A new unit at the Center for Internet Security is focused on merging cyber and physical security to aid governments in dealing with emerging threats, security experts Will Pelgrin and Rich Licht say.
The new unit, known as the Integrated Intelligence Center, takes an integrated approach and facilitates trusted relationships between the government private-sector entities to develop and disseminate critical information, says Pelgrin, founder and chief executive officer at the CIS.
The goal, according to Licht, executive director for the Integrated Intelligence Center, is to leverage the information CIS has through the Multi-State Information Sharing and Analysis Center and couple that with the information provided by participating partners to offer actionable intelligence products.
"There's a lot of information out there," Pelgrin says in an interview with Information Security Media Group [transcript below]. "Let's put it in a way that's very useful, because sometimes too much information doesn't allow it to move into that action step."
No longer can physical and cybersecurity be looked at separately, Licht says, since an attack on an organization's systems can cause physical infrastructure to fail.
"We want to be in a position to have a warning," Licht says. "Being able to sound a warning and being able to do that with a degree of efficiency ... allows people to put their resources in the right place at the right time."
In the interview, Pelgrin and Licht discuss the:
- Evolution of the merging of cybersecurity and physical security;
- Importance of creating the Integrated Intelligence Center;
- Leveraging of information from the Multi-State Information Sharing and Analysis Center, another Center for Internet Security division, to help the new unit provide analysis and actions to defend against threats.
Pelgrin is the former top IT security executive for the state of New York and founded MS-ISAC, which was incorporated into the not-for-profit Center for Internet Security. Before joining the Center for Internet Security, Licht served for six years as the assistant special agent in charge of the FBI's Albany, N.Y., division.
Integrated Intelligence Center
ERIC CHABROW: Tell us about the Integrated Intelligence Center and how it came about?
WILL PELGRIN: We're really excited about this new program. It takes what we've been doing for the last three or four years and brings it into a more formalized process. As you know, everything that we do [from] the very beginning has been about collaboration and cooperation. We've got great partners out there from the state, local, territorial and tribal governments, the law enforcement community, as well as the private sector, on how we can improve the cybersecurity posture in this country.
One of the things we all have realized now is that you really can't separate the physical side of the house from the cyber side and that those two domains really are integrated in a way that you need to understand the threat complexes that each face in order to be as secure as you can be.
Back in 2009 with Rich Licht when he was with the FBI in Albany, we started with the New York State Police, meeting on a monthly basis on how we'd look at threat information in a more comprehensive way, meaning talking about risk and threats out there not just to share information, but how we could make that into an action statement. How can we move forward from just pure sharing of information to a real tactical approach? What can I do to better secure my environment or to mitigate something that may be going on?
We work very closely with our partners in that arena to improve the cybersecurity posture for not only New York, but for the country as well. We did that also with the New York State Office of Cybersecurity. Our goal was to be as inclusive as possible. We would have as many individuals as we could in a trusted environment to share that information, and we went from a very ad-hoc process which was when there was an incident, to a semi-formal process which was meeting every month, to a little bit more formal process where a lot of these individuals were part-time with us, to now a formalized approach through this Integrated Intelligence Center. I can't tell you how thrilled I am to have Rich Licht heading up this for us at the Center for Internet Security.
It really takes this integrated approach and it facilitates that trusted relationship that we have with both the government and the private sector-entities to develop and disseminate critical, comprehensive information that will help the security posture for all those involved. We look forward to working with our partners. In particular, the Department of Homeland Security at the federal level and the FBI have really come to the floor in helping us build this Integrated Intelligence Center in a way that will be very useful to a community such as our homeland security advisers as well as to the fusion centers around the country, as well as within New York State.
How the Center Operates
CHABROW: Rich, why don't you tell us a little bit about how the center operates?
RICH LICHT: It's still being stood up. We've been at it since mid-December, putting pen to paper and trying to formalize what that will look like. We're establishing a customer base across state and local fusion centers and homeland security advisers. I was just at a conference and they're clearly interested in having somebody facilitate the integration of the physical and cyber side and the intelligence that lives in both, trying to give as quick and actionable a picture as we can to the information that's out there for the benefit of all the partners. Our mission statement says that we're going to facilitate trusted relationships with government and private-sector entities and develop and disseminate comprehensive and coordinated intelligence products. That's really the essence of what we're going to do. Leverage the information that CIS has here through MS-ISAC and couple that with our other partners and provide an analytical overlay to that, and create some actionable goal intelligence products that can be used by all of our partners.
CHABROW: Do you know when all of this will formally be available?
LICHT: We're putting people in place right now. We've hired one intelligence analyst with a robust cyber intelligence background. We're going to look to hire several more and I think sometime in the next two or three months we hope to have something that's a deliverable for people to be able to take hold of and use in their day-to-day business processes.
PELGRIN: One of the things that we want to do is work with our partners out there to develop those products that really serve their need. There's a lot of information out there. Let's put it in a way that's very useful, because sometimes too much information doesn't allow it to move into that action step. Rich and I have been working very closely with the communities that we want to have as our first line of partnerships out there, and produce those that really have value for them in order for them to do their job better.
Connecting Physical and Cybersecurity
CHABROW: Walk me through an example of where the connection between physical and cybersecurity exists. What kind of service would you get out of your organization?
PELGRIN: There's the example that I always give and I think it resonates well. As a country we've moved beyond this, so let me just state that everyone at the federal, state and local levels has really done a tremendous job moving forward in both the cyber and the physical arena, improving our security posture.
But the example that I normally give that I think resonates well is that, while we look at bridges as just a physical structure, those bridges, if they're either destroyed or incapacitated, even from a traditional threat-based analysis, one of the things that needs to be recognized is sometimes there are telecommunications that run underneath those bridges and that there's also a cyber consequence. As we all know from the horrific event on 9/11, when that tragedy occurred and when those buildings came down, so did part of our infrastructure as well as our telecommunications. We lost a number of connectivities that day. That was when the change happened to me, when I recognized from my perspective and I'm sure others much earlier than I did that the relationship from physical to cyber can't be unwound. We really need to understand both so that as we look at this, we're looking at it in as comprehensive a way as possible to have the most accurate situation awareness that we can have at the time to make appropriate decisions that we make.
CHABROW: The type of attack that occurred on 9/11, or the example with bridges, deals sort of with the physical infrastructure part of cybersecurity - the cables and things like that. How about other types of cyber threats, where we're talking about people getting into systems that can also perhaps threaten physical?
LICHT: We speak about CIKR - critical infrastructures/key resources - and look at how many of those are Internet-facing and the SCADA systems that manage and are used to manage those systems. There's an entire ocean of things out there that are configured that way that are subject and vulnerable to intrusion attack, manipulation and data corruption, which causes a lot of our physical things to fail. As we look at those, we want to be in a position to have a warning. Being able to sound a warning and being able to do that with a degree of efficiency and economy allows people to put their resources in the right place at the right time to prevent those types of things from happening.
Cyber/Physical: The New Norm
CHABROW: There are people who say you can't have cyber war without kinetic war. I don't want to talk about cyber war, but the point being, there's some kind of connection between the two. As we evaluate vulnerabilities and as we evaluate threats, are we getting to a point where you really can't just focus on physical or cyber?
LICHT: If I think I understand your question, the interview that you just recently did with the program manager for the Information Sharing Environment, Kshemendra Paul, where he said there's such an integration of the two, he suggested and at some level we have to agree that you can't separate the two and that there are consequences from problems with both, specifically with cyber as we become more cyber-dependent.
PELGRIN: If you do try to separate the two, what happens is that you have a partial response and you may not see the entire picture either from a response perspective or a mitigation perspective, or even a deterrence to be able to prevent it from happening in the first place. If there's a particular threat, we need to think holistically about what that threat could mean and then make a determination as to what response actions we're going to take. Ignoring one is no longer feasible. We need to ensure that both are at the table and both sides are considered, regardless of what that threat is.
CHABROW: Correct me if I'm wrong, but the organization that you headed up in New York dealt with cyber and physical security.
PELGRIN: My office was the Office of Cybersecurity but we were within the Department of Homeland Security so the relationship between physical and cyber were very much tied together, so yes you're correct. I had a seat at the table in order to bring that voice forward from cyber, but at the same time the physical side was being heard as well. New York and the government are very proactive in ensuring that those two areas are very much heard together and not separated.
New Skills Sets
CHABROW: Are there new skills that will be needed to have professionals deal with cyber and physical together?
PELGRIN: When you think about the skill set, that's a whole new webinar that we need to do. We lack a sufficient skill set globally. In this country, this is one of the areas that from the cyber side alone there's almost zero unemployment in that field. On the physical side, because it's a much more historic involvement, those skill sets are more readily available. We're doing everything possible to ensure that those skill sets are available across the board to address this new arena that we all face and the challenges in this domain. I think of the different domains you have - air, sea, and land. In this day and age they've all collapsed into one and you really can't separate them out. You need to look at it very differently than you did in the past.