Success for Heartland Communications Facility Authority isn’t measured in sales or revenue, but by response times and keeping citizens safe. Heartland dispatches thousands of incidents to local fire and EMS services throughout Central San Diego. Local authorities forward all medical and fire emergency 911 calls to Heartland, where dispatchers talk with callers, collect critical data and route incidents to the appropriate first responders.

“This is a life and limb business,” said Henry Kozik, IT Systems Administrator at Heartland. “By providing first responders with valuable data as quickly as possible, teams can respond to incidents faster, which improves their chances of saving life and property–whether it’s putting out a fire, extricating an individual from a crash, delivering CPR, or getting someone to the hospital.”

‍Rise in cyber-attacks threatens critical communications

Heartland’s dispatchers rely heavily on technology to communicate with citizens and first responders. These heroes are capable of multitasking at an extreme level, talking on the phone with callers in crisis, while simultaneous using digital technology to collect data and communicate with other agencies. Heartland was experiencing a significant rise in distributed denial-of-service (DDoS) attacks in which threat actors attempted to flood their network with HTTP requests and traffic to disrupt or shut down their server altogether.

“If these attacks were ever successful, it would turn things upside down,” said Kozik. Heartland dispatchers have phones and radios, so they could continue to do their jobs manually using pen and paper, but the process would be extremely difficult and slow. “It’s my job to make sure nothing like this ever happens; to make sure our critical infrastructure is always working at 100%.”

Efficiency impacted by manual processes

To identify and stop DDoS attacks, Kozik needed the ability to observe heavy data transfer and data flow. While Heartland did have a monitoring management tool for desktops and their server, monitoring the network required significant human interaction and was extremely time consuming. The IT and Security team, consisting of just two people, was on call days, nights and weekends to stay ahead of these threats.

“We are a 24x7x365 operation with high availability systems. With lives, at risk we need these systems to be readily available and in peak performance,” said Paul Steppler, Information Systems Technician at Heartland. But having zero downtime came with strong limitations on how they could maintain their infrastructure. As a small team of two, Kozik and Steppler had to continuously monitor the network while also managing patching and updates to secure their systems–it was a huge challenge.

“First thing Saturday mornings I would jump on my log, looking for any IP addresses trying to send massive packets and trying to figure out if they were safe or malicious,” said Kozik. “It was an incredibly difficult and stressful situation.”

Inability to focus on the “weakest link”  

Because Kozik was so focused on defending the network manually, he couldn’t focus on mitigating what he believes is the most dangerous threat of all–the user.  “Whether intentional or not, we know that cyber-attacks often happen due user mistake or lack of education–they are the conduit for ransomware and malware attacks. A vigilant user basis would be our strongest protection in cybersecurity,” said Kozik. But creating this vigilant user base required time and resources to develop policies, training and education–both of which Kozik didn’t have.

In his search for a solution, Kozik looked at several options including cybersecurity suites offered through CISA. His key criteria included protection from DDoS attacks, data traffic management, AI and automation, and total network visibility. Heartland ultimately chose the Darktrace / NETWORK solution chosen over other options, a decision endorsed by the Board of Chiefs based on Darktrace’s capabilities, innovation, reliability and expertise.

“With Darktrace / NETWORK, Heartland now has a complete solution for prevention, detection, and response to known and unknown threats. “I wanted one solution to fit all our requirements. What I found in Darktrace is a robust network management tool available within a cybersecurity platform.”

Using Self-Learning AI, Darktrace / NETWORK monitors Heartland’s network 24x7 for any unusual behavior, continuously analyzing every connection, device, identity and attack path for unusual behavior, giving Heartland business context for every alert. “With Darktrace’s active learning and real-time notifications we’ve been able to go home at night knowing that our critical systems are in good hands,” said Steppler. The solution’s autonomous AI continually tunes itself to improve detection accuracy, which saves Kozik and Steppler the hassle of manual tuning.

The team is no longer worried about every email that comes through, every link that gets clicked on, every website that could be corrupted or their endpoint protection. “With Darktrace, I am now confident that if there’s an unusual flow of data or unusual access of data is in process anywhere on our network, I’ll get that notification and have the opportunity to review it,” said Kozik.  

Comprehensive visibility and protection

Darktrace gave Kozik the opportunity to try Darktrace / NETWORK for three months before making a commitment. “Having a chance to work with the system within our own network was a game changer. I was incredibly impressed they were willing to put such an advanced appliance into my network that delivered immediate results. That built a huge sense of trust and respect.”  

He was especially impressed with the comprehensive visibility Darktrace gave him across his entire network with just the click of a button. “With the Darktrace Threat Visualizer, I could see all of our endpoint connections, all of the data flowing into and outside of our firewalls and VPNs, and I could immediately identify if there was an issue that needs to be investigated.” Darktrace monitors all of the data flowing in and out of Heartland’s computer-aided dispatch system. If it detects unusual behavior, Kozik can quickly investigate using the Threat Visualizer and take action before it impacts dispatchers.

Expertise and investment in innovation

Darktrace’s industry expertise and dedication to advancing innovative technology also played a role in Heartland’s decision to choose Darktrace / NETWORK. Founded in 2013, the Darktrace AI Research Center based in Cambridge, UK has conducted research establishing new thresholds in cybersecurity, with technology innovations backed by over 200 patents and pending applications. The AI Research Centre comprises more than 200 R&D employees, including experts with ~100 master's degrees and 20 doctorates in disciplines from astrophysics linguistics, and advanced data science. “Knowing that Darktrace has access to that kind of brain power and is using it to advance their AI engine was extremely impressive and a factor in my final decision,” said Kozik.

Since using Darktrace / NETWORK, Heartland has successfully defended its network from DDoS and other attacks, keeping 911 dispatchers connected and saving lives. In 2023 alone, Heartland dispatchers received over 61,000 911 calls, answering 98.5% of those in 20 seconds or less, and dispatching close to 75,000 incidents to local fire and medical rescue agencies. “That’s what makes our dispatchers real heroes. They just tackle the next call and deal with the next crisis. It's unbelievable. Real response, real heroes,” said Kozik.

In addition to the dispatchers, Kozik says it’s a combination of factors working in unison that’s critical to helping save lives – from first responders, Heartland’s staff, and the IT and Security team, to the technology they rely on to keep communications running smoothly, including Darktrace. “I will admit I am prejudiced when it comes to this topic, but Darktrace / NETWORK is one of the best solutions we’ve ever used,” said Kozik.  

He personally experienced the power of Darktrace / NETWORK when he tried to move batches of terabytes of data for backup. “Darktrace literally just turned off my machine and made it so my node could no longer access the network. It was amazing to see how quickly it responded and mitigated the risk. It’s like having another guy on staff calling my phone and saying, hey I see something usual; you need to take a look right now.”

Achieving complete network visibility

Having real-time visibility across all of Heartland’s network activity gives Kozik a far greater sense of control. “When I am in the Darktrace / NETWORK Threat Visualizer, I can see our entire network within seconds, compared to several hours of analyzing reports or analyzing logs. This is a huge deal.” The team can drill down if they need more information, seeing what systems and files users are accessing, where they're going, which sites they're visiting, if they’re pulling data back and forth, and they can analyze that data transfer and flow to validate if the behavior constitutes a threat.

Improving efficiency fuels a proactive security approach

Using Darktrace / NETWORK has transformed how work gets done for Kozik and Steppler, taking most of the cybersecurity workload off their backs and giving them peace of mind. Kozik says the enormous efficiency and productivity gains have had a huge impact on his small team. “Tasks that once took us hours, now take mere minutes. I can now sleep in on Saturdays and enjoy my weekends. That’s why I like to call Darktrace a person. It’s like having a trusted cybersecurity expert sitting and maintaining our cybersecurity profile and footprint 24x7 so we don’t have to.”

“With Darktrace we have the comfort knowing that we have a third technician watching our backs,” said Steppler. “We have multiple layers of security in place, but with Darktrace we have that second set of eyes to help us protect our end users.”

Now that Darktrace has automated the majority of Heartland’s detect and response efforts, they are focusing on the most important factor in their cybersecurity strategy – the user. “Darktrace has freed us up to focus on important projects like documenting IT and security policies around acceptable behaviors and acceptable use and training our staff to be aware of the different techniques and tactics threat actors use to trick and deceive,” said Kozik. He is now sharing these policies with fire agencies and cities, and some of his work has become standard government policy.

A vision for a more connected and secure community

Kozik reflects on how transformative Darktrace has been for Heartland – securing their network, empowering dispatchers, delivering peace of mind, and enabling them to focus on proactive security initiatives that will further strengthen their ability to protect and serve the community.

He wants other agencies and cities to realize these same benefits using Darktrace. Kozik sees the value of interconnecting devices, of having access to interagency data, and augmenting small IT groups with a virtual cyber security expert that works 24x7 to protect their systems. “That is the future vision I would like for San Diego, and eventually the entire state of California. It would offer significant, profound cybersecurity protection across the region. Truly profound.”

‍