Recently, the FBI updated their CJIS (Criminal Justice Information Security) policy to require MFA for accessing any application housing CJIS data. Thankfully, we have a former FBI analyst on the Cisco Security team who can break it all down for us.
Questions:
1. You’re currently the PMM Leader for Government and Public Sector at Cisco. Before joining Cisco, you spent 25 years supporting the United States Intelligence Community for various agencies. What do you see as the connections between these two careers?
St. Laurent Reply:
First off, I love contributing the skills and expertise I have gained over the years and use them within my current dynamic and innovative marketing manager role. Two years ago, I transitioned into the marketing domain as a Security Product Marketing Manager for the US Public Sector here at Cisco. This role aligns perfectly with my passion for staying at the forefront of computer and network security, computer forensics, insider threats, and the thousands of criminal Investigations that take place.
In my current role, I am particularly drawn to Cisco’s commitment to providing first-in-class security solutions tailored to the needs of the US Public Sector entities and their missions. The prospect of leveraging my insider knowledge and industry connections to drive marketing strategies for security products that directly support “Mission” of federal agencies is both thrilling and rewarding.
Throughout my career with the FBI, NSA, and supporting roles within the Intelligence Community and Department of Defense, I have honed my abilities in navigating their complex mission landscape. I’ve gained invaluable experience in understanding and addressing the unique security challenges, mission requirements, and investigative work faced by these agencies. My extensive background, as well as many years of experience and hard work, has equipped me with a strategic mindset and a keen understanding of the importance of cutting-edge security solutions in safeguarding sensitive information from an investigative standpoint.
2. What was the workflow like for you when you tried to access CJI data when you were in the field for the FBI?
St. Laurent Reply:
As a member of the Computer Analysis Response Team (CART) and the Cryptographic and Electronic Analysis Unit (CEAU) at the FBI, I had to take many certifications and classes related to forensics analysis, cybersecurity, operating systems, network security, and law enforcement. At the FBI Academy alone, I had 616 hours of specialized training in computer forensics, network forensics, computer administration and programing, and network administration. At the National Security Agency Cryptographic School, I had 930 hours of specialized training in computer security, encryption, programing, network security, and system engineering and administration. To put this in perspective, a typical 3 credit class from a university is 40 hours.
These certifications and classes focused on specific skills and knowledge areas relevant to my role and agency mission, such as digital forensics, cyber investigations, intelligence analysis, and access to CJI and classified data. A lot of my casework as an investigative lead or support role on a case produced CJI data. Of course, we worked on forensically sound images of the digital evidence. Meaning it was collected, analyzed, handled and stored in a manner according to the law.
3. Describe the new FBI CJIS MFA mandate, what’s driving it, and what do you expect to be the biggest impact for IT teams and officers in the field?
St. Laurent Reply:
The FBI CJIS division introduced the Multi-Factor Authentication (MFA) mandate as part of their ongoing efforts to strengthen the security posture of systems and networks that handle sensitive law enforcement data. The president of the United States also mandated Executive Order 14028 which establishes a baseline of security standards and mandates the use of phishing-resistant multi-factor authentication and encryption.
MFA adds an additional layer of security beyond traditional username and password combinations, requiring law enforcement users of CJIS systems to provide multiple forms of identity before accessing a system. This helps reduce the risk of unauthorized access, enhancing overall security.
I think the biggest impact for law enforcement in the field accessing CJIS information is going to be ease of use. So, training and vendor support, documentation, and technical assistance are of utmost importance, so that law enforcement can focus on mission. By the same token, it is important for law enforcement users to understand that multi-factor authentication has become a standard best practice in the cybersecurity industry to mitigate risks associated with compromised credentials. It is a needed defense-in-depth approach to security. By implementing multi-factor authentication, the FBI will improve the security of access to CJIS systems and protect the confidentiality and integrity of CJI information.
4. What is your advice for IT teams in the law enforcement community who are struggling with implementing these new requirements?
St. Laurent Reply:
Cisco Duo makes it easy to deploy and maintain MFA for law enforcement agencies at the federal level, and within county and state governments as well. Cisco Duo supports many authentication factors, like Passwordless biometric authentication, making it simple for end users to adopt and use. IT admins can rollout out Duo in a single weekend, with extensive and intuitive user documentation to support them.
But do not just use Cisco Duo for MFA alone. Let’s think about defense-in-depth. Cisco Duo has other great features and security controls that are available as part of their access management solution. For example, Duo offers device posture checks and will prompt the officer or law enforcement personnel accessing CJI from an insecure (out of date) device and walk them through how to fix it before they can access the application or CJIS system. Remember, the journey to a complete zero trust security model starts with a secure workforce.
5. How can teams stay on top of threats that target law enforcement agencies’ infrastructure, applications, and data?
St. Laurent Reply:
I see three critical ways law enforcement organizations can protect against targeted threats using Cisco Security portfolio to enhance their cybersecurity posture and harden their defenses. First is to take a holistic approach – one that Cisco can uniquely offer. By integrating security controls across users, devices, networks, clouds and applications, Cisco delivers holistic security across an entire IT environment. This breadth of capabilities enables a layered defense against various threat vectors. As an example, Cisco XDR (Extended Detection and Response) helps intelligently prioritize incidents as well as promote a resilient security strategy using the Cisco Portfolio as well as other vendor products. See my Blog Cisco XDR: SLEDs “SOC in A Box, for detailed information.
The second key factor is incorporating threat intelligence into your defenses. Cisco Talos is baked into and feeds our entire Cisco Security portfolio. Talos’ real-time threat intelligence helps organizations stay ahead of emerging threats.
One example is how our Cisco Next-Generation firewalls inspect and control network traffic, blocking malicious content and preventing unauthorized access. Other examples include how Cisco Secure Email Threat Defense and Cisco Secure Web Appliance protect against emerging phishing, malware and other email and web-based threats.
Finally, visibility is key. My time with the Director of National Intelligence National Insider Threat Task Force as their chief architect taught me the importance of network visibility and the necessity of behavioral analysis on networks. Cisco Secure Network Analytics (SNA) (formally known as Stealthwatch) leverages behavioral analytics to establish a baseline of normal network behavior and identify deviations from this baseline that can indicate potential security threats and insider threat activity. Cisco SNA gains comprehensive visibility into network traffic, applications, and user behavior utilizing your already in place network as a sensor. With Cisco SNA, you can conduct detailed analysis of security incidents, identify the root cause, and take appropriate remediation actions.
6. Do you have other recommendations for IT teams supporting law enforcement agencies?
Yes. Consider pursuing a zero-trust architecture beyond MFA by implementing Cisco Secure Access solutions, such as Cisco Identity Services Engine (ISE) to control and monitor access to network resources and simplify access management
For more information on how to meet the new CJIS requirements, download our newly published Solution Guide: https://duo.com/assets/pdf/Duo_FBI-CJIS_Guide.pdf
Additional resources:
- https://www.fbi.gov/services/cjis
- CJIS Security Policy updates for v5.9.2
FBI Criminal Justice Information Services Division – Using Data to assist law enforcement
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!
Cisco Security Social Channels
Instagram
Facebook
Twitter
LinkedIn
