NYC Cyber Command: Keeping New York City's digital services more secure at massive scale
About NYC Cyber Command
NYC Cyber Command is a centralized organization created by executive order to lead New York City's cyber defense efforts, working across city government to prevent, detect, respond, and recover from cyber threats.
Tell us your challenge. We're here to help.
Contact usNew York City Cyber Command built a resilient, highly secure, and highly scalable data pipeline on Google Cloud to help its cybersecurity experts detect and respond to threats faster.
Google Cloud results
- Helps detect threats faster with high-performance cloud services
- Accelerates time to onboard all 100+ city agencies
- Enables a small team to more securely manage cloud infrastructure
- Offers near-infinite scalability for analyzing petabytes of data
- Provides maximum value to city agencies and residents
Processes and analyzes data 10x faster with the ability to scale and grow
New York City is the most populous city in the United States and one of the world's cultural, financial, and media capitals. It's a unique place with a huge influx of visitors from all over the world and a melting pot of diversity, home to the headquarters of the United Nations, and countless other world-shaping organizations. But these distinctions also make it a prime target for threat actors, which is why the city has been taking a proactive stance to address that risk.
In 2017, Mayor Bill de Blasio established New York City Cyber Command, a centralized organization charged with protecting city systems that deliver critical services that New Yorkers rely on, and helping residents become safer in their digital lives. In addition to threat management and a 24/7/365 security operations center, NYC Cyber Command includes teams of experts focused on security sciences and software development as well as urban technology, which evaluates the security implications of IoT and ICS as well as other smart city technologies.
To help protect city systems from cyber threats, NYC Cyber Command works with city agencies to ensure systems are designed, built, and operated in a highly secure manner. If any of these systems were compromised and the city’s ability to provide critical services – such as public assistance or healthcare – were impacted, and the consequences could be catastrophic for the most vulnerable New Yorkers.
That is why, in addition to enhancing the security of city systems, NYC Cyber Command developed a highly secure, resilient, and scalable cloud infrastructure that helps its cybersecurity experts detect and mitigate threats faster.
"We went with a cloud-first, zero-trust environment because it met our security and reliability needs. Our role is not only to deliver services to residents, but to innovate in the way we provide those services to make sure we are efficient and effective."
—Colin Ahern, Deputy CISO for Security Sciences, NYC Cyber CommandIn order to support any and all technologies across New York City government, NYC Cyber Command followed a cloud-first strategy using Google Cloud, infrastructure as code, and a BeyondCorp security model that builds upon years of designing zero-trust networking. NYC Cyber Command uses an open source platform and provider-agnostic infrastructure as code tool to help ensure the services are delivered reliably and securely, and the civil servants build knowledge and skills that can be used throughout the City's technology enterprise.
"We went with a cloud-first, zero-trust environment because it met our security and reliability needs," says Colin Ahern, Deputy CISO for Security Sciences at NYC Cyber Command. "Our role is not only to deliver services to residents, but to innovate in the way we provide those services to make sure we are efficient and effective."
A scalable, secure data pipeline
To improve scalability NYC Cyber Command built its data pipeline on Google Cloud managed services. Cloud Pub/Sub serves as the main entrance point, ingesting data from agencies' cloud and on-premises sources so it can be analyzed at scale. Upon event publication to Cloud Pub/Sub, pull subscriptions make event data available to log parsers and other services running on Cloud Dataflow, putting data in the right format for analysts and other downstream users. In certain cases, push subscriptions deliver the event to standalone apps running in Cloud Functions.
"Analyzing logs and processing security events takes a lot of power, and our data pipeline gives us the perfect set of serverless tools for that," says Noam Dorogoyer, Software Engineer at NYC Cyber Command. "The fact that we can run these demanding processes in parallel without having anything on-premises is convenient and useful."
"As a cybersecurity organization, we need data at our fingertips immediately. If we're a little late, a critical moment might pass. These tools give us super-fast processing power so we can quickly gain a deep and broad view of security events and get the right information to the right teams."
—Noam Dorogoyer, Software Engineer, NYC Cyber CommandIdentifying threats faster with BigQuery
The ability for NYC Cyber Command to get the right information to the right team at the right time is essential for the organization to be most effective at protecting New York City against cyber threats. Every day, NYC Cyber Command parses and analyzes terabytes of data, which will soon turn to petabytes as Cyber Command increases visibility across city agencies. To analyze batch and streaming data using familiar SQL commands, it uses BigQuery, a serverless, managed data warehouse.
"As a cybersecurity organization, we need data at our fingertips immediately," says Noam. "If we're a little late, a critical moment might pass. These tools give us super-fast processing power so we can quickly gain a deep and broad view of security events and get the right information to the right teams."
Simplified identity management and collaboration
NYC Cyber Command relies on Cloud Identity & Access Management (Cloud IAM) to provide fine-grained access control across both Google Cloud services and Google Workspace, its standard for productivity and collaboration. To enable engineers to more securely access Google Cloud resources from untrusted networks without the use of a VPN, it uses Cloud Identity-Aware Proxy (IAP), a building block of the BeyondCorp security model.
"We created a unique technical fortress that ensures our city agencies are defended by a highly secure, cloud-based computing environment," says Colin. "We're able to get the resources we need while keeping our services and New Yorkers' data highly secure."
"Following a cloud-first strategy is enabling NYC Cyber Command to do what it needs to do to better secure New York City's digital services as rapidly as possible. We've achieved a velocity that hopefully will inspire other cities to do the same.
—Colin Ahern, Deputy CISO for Security Sciences, NYC Cyber CommandA blueprint for more secure cities
NYC Cyber Command expects to have all New York City agencies on board within the next year, a milestone it would not have been able to achieve without Google Cloud. As its infrastructure and processes mature, the organization is using Google Kubernetes Engine to provide high availability for standalone applications and Stackdriver for logging, monitoring, and resource optimization.
"Following a cloud-first strategy is enabling NYC Cybercommand to do what it needs to do to better secure New York City's digital services as rapidly as possible," says Colin. "We've achieved a velocity that hopefully will inspire other cities to do the same."
Tell us your challenge. We're here to help.
Contact usAbout NYC Cyber Command
NYC Cyber Command is a centralized organization created by executive order to lead New York City's cyber defense efforts, working across city government to prevent, detect, respond, and recover from cyber threats.