Photo credit: www.csoonline.com

Navigating Cybersecurity in Los Angeles County: Insights from Chief Information Security Officer Jeff Aguilar

The recent ransomware attack on San Bernardino County’s sheriff’s department, which cost $1.1 million to resolve, highlights the growing threat of cyberattacks within the public sector. Jeff Aguilar, the Chief Information Security Officer (CISO) for Los Angeles County, is committed to averting such incidents across the 38 departments he oversees.

Since becoming the CISO in 2022, Aguilar has witnessed a significant surge in cyberattacks targeting governmental entities. According to recent statistics, cyberattacks against government agencies soared by 40% in the second quarter of 2023 compared to the same period in 2022. Although Los Angeles County has so far managed to avoid major breaches, Aguilar emphasizes that ongoing vigilance, proactive communication, and collaboration across departments are critical to maintaining this defense.

Aguilar, who has extensive experience in cybersecurity across various sectors including government, healthcare, and transportation, strongly advocates for the sharing of knowledge and resources among local and state agencies to combat these digital threats effectively. His approach reflects a belief that cooperation can significantly amplify each agency’s defensive capabilities.

(The following interview has been edited for clarity and length.)

The Organizational Structure of Cybersecurity in LA County

At first glance, LA County’s reporting structure – who reports to whom – seems, well, fairly complex.

We operate under a federated model where I report to the county Chief Information Officer (CIO). Each department functions as an independent entity with its own CIO and information security officer, responsible for implementing the cybersecurity policies set at the board level by my team. I manage two deputies, with plans to hire two additional staff members, and we categorize departments based on operational sectors like healthcare or law enforcement. This clustering allows us to set overarching cybersecurity standards while each department operates within these guidelines.

Addressing Local Breaches and Enhancing Cyber Resilience

Both the LA Unified School District and LA Housing Authority recently suffered data breaches. When you see those things so close to home, does it raise alarm bells for you?

Absolutely. Any organization dealing with sensitive data is exposed to potential attacks. I engage in regular discussions with other municipal CISOs, focusing on shared experiences and strategies that have proven effective. This continuous exchange of information fosters an environment of collaboration and transparency within government operations.

While I cannot delve into specific strategies, we prioritize engaging in thoughtful discussions related to policy development and incident response across the region.

Ensuring Compliance Across Departments

You oversee cybersecurity policy for departments with more than 100,000 employees. All it takes is one of those departments to go rogue for good planning to go sideways. How do you ensure compliance?

Managing compliance is indeed challenging. We undergo regular internal audits as a form of oversight; rather than seeing audits as burdensome, I view them as crucial for identifying any gaps in compliance with the established directives and standards. Our audits include detailed checklists ensuring each department adheres to internal policies, and we conduct these assessments multiple times a year. Occasionally, external audits from federal entities provide an additional layer of scrutiny.

Upon completion of audits, we develop improvement plans to address any identified deficiencies, ensuring these findings are communicated to organizational leadership to secure the necessary attention for resolution.

Training Employees: The Front Line of Defense

With that many county employees, you must have your hands full.

Indeed. One of the fundamental security truths is that the individual employee can often become the weakest link in the security chain. Organizations may invest heavily in technological defenses, yet a single careless action can compromise security. Therefore, we have prioritized awareness training across every level of the organization.

In observance of National Cybersecurity Awareness Month, we are enhancing our training initiatives by engaging with employees and inviting industry experts to share vital lessons. By relating security protocols to real-life scenarios—such as during the upcoming holiday season, when phishing attempts typically rise—we emphasize the relevance of cybersecurity knowledge both professionally and personally.

Evaluating Training Effectiveness

How do you know if your awareness training is effective?

We continuously assess the effectiveness of our training through regular drills and scenario-based exercises. Collecting click rate data for different departments allows us to analyze trends over time and tailor our training programs to address specific vulnerabilities or emerging threats in the industry.

As we approach events like elections, we adapt our training to include guidance on recognizing phishing emails that may leverage political themes to trick employees.

Proactive Threat Detection

Do you do anything like threat hunts to find potential vulnerabilities?

Certainly. While we mainly outsource threat-hunting exercises due to the expertise required, we are actively working to build this competency in-house. Collaborating with trusted partners enables us to conduct thorough assessments of our security posture. We frequently utilize the MITRE ATT&CK Framework to contextualize potential threats relevant to our jurisdictions, reinforcing the importance of inter-agency collaboration when threats emerge.

Learning from Past Experiences

Tell us about a hard lesson you’ve learned in the last year.

Fortunately, we have avoided significant breaches, but we recognize the increasing risks associated with supply chain management. The SolarWinds incident highlighted vulnerabilities that could impact our extensive vendor network. To enhance our supply chain risk management, we developed the Security and Privacy Exhibit, ensuring that both the county and contractors meet privacy as well as security standards through comprehensive contractual commitments.

As we evolve our practices, we are currently revising our cloud services addendum to include provisions for generative AI, an emerging area we believe necessitates proactive safeguards.

Staying Ahead of Technological Change

How do you stay ahead of the curve on these new and emerging technologies?

Most CISOs rely on a combination of shared knowledge and industry awareness to stay informed. My role involves regular communication with federal partners, including threat briefings from organizations like the Multi-State Information Sharing and Analysis Center (MS-ISAC). Collaborative efforts extend to monthly meetings with FBI representatives, keeping us informed on national threats. My own interests in upcoming technologies, such as AI and quantum computing, drive me to anticipate security challenges before they arise.

In summary, effective leadership involves the foresight to identify future risks and plan accordingly, ensuring we are prepared for what lies ahead.

Learn how to protect your business-critical endpoints and cloud workloads with the Tanium platform.

This interview originally appeared in Focal Point.

Source
www.csoonline.com