat-intelligence sharing. It also plays a role as a bridge between business, academia and the public side.”
The effort hasn’t gone unnoticed at the federal level. David Stern, who leads partnerships with state, local, tribal and territorial governments at the Cybersecurity and Infrastructure Security Agency, said local programs like LA Cyber Lab can act as “force multipliers” for CISA’s distribution of intelligence to non-federal entities, which is often filtered through organizations like the Multi-State Information Sharing and Analysis Center.
He mentioned, for instance, a recent alert CISA put out warning state and local governments of a resurgence of Emotet, credential-stealing malware that’s frequently used as a precursor to ransomware attacks. While the alert went to state fusion centers through the MS-ISAC, Stern said, LA Cyber Lab was able to share relevant information with small businesses in six counties across Southern California.
“A lot of the information we share, the Cyber Lab is able to put a localized lens on it,” he said.