Local cities have cyber security at the forefront of their minds, as institutions and homeowners become increasingly dependent on ditigal technology.

Security experts in Inland Valley cities and San Bernardino County said social security and personal privacy remain important issues since computer technology continually evolves.

"It requires constant vigilance and making sure that you are prepared," said Elliott Ellsworth, information technology director for the city of Ontario.

Several local government agencies already have made steps to tackle cyber security threats such as viruses, botnets and denial of service attacks, which could limit public access to Web sites or shut down sites entirely.

Many cities including Ontario, Claremont, Pomona and Fontana have information technology or services departments, which often provide technical support and network security.

Ellsworth said Ontario established his department over a decade ago and now operates with several network security specialists.

Dale Wishner, systems manager in Ontario's information technology department, said the best security model is often patterned after an onion.

"You try to build up as many layers as you can and slow down the hacker from getting into your network," Wishner said.

To protect private information and repeal attacks, Ontario has installed anti-virus software, spam and e-mail filters, firewalls, a specialized payroll system, application security and also routinely brings in third-party technology consultants to find cracks or holes in its system.

Novacoast, Inc., an information technology and services company, works with Ontario and other Southern California cities, state and national clients to better secure their systems from general nuisance hacking to more malicious attacks.

"Almost without exception today, the idea of hackers or attackers coming after any agency is not anymore about bragging rights at all," said Al Maslowski-Yerges, national security practice manager of Novacoast. "Their main goal is to be silent and under the radar as possible."

Maslowski-Yerges said his organization had clients that experienced a variety of attacks from Web site defacement to private information theft.

Sometimes attacks can come internally within the organization being attacked.

He added that the best way to protect an organization is to be proactive and create multiple layers of external and internal defenses as well as actively protect and maintain those defensive measures.

Cal Poly Pomona professor Dan Manson said any connection to the internet has a level of risk.

"The internet was not designed with security in mind, so security is always what we put in after the fact," Manson said.

Manson, a professor of computer information systems in Cal Poly Pomona's College of Business Administration, said a city probably would not be at the top of any hacker's list but could become a potential attack target.

He said one of the many reasons organizations go under attack is because many compromised private computers were used to launch attacks without owners knowing it.

"What I have learned about security in all my years of experience, people are the weakest link," Manson said.

Like Manson, Mt. SAC professor Robert Loya believes in security awareness as the initial step to effective protection.

Together Manson and Loya helped establish the Regional Information Systems Security Center at Mt. SAC and other partnering campuses, which focuses on raising computer security awareness within surrounding communities.

Loya, director of the center at Mt. SAC, said many people could be involved in a cyber attack.

"They usually want to be reactive and wait for something to happen to protect themselves," Loya said.

Once a hacker compromises private machines with malicious software like "bots," information can be bounced off from one computer to another, eventually crippling service Web sites with denial of service attacks. Services generally offered to the public would suddenly become unavailable.

Recent targets of such denial of service attacks included the National Security Agency, State Department and Homeland Security Department as well as South Korean government agencies.

San Bernardino County information technology officials said the region has not experienced similar attacks but they have determined that the cyber protection in place is adequate.

Tyrone Smith, assistant chief information officer and chief technology officer for the county, said his staff in the information services department compare publicized threats to their systems and determine if further action is needed to add to their security measures.

"We take security very seriously," said Steve Hall, chief information officer for San Bernardino. "We have standards to prevent Web sites from being compromised."

Information technology groups will continue to protect and upgrade local security because a cyber assault can come at any moment and cause considerable damage.

"(A cyber attack) is a serious concern," Hall said. "Any outages or any major attacks could cripple us for a period of time."

0 comments:

Post a Comment