Disruptive by Design: Cybersecurity Challenges Present Opportunities for State and Local Fusion Centers

Rapidly evolving cyberthreats challenge all levels of government, and recent incidents such as the Office of Personnel Management data breach illustrate the importance of shielding public and private-sector organizations from such attacks.

The speed at which threats evolve strains existing capabilities. Take, for example, the Internet of Things (IoT), which encompasses a growing ecosystem of devices and applications that collect and share information with each other via the Internet. These devices range from smartphones to surveillance cameras and Bluetooth-enabled cars. While highly efficient, the IoT comes with an entirely new family of vulnerabilities that public agencies are expected to comprehend and address.

Securing the nation’s cyber infrastructure hinges on sharing relevant threat information both within the government and among outside organizations responsible for shielding against cyberthreats. This represents a distinct opportunity for state and local fusion centers, which have the flexibility and capability to meet cyber challenges head-on.

These intelligence and information-sharing organizations, part of major city police departments, state police organizations and homeland security and emergency management agencies, primarily are tasked with gathering, analyzing and disseminating intelligence and information across a national network of 78 independent fusion centers. As members of an interorganizational network, these fusion centers wield a structural advantage on the cybersecurity front.

Although each fusion center is unique, about half have dedicated cyber resources to gather and analyze information for cyber-specific vulnerabilities, then apply local expertise to translate that information for jurisdictional partners and stakeholders, according to an April 2014 article in StateTech magazine. The interorganizational network that connects the fusion centers acts as a force multiplier so that the centers without dedicated cyber resources benefit from the work of those with them. Additionally, links to other government organizations and the private sector—entities that lie outside the formal network—provide conduits for information sharing with homeland intelligence organizations and nongovernmental partners.

The most notable advantage, however, lies in the flexibility of these organizations to adapt to needs in their jurisdictions and become key nodes that develop and share important threat information and expertise across the network.

Two examples illustrate this point. In Washington, D.C., the Washington Regional Threat Analysis Center (WRTAC) maintains an analyst cadre well-versed in relevant aspects of cybersecurity for its functional analytic processes. The center’s organizational structure avoids a silo effect by requiring every analyst to have a working understanding of cyber. This means cyber isn’t just a standalone division or team at the WRTAC—it is interwoven in every product and activity.

The WRTAC adopted this approach after recognizing that the crimes and threats it deals with share similar digital components, from cellphone data to computer viruses. As a result, the WRTAC recalibrated to address a wider range of cyberthreats.

The Louisiana State Analytical and Fusion Exchange (LA-SAFE) was the first fusion center to develop cyber capabilities in 2009, and it is highly regarded for the quality of its cyber analytical products and subject matter expertise. LA-SAFE has become a key node for sharing cyberthreat information to partners in the public and private sectors through its dedicated cyber fusion unit. It is no longer simply a resource within its jurisdiction, it is an exporter of cyber expertise. 

Both LA-SAFE and the WRTAC illustrate the value added by a national network of flexible organizations operating independently yet linked through formal and informal relationships. However, as new threat pictures emerge, the strength of relationships linking these organizations surely will be tested. This will demand an even greater investment in data sharing, and more importantly, in the human relationships that form the network’s backbone.

Fusion centers also are well-positioned to manage the delicate balance between investigating and protecting against cyberthreats and ensuring civil rights protections. The speed at which new technologies—and their associated vulnerabilities—emerge has outpaced public policy development at federal, state and local levels. As independent organizations, fusion centers gather and share best practices, learn from interactions within their jurisdictions and serve as channels of information that educate public policy makers on privacy and civil right protections—a critical development as new waves of cyberthreats test security and intelligence organizations. 

The national network of fusion centers already capitalizes on its structural advantages to better understand cyberthreats and works with stakeholders to gather and disseminate information. While federal agencies might have greater capacity to identify a wider range of possible threats, fusion centers can quickly determine how specific threats might impact their jurisdictions. Emerging cyberthreats will only enhance the need for this specialized role. 

Andrew F. Coffey is a senior analyst for policy and research at IEM and holds a Ph.D. in public administration and policy from Virginia Tech. The views expressed here are his alone.