In a non-descript office park in Columbia, Maryland, Michael Buratowski and his forensics team are on the trail of the country's latest national security threat, cybercrime.
Buratowski, senior vice president of cybersecurity services at Fidelis Cybersecurity, helps investigate network assaults, malware attacks and data incidents.
"I have a team about 60 individuals," he said. "Just under 50 of them are part of the incident response and cybersecurity practices, and then I also have about 10 people that handle the training and deployment of our product that we offer."
Buratowski, a former police officer and senior program manager at the US Computer Emergency Readiness Team, has seen the scope and evolution of cybercrime and its effect on the private sector.
Special Multimedia Report
As information networks continue to expand, so have the targets that hackers have found valuable to exploit. Whether it's Target in 2013 with the credit and debit card information of 40 million customers exposed, or the corporate secrets exposed in the Sony Pictures hack of 2014, the impact of a cyberattack can have a significant economic impact.
The Department of Homeland Security has divided the nation's critical infrastructure into 16 sectors, including commercial facilities. Commercial facilities encompasses essentially any place where people might gather, along with related business interests. Movie studios, theaters, casinos, sports arenas, concert halls are all part of the sector.
This provides a wide bullseye to guard, but one that Buratowski said must be protected, given the increased interconnectedness of our society.
"Well when you look at everything that's out there and how we're all connected, just from your day-to-day life using your cell phones, it is a very, very broad target," he said.
"We always face the traditional financial type crimes where people are trying to steal personal information or credit card information. Then when you look at the even larger aspect of say sporting events or stadiums, anyplace there's large gatherings of people, you have your traditional financial crimes, but there's always the risk of something more significant that could leave to lead to a physical attack."
And while sites like football stadiums may seem like unlikely targets, Buratowski notes that the sheer number of attendees at such an event could quickly make a network attack a large-scale incident.
"When you look at Super Bowl [47 in 2013] where we had power go out, that was pretty impactful, but the stadium authorities could explain what happened right away and keep calm," he said. "But if there was an attack where something like that were to happen, and you now have people that don't know what's going on and the authorities can't explain what's going on, it can be pretty fearful."
So in preparation for major sporting events like the Super Bowl, DHS coordinates with the National Football League, as well as state and local law enforcement and other stakeholders. The scope of such an event allows hackers multiple access points to exploit, requiring officials to coordinate cybersecurity on multiple fronts.
"I heard that at the Super Bowl, there was free Wi-Fi offered to the 40,000 or 50,000 attendees of that event, that creates an immense attack surface," said Justin Harvey, Fidelis Cybersecurity's chief security officer. "So that type of event where an open Wi-Fi by can be exploited—perhaps a man-in-the-middle attack or the injection of malware into browsers or devices out there—it would be very difficult out of a cast of 40,000 or 50,000 people on this Wi-Fi to find the attacker."
So while expanding networks have forced both the federal government and the private sector to raise their cybersecurity prowess, it has also opened the door to collaboration to identify and prevent cyber threats.
At Super Bowl 50 in San Francisco last February, DHS officials deployed personnel from its National Cybersecurity and Communications Integration Center to guard against cyber incidents.
The agency has also provided outlets for industry to share threat information with the federal government and for the nation's cybersecurity resources to reciprocate with network protection advising.
"We work very closely with owners and operators to share information directly," said Caitlin Durkovich, DHS assistant security of infrastructure protection, on June 21 at the AFCEA Homeland Security Conference. "We do that through a number of different mediums and tools, most notably the Homeland Security Information Network."
The HSIN provides critical infrastructure stakeholders with sensitive, but unclassified, information about possible threats and network vulnerabilities to help prevent cyberattacks.
The commercial sector also faces risk stark economic impact as a result of network breaches, as was seen in the Sony Pictures hack of 2014.
The hack, which exposed a treasure trove of corporate communications and trade secrets, was a touchstone for the economic damage such an attack could afflict on the commercial sector.
"In fact I would characterize it as the most destructive attack the U.S. has ever seen," Harvey said.
"So not only were they destructive but they were also embarrassing and this sent a very clear message to executives around the U.S. They said that not only can you be breached as we see every week, not only can your company lose its intellectual property, but it can also be destructive and all of your secrets can be aired in public."
The federal government swung into action once the breach was revealed to forensically track the perpetrators behind the attack, North Korea, but to also encourage corporations to adopt cybersecurity best practices, like those developed at the National Institute of Standards and Technology, to protect their networks.
"This event underscores the importance of good cybersecurity practices to rapidly detect cyber intrusions and promote resilience throughout all of our networks," Secretary of Homeland Security Jeh Johnson said in a Dec. 19, 2014 statement following the Sony hack.
"We seek to raise the level of cybersecurity in both the private sector and civilian government, and provide timely information to protect all our systems against cyber threats."