Rachael Lyon:
Welcome to To the Point cybersecurity podcast. Each week, join Jonathan Knepper and Rachel Lyon to explore the latest in global cybersecurity news, trending topics, and cyber industry initiatives impacting businesses, governments, and our way of life. Now let's get to the point. Hello, everyone. Welcome to this week's episode of To the Point podcast. I'm Rachel Lyon here with my co host, John Neffer. Hi, John.

Jonathan Knepher:
Hi, Rachel.

Rachael Lyon:
So, what have you got going this weekend in San Diego in your perfectly amazing life and weather environment?

Jonathan Knepher:
You know, just hanging out, probably go for a couple hikes up in the mountains. That's about it.

Rachael Lyon:
Wow. So jealous. So jealous. I love it. One of these days, I'm gonna make it out there, and I'll go hiking with you, because we just Absolutely. In Houston, we really don't have a lot of lot of mountains to climb. So, so without further ado, I do want to jump into this week's awesome guest. We have John Cohen, the executive director of the Program for Countering Hybrid Threats at the Center for Internet Security joining us.

Rachael Lyon:
In this role, he collaborates with law enforcement, mental health, and civil society groups nationwide to address the effects of social media and online platforms on crime, violence, and public safety. He has more than forty years of experience in law enforcement, counterintelligence, and homeland security. I think this is gonna be a fun conversation, John, today. Welcome.

John Cohen:
It's great to be with both of you. I think it'll be fun and a little scary, quite frankly. So

Rachael Lyon:
that's that's the wonderful world of cyber, isn't it? That's

[01:47] Understanding Multi-Dimensional Threats

Jonathan Knepher:
right. So, John, thanks thanks for joining us. Maybe you could kick it off with, you know, telling us a little bit about, what multidimensional threats are and how those complicate, the traditional approaches to cybersecurity and, organizational resilience.

John Cohen:
Sure. Happy to. So the term multi dimensional threat is really a term of art that has emerged over the last year or so. And it really refers to the fact, and this was a result of some of the work that my team has been doing for the last three years is it's based on an understanding that foreign and domestic threat actors, whether they be foreign intelligence services, terrorist groups, violent groups here in The US even criminal organizations that are involved in human smuggling, drug trafficking, and, and other potentially violent crimes, they no longer look at cyber information operations, and physical threats as separate and distinct areas of activities. In fact, what we found is that all of these threat actors have fully embraced the power of the internet. They are typically using cyber, information operations intended to, influence behavior. They're leveraging online capabilities to facilitate acts of violence or disruptive activities in a coordinated and integrated way. And unfortunately, what we also found though, is that many of my colleagues across the country who are still involved in, you know, intelligence and threat analysis, cybersecurity or even law enforcement investigations are still tended to look at these different areas of threats separately.

John Cohen:
And it was compromising both their understanding of the threat and their ability to mitigate the threat. So, you know, my program is called the countering hybrid threat program. Quite frankly, we named it that because it had no definition here in The United States. And I really didn't want to be predefined, and get pulled into any potential political rabbit holes. But it has grown, it has grown in The US or the understanding of the threat environment has grown in The US over the last three years to where, you know, frontline law enforcement and security organizations are coming to, coming to a greater understanding of just the dynamic and rapidly evolving threat environment they're facing, which is multidimensional.

Rachael Lyon:
Right. Wonderful, wonderful, Naiman. And so in this context then, you know, when we're looking at multidimensional threats, how do I mean, how do you even start shaping response plans that historically have been more, you know, just cyber focused or just physical focused? How do you evolve there?

John Cohen:
Yeah. Great question. So the first way, and this is something that we've, been very busy doing at the Center for Internet Security is providing awareness to those responsible for protecting facilities, protecting information systems, protecting communication capabilities, for protecting public officials, giving them greater insights through our analysis on the threat. And again, when we look at, you know, online activity, for example, we're not just trolling across the Internet looking for people saying certain words. We have, experts who understand how terrorist groups operate. We have experts that understand how foreign intelligence services operate. We know where they're communicating online. We, we understand how they're using, you know, information operations or cyber attacks to advance their strategic and tactical goals.

John Cohen:
And we try to translate that information, so that, intended targets have a better indication that they are one being targeted and how they're being targeted.

Jonathan Knepher:
So

John Cohen:
we're looking at targets and tactics as well as specific threat threat actors. The second thing we do is we help to facilitate, advanced planning. You know, in the lead up to the twenty twenty four election, we we not only provided law enforcement election officials, emergency managers, you know, chiefs, you know, information security officers, a comprehensive assessment of the types of threat related activity they would see. But then at a local level, we sat down with those same local officials and we walked through the threat scenarios and then they walked through, you know, advance in advance how to respond to it. And we can get into this a little bit later, but unfortunately what we saw was that every threat we anticipated, whether it be a physical threat or the use of cyber and disruptive activities in a simultaneous manner all came true. You know, one example is on election day itself. We had a hundred locations targeted, by an entity abroad in a coordinated effort to disrupt voting, in a hundred different polling sites, but there was no major disruptions. And the reason was because people were prepared, local governments were prepared.

John Cohen:
And I will tell you one just funny thing for me was, helping to facilitate one of these round tables. We have a police chief, a fire chief, the CISO, we have the emergency manager. We have the election lead for a county in Texas. And at one point I found myself in this discussion where they were talking about unified incident command and how you would incorporate the cybersecurity team into the command center, the operation center, and the location because they were preparing for a threat scenario that included a physical attack and a denial of service attack directed at the communication nodes that the city relied upon to facilitate emergency responses. So I found myself actually stopping the tabletop saying, look, I know a lot of you. And I know that we've been talking about unified incident command, you know, in earnest after September 11, I've never sat here in a conversation like this and and seeing people get so excited to incorporate the cybersecurity folks into this type of, scenario planning.

[07:48] How Prepared is the U.S. at the Federal, State, and Local Level

Jonathan Knepher:
That that's exciting, and it it sounds like that was quite successful. What where do you think we stand overall on preparedness, for these kinds of unified and multidimensional attacks? And if we're not prepared, do you think regulations will be coming along to to kind of force that preparedness?

John Cohen:
Yeah. Yeah, that's a really interesting question. I think we are better prepared today primarily because state and locals are better prepared. And I, you know, what I've seen in this, I take no pleasure in saying this, you know, I went back into government in, January of twenty twenty one, against the wishes of my wife, I will add, who literally gave me one year to, to go back into government because, you know, her, her position was, I've done my, I had done my time and it was time for somebody else to do it. But I was so concerned about the threat and I was so concerned about how the threat was evolving. But what I found is that at the federal level, they just were not prepared, you know, during the last administration to take on this evolving threat because it really forced people out of their comfort zones. The flip side of that was that state and locals were willing to take it on because they were seeing the impact of the threat in their local communities. I mean, you know, in the area of information operations where foreign intelligence services, such as those associated with Russia would put content online, They, what we found is that they shifted to, to trying to impact local conditions, through these information operations.

John Cohen:
So by working with groups like major city chiefs and major county sheriffs and the national sheriffs association and the National Fusion Center Association working with homeland security officials from state governments across the country. We all we not only were able to build greater awareness amongst that area of government, but also, the types of planning to be better prepared. So I think, you know, I'm pessimistic about a lot of things. I think the threat environment is not getting any better. In fact, in many ways, it's getting more dangerous and more dynamic, but I'm somewhat optimistic that the state and local governments around the country and the private sector are beginning to step up. You know, even as there are questions about where the federal government will be in this space over the next several years.

Rachael Lyon:
That's fantastic to hear because, you know, historically, you know, years ago, the state and local that I was always kind of lagging behind and always struggling with budget and, you know, all the other things that they come with operating in those those domains. So it's wonderful to hear, the interest and, how they're moving that forward because they have to. I mean, they they're targeted so much now. We've seen that over the last few years that they become the more vulnerable targets, that have significantly high impact too.

John Cohen:
Yeah, absolutely. I mean, one of the things our assessment, relating to the 2020 of our election showed is that, we were seeing increased levels of threat being directed at state and local officials, not just election officials, but law enforcement officials and other elected officials. We were seeing increased levels of cyber activity. You know, we've all heard about the ransomware attacks that were taking out some county systems for weeks. But what was also interesting is that we were seeing increased use of denial of service attacks directed at, nine eleven centers, websites operated or social media accounts operated by state or local governments that they used to communicate with the public. We were seeing an increase in information operations intended to undermine confidence in state and local government entities, not just the election sector, but also other parts because what the adversaries wanted is that when they were engaged in these activities, they didn't want people to trust what was coming out of the mouths of government. And then we saw a dramatic increase in the use of disruptive events, whether they were demonstrations organized and facilitated by people abroad, or, bomb threats that originated from overseas that were intended to disrupt government operations. And then as I mentioned earlier during the election, the conduct of the election.

John Cohen:
And, you know, there are a couple of things, you know, sometimes when I talk to people who have worked in cybersecurity for long periods of time, and I mentioned denial of service attacks, they'll say, you know, that's not really a serious cyber attack, right? It's it's it's irritating and it disrupts maybe the conduct of a call center. But for when we're looking at serious cyber attacks, that's that's not, you know, something that, you know, we consider to be all that serious, but that may be true tradition, traditional thinking. But if a a terrorist group or a foreign intelligence service is trying to disrupt an election, for example, or they're trying to disrupt a political convention and they're able to, you know, encourage and facilitate acts of violence or disruptive events, and at the same time, take out the ability of a local government to coordinate because they've taken out their communication capabilities or they have impeded the ability of the public to make a call into a 911 center, then it is a serious cyber attack. There's another example, you know, where, a water management system in rural Pennsylvania last year was targeted. And to me, the cyber attack was really interesting because, a Iranian link group was able to penetrate the controller of the water system, and they could have potentially disrupted the water supply or actually introduced chemicals into the water supply, but they didn't do that. What they did was they posted anti Israeli pro Hamas symbology on the monitors of that water management system. And again, the initial response was, okay, this wasn't serious. You know, there's no poison put into the drinking water.

John Cohen:
19 discovered this not because we heard reports from the water management system, but because on a telegram channel associated with this hacking collective, they were posting claims of responsibility for that cyber attack as well as 10 others or somewhere around 10 others across the country. And it the the claim of responsibility quickly migrated from one or two telegram channels to X to within twenty four hours. Over a million people in The US were aware that this water system had been the victim of a cyber attack. And it started people calling into question the integrity of our wastewater and drinking water management systems across the country to the point where EPA and the federal government had to create a task force to, you know, ensure the safety of our drinking water. That was their goal. The goal was to undermine confidence. And so this is the way we have to start thinking differently. Is that a cyber attack, the intent may not be simply to take down a system or disrupt what the system is controlling, or even, to exfiltrate data from that system.

John Cohen:
It may be simply to be discovered so that it can be used as part of an information operation to sow discord, undermine confidence in government, destabilize our society.

[15:26] Handling Information Warfare and Public Trust

Rachael Lyon:
And that, sorry, John, I, I have a follow-up question because I'm really fascinated with this topic. You hear a lot kind of in that vein, right? They want to sow, you know, kind of lack of confidence, confusion, and there's been a lot of talk of we need to give it right back to them in the same way. How do we help somewhat undermine them or get them questioning one another? You know, how how do you plan such an engagement or initiative?

John Cohen:
Yeah. You know, that, that, you know, I, I think we've struggled as a nation on how to deal with these issues, this issue in particular, right? I mean, the, the use of, you know, these online communication tools are so pervasive across our society and they really have become ingrained. I mean, it's impossible to shop, acquire information, communicate with like minded people, with and engage in other sort of core societal activities without being online, without using social media, without, and that makes us vulnerable, you know, and you know, so much of our time and I think what I'm gonna say here is gonna be a little, provocative here, but for so often our governmental approach at the national level was let's identify, you know, hate speech and other other speech that is problematic and work with the platforms to remove that content. I actually have come to believe that that was the wrong approach. And I think we're we're we're learning that now, in that and I think it takes you down a path where you have to deal with really complex, complex constitutional issues, you're putting platforms in the in the position of moderating speech. And then from a tactical perspective, an operational perspective, it actually really isn't that helpful because as we've learned when terrorist groups were beginning to use internet based forums to recruit people or inspire attacks, understanding what they're saying and what they're asking people to do is really helpful from, you know, an understanding of the threat and developing threat mitigation strategies. So what do we do? First thing we need to do is the public has to be better educated. You know, if you're getting your news or you're getting your information online, you're probably being targeted with information that's being placed there specifically to confuse you.

John Cohen:
So we need to become, I think it was Cy Sims in the old clothing store change that used today, used to say, be an educated consumer. Well, you have to be an educated consumer when you're getting information online. Second, law enforcement and our security community need to understand that the threats of yesterday are gone and that they need to understand how these threat actors, again, whether you're a, a narcotics trafficking organization, a human smuggling group, or a terrorist group or a foreign intelligence service, we need to understand how they're using these online resources. We need to look at the content they are posting and extract from that. What are they trying to accomplish? What are they trying to attack and how are they going to do that? And then get that hands into people who can take steps to mitigate. I'll give you an example. When I was a police officer, I was assigned to a drug task force and, you know, advanced technology back then. I'm dating myself a little here were pay phones and pagers.

John Cohen:
Right? And, and the idea was to use those devices to facilitate in person meetings where drugs and currency were exchanged in person today. It's, you know, retail transactions are and wholesale transactions are increasingly taking place on the dark web. The currency of choices, Cryptocurrency instead of using trans shippers who have been recruited, trained and and who are considered trusted. Trafficking organizations are, are recruiting one time trans shippers through the use of dating apps and other social media platforms. And they're and and they're also shipping for retail sales. So using commercial shipping. So my point here is that if you continue to plan and train your your enforcement personnel to look use payphone pagers and do in person meetings, you're gonna miss a lot of very dangerous criminal activity. So what we really need to do is fully embrace just the same way the bad guys have embrace the fact that the Internet is become a part of the tactical toolbox of these threat actors.

John Cohen:
And we need to adapt our investigative and threat mitigation activities accordingly. And we need to talk to each other. I mean, just like we learned after September 11, that stove pipes get people killed. Well, if your cyber security team is not talking to your law enforcement folks, or, your other folks that are responsible for physical security activities, then you're going to miss things.

Jonathan Knepher:
So move moving from that, like how, how does the Center of National Security's framework for action kind of help support these activities and and bringing these groups together?

John Cohen:
So that's so we released the framework. It, you know, we worked very closely over about a one and a half year period to better understand the threats. So the first thing we tried to accomplish through the framework was to be sort of an educator, right? So that, you know, members of Congress, state and local officials, those working in federal, you know, organizations such as DHA, you know, Department of Homeland Security, FBI, Justice Department would, would be able to benefit from the, the story we could tell about how the threat environment has evolved. We also provided some specific recommendations of what the nation should do, to be better prepared to deal with this. And then we at CIS, we took a step back and said, okay, so what are the things that are appropriate for us to do? And it's really, we've really focused primarily on two areas of activity. First, we've continued our analysis. You know, we have, I now have about close to 20 analysts, full and part time analysts who are working day to day, to, identify, threat related trends and specific threat related information. So on any given day, we may be sending out to law enforcement, you know, three or four advisories on different threats that are materializing or separate incidents.

John Cohen:
You know, there was a shooting, yesterday at Florida State University. My team was involved in identifying information online information that provided insights regarding that, that suspect, and providing that in essentially real time to law enforcement officials around the country. That's something we do every day. We also, you know, have recently released, in-depth analysis on, on Dynet and Dark Storm hacking collectives. We have looked at threats to the judiciary. We've looked at threats to law enforcement based on, current activity. So a lot of our focus, continues to be on the analysis part of this, the threat analysis. We've also through something we call the secure cyber cities program are beginning to work specifically with, you know, jurisdictions to help them organize themselves, to deal with these types of activities, Stanford, Connecticut, and Huntsville, Alabama are two of our pilot sites.

John Cohen:
And we're looking to expand that program, but there's other areas where, you know, we have not sort of taken a lead because it falls outside of the traditional and evolving role of the Center for Internet Security and that's building, you know, community resilience to the violence that so often is being inspired by the consumption of online content. And so those are activities that, you know, we're hoping to encourage others to sort of step up and focus on, because it's such a vital part of this, but we've really focused on continuing threat analysis and getting that information into the hands of people who are responsible for protecting systems, facilities and people, and helping local jurisdictions, organize themselves to be more resilient to and better able to deal with these types of incidents.

[23:53] ThreatWire: Democratizing Intelligence and Intelligence Sharing

Rachael Lyon:
Could you, we talked a little bit about this before we we got on the podcast. I would love if you could share with our listeners, about the ThreatWah initiative, because I think this is a really important program initiative that you're standing up and, we'd love to talk through that a little bit more.

John Cohen:
Yeah. So ThreatWah is one of the ways that we at CIS communicate this information to, you know, as broad an audience as possible. You know, in addition to ThreatWire, which I'll describe in a second, we also provide through communication channels, you know, real time alerts and trends analysis to law enforcement. It's typically a lot more detailed. It's built on the, what they have told us is important to them and what we've experienced over the last few years and working closely with law enforcement. We also do a lot of briefings. I'll be briefing, I think, close to 600 judges, in June, in Arizona on the threat environment and the threats to the judiciary. But we, we, we wanted to have a way to share for, you know, with academics, with think tanks, with policymakers, not necessarily people who are responsible for tactical operations, but people who are thinking about big policy ideas and you know, whether it's as you talked about John, some type of regulatory structure for ensuring that we're better able to deal with these threats, or whether it's people looking at issues such as, you know, the weaponization of, of government and, and, or, or how you deal with, you know, those companies, those tech companies that are involved in promoting this type of content.

John Cohen:
And we sort of settled on, hey, we need to have a shorter pithy or version that is a, in the words of Jack Friday, just the facts, right? And so it's geared towards people who don't necessarily need to know the technical nomenclature of a piece of malware, but do need to know that a, a Russian linked hacking collective is, is promoting, certain types of cyber activity in advance of their geopolitical objectives. So that's what ThreatWire is and what a subscriber to ThreatWire receives, is a combination of weekly threat updates. So whatever we've been working on with, cyber and law enforcement officials the week before, we're doing, summaries of that, those types of threat related activities and getting that out the door to the subscribers to ThreatWire. You also get trends analysis. So some of the detailed trends analysis we've done on some of these cyber collectives, on some of the information operations, which is really important, particularly if you're a private sector company, which is also one of the target consumer groups we're looking at because, you know, increasingly criminal organizations and intelligence services are seeking to undermine the brand of US based companies by conducting information operations. So they're taking the Russian active measures playbook that's been used to advance their military and intelligence priorities. And they're taking that same playbook and these threat actors are directing those activities to US based companies so that people, you know, their stock value may be impacted or that people won't want to buy their products and services or people may want to vandalize, their products or their dealerships, or even conduct cyber attacks against some of their, their, their holding companies. And then, what you also get with ThreatWire is the ability to not only pick up the phone, I know I'm old fashioned and call an analyst and get some additional information on something we've put out, but it also provides you a direct pathway that if you want some unique analysis done for yourself, we can do that as well.

Jonathan Knepher:
So you talked a little bit about your, you know, educational side of that and and and so on. Can you can you talk some more about the processes and partnerships that, that you're using here to both collect and validate, but, and, and disseminate this information?

John Cohen:
Yeah, absolutely. So we'll work, you know, as I mentioned earlier, we work really, really closely with some of the major law enforcement associations. You know, they've been great partners, major city chiefs, major county sheriffs in particular national sheriff's association. We work very closely with, the state and major urban area fusion centers, across the country. There's 82, I think of them, across every state and major urban area. These are analytic, facilities, that, that bring together federal state local folks, and we're working close partnership with them. We're working with organizations like, FIFA, in, in light of the fact that, the club games and world games are going to be, held in The United States, Canada and Mexico, in 2025 and '26. So we work with, with organizations such as that.

John Cohen:
We also work with, and we have been working with those in the federal government. You know, I will tell you, I kind of felt torn when I would do briefings for people in the federal government and they would say to me, John, we're really glad you're doing what you're doing. It's very needed. I wish we were doing it, but we can't. I mean, so on the one hand, I was glad that we were able to help fill a void. On the other hand, I couldn't help but think to myself, why, why the heck do I have to do this? You know, I mean, this is not something that that a nonprofit should have to step up and organize. And I think just organically because of some of the work that was done by CIS over the years and the objectivity and the trust that it has developed with key organizations that just organically began became the place where a lot of this work was and could could and be done and be received be received, you know, objectively by people. But, you know, so those are some of the communities that we work with.

John Cohen:
We, we worked with some of the other ISACs. I know, you know, from time to time we'll work with, folks from the financial services ISAC, from the water ISAC, the faith based ISAC, because a lot of our analysis was focused on threats to faith based communities across the country. So we try to have a big net, in the in the folks that we work with, and try to bring them together.

Rachael Lyon:
So on this on this front, threat wise, just it's it's such an important initiative that you're doing. And and, I'd be curious on how you're measuring the impact and effectiveness in helping folks deal with these real time threats and reducing risk, but also in the context of having that information so you could scale an initiative like this. Right. And have it modeled in in other places. So, how does that work?

John Cohen:
Yeah. So that's the real challenge, right? You know, with our, with our communication with law enforcement, it's a lot easier. I mean, I know that dozens of threat reports that we've produced have resulted in either federal, state or local investigations and arrests, threats being mitigated. You know, I know that we have been able to actively warn, law enforcement agencies that they were about to be targeted for a cyber attack. And they were able to take steps. I know that some of our real time threat reporting has allowed jurisdictions to, to block, incoming cyber attacks, because we were able to get information to them and allowed them to adjust their security posture. But with threat law, you know, right now, it's a little bit harder. And what we're trying to do initially is to make sure that what we're providing is bringing value added to the people who are reading it.

John Cohen:
So most of our evaluation, I know this isn't directly responsive to your question, but most of our evaluation is by talking to the people who are receiving it and saying, look, is this helpful? And, and what we hope to do as the subscribing, the subscriber base grows is to be able to incorporate the types of metrics you're talking about, you know, having, but, you know, in the cyber world, as you know, I mean, in the law enforcement world, you know, it's a little bit easier, right? If you see that somebody is saying, I'm going to kill X and you're able to get that to law enforcement and they they're able to stop that, that's pretty concrete. And people are willing to talk about that. We still wrestle in the cybersecurity world with the fact that if vulnerabilities are discovered to actually exist or attacks, you know, or a presence, a mal presence is detected in one's network, people are still reticent to to share that information, share that observation. So, you know, I I think this is one of the things we're still working on is trying to to measure success.

Rachael Lyon:
And I'm going to have to push the pause button right here. We're enjoying our conversation with John so much. We wanna come back next week for a part two continuation of this great discussion on multidimensional threats. Please be sure to tune back in. And as always, thank you for joining us. Until next time, stay safe. Thanks for joining us on the To the Point cybersecurity podcast brought to you by Forcepoint. For more information and show notes from today's episode, please visit forcepoint.com/podcast.

Rachael Lyon:
And don't forget to subscribe and leave a review on Apple Podcasts or your favorite listening platform.

About Our Guest

John Cohen, Executive Director, Program for Countering Hybrid Threats, Center for Internet Security

John D. Cohen currently serves as the Executive Director for the Program for Countering Hybrid Threats at the Center for Internet Security. In that role, he works closely with law enforcement, mental health, and civil society organizations across the Nation to address issues relating to the impact of social media and the Internet on crime, violence, community safety, and constitutional protections. He is also an Adjunct Professor at the Georgetown University Security Studies Program. From January 2021 through April 2022, he served as the Assistant Secretary for Counter-terrorism and Law Enforcement Policy, Coordinator for Counterterrorism and the Senior Official Performing the Duties of the Under Secretary of Intelligence and Analysis at the United States Department of Homeland Security. Prior to his most recent service at DHS, Cohen is also an on-air expert for ABC News on homeland security, terrorism, counter-intelligence, and law enforcement issues.

Cohen has four decades of experience in law enforcement, counter-intelligence, and homeland security. He has studied mass casualty attacks and is currently studying the impact of Internet-based communications technologies on crime and homeland/national security. During the Obama Administration he served as the Acting Under-Secretary for Intelligence and Analysis (I&A) and Counterterrorism Coordinator for the United States Department of Homeland Security (DHS). During his time at DHS, Mr. Cohen was a direct adviser to the Secretary and he oversaw the development and implementation of a number of high visibility Department-wide crime prevention, counterterrorism, counter-intelligence and border and transportation security initiatives. Mr. Cohen also led the Department’s efforts to establish multi-disciplinary programs focused on: countering violent extremism; preventing and responding to mass casualty/active shooter attacks; improving information sharing; and expanding DHS’ interactions and collaboration with state and local law enforcement organizations, private sector companies and faith-based organizations.

During the Administration of George W. Bush, Mr. Cohen served as the Senior Advisor to the Program Manager for the Information Sharing Environment, Office of the Director of National Intelligence, where he authored and coordinated the implementation of key components of the 2007 White House National Strategy for Information Sharing.

Mr. Cohen has an extensive background in homeland security and law enforcement operations and policy development. He was Senior Homeland Security Policy Advisor to a number of State and local officials including Governor Mitt Romney of the Commonwealth of Massachusetts and Janet Napolitano, Governor of the State of Arizona. In 2004 he was selected by the National Journal as one of the “100 Key People in Homeland Security.” He was also named “Law Enforcement Person of the Year,” by Law Enforcement News for his work in developing and establishing a national non-emergency number, 3-1-1. During the Clinton Administration, worked closely with drug treatment providers, educators and law enforcement agencies in Maryland, DC, and Virgina while establishing the Washington – Baltimore High Intensity Drug Trafficking Area Program. He also served as an advisor to the Maryland State Government on criminal justice issues and drafted the State’s first homeland security strategy after the attacks of 9-11. He has worked within the private sector and has held a variety of government positions including: Special Agent, Office of Naval Intelligence; Police Detective and Patrol Officer, City of Gardena, CA; Senior Investigator, House Judiciary Committee, U.S. House of Representatives; and Senior Policy Advisor to the Director, Office of National Drug Control Policy, Executive Office of the President of the United States. He is the recipient of a number of awards and commendations including the Drug Enforcement Administration “Administrator’s Award,” The South Bay “Medal of Valor,” and the Department of Homeland Security’s “Distinguished Service Medal.”