Last February, analysts at ISOC were able to identify 16 ransomware attacks in five city departments. "We identified the attacks across the departments, segmented them off, didn't lose any data and didn't pay any ransom," Lee said. The city determined the ransomware attacks were zero-day events, Lee explained.
"There is constant coordination and information sharing performed by ISOC across the city departments and with the broader network of federal and other local governments," Ross added. "This is only possible with ISOC and didn't exist before. ISOC was directly involved in identifying the ransomware in February."
L.A. shares its findings about attacks with the FBI, Homeland Security and the Secret Service. In all, that sharing reaches up to 2 million cyber professionals, Lee said.
"We're not only trying to up our game around cyber defenses," Ross said. "We're in a position now where we're truly unified with other governments in a cyber watch and cyber defense effort."
Even though there are new flavors of cyber attacks every week, Ross said his biggest worry these days is still ransomware. "Ransomware is just so ubiquitous and the delivery system is so innocuous. Someone can attack a personal machine or shared drive. With 48,000 city employees we have a lot of ports, so we need to be that much better than the attackers."
To combat ransomware, the agency bangs out the common drumbeat: "If you don't know where you got a link or an email or a download, don't click on it," Ross said. "The average person doesn't realize they could launch something very powerful by opening that email. Human beings are often the weakest link in the chain."
Ross and Lee said they feel confident about the security behind their internet of things infrastructure, which is protected by frequent password updates and patches on endpoints. In a recent Distributed Denial of Service attack on DNS provider Dyn that made major web sites inaccessible, the Mirai botnet was deployed, perhaps by amateurs, to insecure IoT devices, including consumer devices like internet cameras.
"DDoS attacks are certainly a big concern," Ross said. However, Lee said Los Angeles does deploy vulnerability management software and endpoint protection, including antivirus software -- using both behavior-based and signature-based techniques.
"At least with a DDoS attack, it takes a [relatively] long time to develop and gives us some time to react," Lee said. The city also relies on frequent penetration testing to check for vulnerabilities.
"Even though government gets a rap for being old fashioned and paper-driven, certainly large cities like L.A. have been very progressive," Ross said. "We see how dramatically fast the cyber landscape is changing. We see how cities are stewards of assets that nobody else has.
Sign up for CIO Asia eNewsletters.