Putting the geospatial in cybersecurity

The potential for election tampering, hackers taking out internet-connected traffic cameras prior to the Inauguration in Washington D.C., and recent massive data breaches are part of our daily news feed and the cybersecurity dangers of our wonderfully connected world.  As our reliance on network-enabled devices continues to grow and, particularly in the areas of government and citizen service, we see the astounding benefits of such connectivity, but the omnipresent threats of cyber attack are becoming even more overwhelming.

There is a missing component in most cybersecurity efforts — geographic information and, when it comes to protecting our nation’s cyber infrastructure, it is a very important piece.

Cyber threats affect more than just the information technology infrastructure of an agency or command. These threats cause disruptions to its entire network that can impact its principal business functions and mission. As such, cybersecurity should be assessed in terms of its direct contribution to the successful execution of an organization’s primary missions. Organizations can no longer ignore cyber threats or delegate security to the information technology department alone. Cyber defense must be integrated into traditional security activities, such as physical and personnel security as part of an overarching effort to protect business operations from both external and internal threats. Cybersecurity activities must be prioritized and aligned to strategic business objectives. Geographic information system (GIS) technology is the foundation needed to establish shared situational awareness for interdisciplinary activities. Utilizing GIS will help to improve cyber defense and enable a cross-disciplinary approach to providing organizational mission assurance by helping prioritize the availability of IT systems based on mission priorities.

By combining traditional cyber indicators with a geospatial platform, organizations can quickly discover and prioritize all manner of cyber threats, both natural and manmade, intentional or accidental, by creating a comprehensive model that integrates all available data. The result is organizationwide agility that combines physical and cyber activities when responding to service interruptions and complex intrusions. It also prioritizes preemptive actions that can prevent disruptions or mitigate their impact.

Advertisement

Missions or business activities conducted by personnel and organizations can be prioritized. People use devices (desktop computers, mobile devices) to interact with systems to conduct their missions and business activities. Devices and systems are connected to networks to exchange information and the data needed for those activities.

The geographic layer serves as the common integrating framework across all layers. Integration is achieved by geo-locating all nodes, including people, user devices and infrastructure devices, and the network segments that connect them within and between layers. Geospatially enabling a common operational picture (COP) allows users to consider the effect of non-cyber, physical events in relation to cyber devices as well. Traditional geospatial datasets, such as weather, crime patterns and physical security threats can provide value to cyberspace operators when assessing risk to their communications networks. Regardless of the cause of the disruption, cyber operators must be able to anticipate the risk of failure for certain, critical devices and then determine the mission impact of those device failures.

Connecting cybersecurity activity to a geographic layer provides the foundation from which shared situational awareness can be achieved. A truly comprehensive GIS platform must be able to support user workflows, collaboration and the dynamic situational awareness necessary to meet a variety of mission requirements. The technology that can deliver these capabilities is available on many networks and from devices such as tablets and smartphones, providing personnel with access to information and data to support decisions for awareness, prevention, protection, response and recovery. The location intelligence that runs through a GIS platform can be quickly accessed, understood and shared to support coordinated actions.

The power of GIS combines location with cybersecurity activity and other data to better anticipate, detect, respond to and recover from threatening security incidents. The technology is easily integrated into an organization’s existing command and control structure to ensure that leadership has access to complete and accurate data for decision making. In fact, GIS platforms are already widely used in national security agencies, including defense, national intelligence, critical infrastructure protection and emergency management. Integrating the power of location intelligence with cybersecurity data allows organizations to make better decisions before security is compromised, rather than when it is too late.

Jeff Peters is the director of the national government sector for Esri.