Why Leading Cities and States Should be Protecting ‘Digital Citizens’ from Mobile Threats
When most people think of Zimperium, they may recognize us as the leader in enterprise mobile device and app security. Or, they have seen the recent news on the Defense Information Systems Agency (DISA), a U.S. Department of Defense (DoD) organization, selecting us to deliver comprehensive Mobile Endpoint Protection (MEP) to the unclassified government furnished (GFE) devices of servicemen and women around the world.
In regards to the DoD announcement, this a watershed moment and we are honored to protect DoD mobile users and endpoints against phishing, malicious/risky apps, OS exploits and network attacks.
We are also honored to be protecting the “digital sidewalks” – as Jordan Sun, the Chief Innovation Officer for the city of San Jose and Director of the Mayor’s Office of Technology and Innovation (MOTI) referred to it in a recent commentary in The Hill – for New York City residents and Los Angeles Metro riders against mobile threats with the only machine learning-based, on-device mobile security solution.
I recently had the pleasure of hosting a panel session during this year’s North American International Cyber Summit. The panel – The Future of Mobile Technology and Security for the Digital Citizen – featured:
- Mitch Herckis, senior advisor of New York City Cyber Command;
- Douglas Anderson, senior director Information Technology for the Los Angeles Metro; and
- Jayson Cavendish, senior security architect for Tech System, contractor to the state of Michigan.
Below are select snippets from this lively, compelling and informative panel discussion.
A little bit of background
“NYC Cyber Command is a relatively new organization, particularly by New York City standards, where we have some agencies that marked their life in over a century. We were created just three years ago by executive order and we were formalized into the city charter just this past month.
“As the senior advisor for operations for the organization, I help with a central part of our mission, which is to implement cybersecurity as a central authority across a hundred plus agencies.
“We also have a resident-facing mission, ensuring residents of New York City are able to be safe in their own digital lives.”
“LA Metro is the third largest transit company in the U.S. We transport about 1.3 million riders a day. It is a sizable agency and because of that we have a fairly large presence.
“One of the things my team is challenged with, is looking at using technology for innovative ways to enhance the customer experience. Equity is another big issue here for Metro. We have a lot of riders that are low-income and cannot even afford connectivity.
“Even though it is not blanketing the city, our routes do cover the entire city and they are basically based on population and ridership density, those kinds of things. Where there are more people there are more routes. It seemed like a good way to maybe accomplish some of the goals that the city wanted to do.”
NYC Secure and LA Metro Secure
“The NYC Secure initiative is the name of our resident-focused initiative and it was announced back in March 2018. The goal of it is to defend New Yorkers from malicious cyber activity on mobile devices across Wi-Fi networks and beyond.
“There are two major pieces to this initiative. One is the NYC Secure app, which is free for folks to download through the App Store and Google Play. It is security for anyone who downloads it – focusing on providing New Yorkers a level of protection. It alerts you to risks, threats and attacks including if you are connecting to unsecured Wi-Fi networks.
“More people have moved to mobile – – over 50 percent of traffic is mobile these days. So, there are increasing attacks there.
“We realized this was the right thing to do, that we commit to keeping people safe in their daily lives from crime and we should want to bring that same commitment to protecting New Yorkers into cyberspace.
“We figured out we need to do it in a way that reflected their values and preserved individual privacy–and the NYC Secure initiative and the NYC Secure app is what came out of it.”
“My CIO actually went to New York and saw Mitch’s project out there and that is how we got involved in looking at protecting the devices.
“The folks using our Wi-Fi on the buses are not the most sophisticated users. They are low-income. They do not have their own data plans and don’t necessarily have a carrier helping to protect their device.
“They rely heavily on various forms of public Wi-Fi to communicate. Some have older devices. They are cheaper devices. They do not necessarily keep them up-to-date.
“Basically, as long as they can access Wi-Fi and there are a number of apps they can download and use, they are able to communicate. It was a pretty big, challenging environment. One of the things that we really wanted to do was keep it as simple as possible.
“When people transfer from one vehicle to another – there are hundreds of thousands of transfers in a given day – their phone will automatically re-login to the new Wi-Fi network, when they board a new vehicle. However, that causes a bit of a problem because now you have individuals who will try to spoof the network, to access a million plus riders here in Los Angeles.”
Should cities protect their citizens?
“When the pandemic started, for those with the ability to work at home, they were now relying on networks they typically reserved for play or entertainment. Further, as they started doing that, K-12 and higher education started going completely online, that happened back in April and May.
“As we came into August this year, a lot of the universities made the decision to go fully online. Some like Central Michigan University have students on campus but most of their classes are online.
“We need to figure out how we make sure we use trusted Wi-Fi networks. For example, my wife and girls may go shopping for shoes at a local retailer. While they are there, they jump on Wi-Fi for free while shopping for shoes and are buying other things while on that network. I can tell you this, because they come home and I ask if they bought other clothes on their mobile devices while shopping for shoes. I ask if they use their credit cards. Of course the answer is ‘Well, yeah.’
“I think the reality for most of our constituents is that this isn’t top of mind for them. We need to give them a tool or a way that they can put on the digital mask to protect each other.”
Issues and challenges
“This is also an equity issue. Not everyone has access to their corporate account, a secure corporate environment or certain protections … through their provider. Something like 17 percent of Americans have smartphones only. [Those numbers are] much higher if you look at …folks who are in lower income brackets.
“Our vision is for New York to be the most cyber resilient city in the world and to achieve that vision, it means giving everyone the tools they need to do what is necessary to protect themselves. Sometimes it is about giving them the things to recognize that, that might not be a link to NYC Wi-Fi, that might be someone down the street.
‘The reality is, not everyone has access to security measures and NYC Secure is a very simple tool that they can use for security while maintaining their privacy.
‘During this time of COVID in particular, there have been malicious attempts at applications that mimic the sort of things that we would expect from a tracing app, those have been passed via email or phishing attempts. I think providing this basic security to folks is something we see as protecting everyone, all New Yorkers.”
‘We discovered that we had a huge number of kids using Wi-Fi, believe it or not, to do their homework on their way to school because they did not do it the night before. They were taking advantage of the fact that they had Wi-Fi on the buses to do their homework.
‘But again, you have got a very unsophisticated audience there and it can easily be fooled into things.
“One of the things we specified on a login page, in the terms and conditions page before you go to an active portal, was that we wanted to indicate that we were not tracking their device. That is a big deal here. A lot of people are riding the buses. We really want to know where they are going, that is very helpful to us to understand the ridership patterns, but people do not like to be individually tracked, especially a number of individuals and the lower-income group.”
‘We are evaluating opportunities to make this available to the citizens of Michigan. One of the most important facets of that would be that the tool does not retain or send back or keep any information about the citizen.
“Can it protect me from mobile malware? Can it tell me where solid safe networks are? Can it help me protect against phishing attacks? And can it do all of that and not send any of my data back to a monitoring device or spy on itself? I think those are the real critical aspects of this entire area that we are looking into.”
“There is a lot of really interesting data we could have gotten… but the reality is no one, no New Yorker really wants [the City] taking their data off their phone and frankly, we do not want that [either]..
“New York City was hit hard during this global pandemic. As part of our own response in trying to do things to help our citizens, we put out advice to small and medium-sized businesses on working from home. I think people think of New York and they think of big business, but the reality is there are a quarter million small and medium-sized businesses in New York.
“We put working from home guidance out for small businesses. These were … very broad but one [suggestion] was if you do not have mobile security you should be looking at the NYC Secure app because people out there are doing everything from deliveries to running a small business. They may have had a small stand before but are trying to find out new ways to get their products out there. So, you never know why you need mobile security, but there is always going to be people who need it and we were happy to be able to do it for New Yorkers during this time.”
For more information on how we can help secure the citizens in your area, please contact us.