The URL can be used to link to this page

Home My WebLink AboutDS Response to Grand Jury Report - Cyber Preparedness - Are We There Yet PPTSan Rafael’s Cybersecurity Preparedness San Rafael’s Response to the Marin Grand Jury Report on Cybersecurity Background •Rise in incidents and attacks in U.S. cities •2019-2020 Marin County Civil Grand Jury Report - Cyberattacks: A Growing Threat to Marin Government •COVID-19 increase in remote work •May 2021 Executive Order 14028 on Cybersecurity •2024 Marin County Civil Grand Jury Report – Cyber Preparedness -Are We There Yet? Cities & Counties Are Targets •Custodians of sensitive personal and financial data •Increase in remote work •Smaller cities have fewer IT resources •Ransomware targets •Phishing, social engineering, and viruses Cities & Counties Are Targets •February 2023 -Oakland, CA •May 2023 –San Bernadino County •July 2023 –Hayward, CA •February 2024 –Oakley and Pleasant Hill, CA •May 2024 –St. Helena, CA Summary of the Report •Marin Department of Information Services and Technology (IST) •Cybersecurity Best Practices •Third-Party Providers of IT, IS and Cybersecurity Services •Cybersecurity Plans •Insurance Risk Pools, Cybersecurity Audits and Cyber Insurance •Joint Powers Authorities •MIDAS •Collective Bargaining Agreements (CBA), Managed Service Agreements Key Findings •F1.Business continuity clause for IT Services •F2.Current,written contracts with IT providers •F3.Insurance risk pools for cybersecurity •F4.Adopted cybersecurity plan •F5.Joint Powers Authorities in Marin County •F6.County Collective Bargaining Agreements impact on Marin County Department of Information Systems &Technology negotiations Recommendations for San Rafael R1. Marin agencies should require a current (executed within the last five years), competitively-bid, written contract which includes business continuity language for any third-party Information Technology services they use. Recommendations for San Rafael R6. All Marin municipalities should: •a) take all steps necessary to acquire an appropriate .gov or .ca.gov domain. •(b) formulate and adopt a plan for rolling out a .gov or .ca.gov website and emails by the start of the 2025-2026 Fiscal Year. Cybersecurity Measures •Security Awareness training program •Equipment replacement program •Patching management program •Monitoring system •Onboarding and offboarding procedures •Multi-factor authentication for systems that support it •Single Sign On for high value systems •Password complexity and rotation polices •Disk encryption on all endpoints Cybersecurity Measures •Air gapped offsite backups •Endpoint Detection and Response deployed to all endpoints •Hardware inventory of all endpoints •Network segmentation •Content filtering on all endpoints •Store IT credentials in a Privileged Access Management system •Mobile Device Management for public safety mobile devices •Security Event and Incident Management (SEIM) •Disaster Recovery Environment Cybersecurity Government Partners •Membership of Marin Security and Privacy Council (MSPC) •Membership of Municipal Information Systems Association of California (MISAC) •Coordination with Cybersecurity & Infrastructure Security Agency (CISA) Incident Response Plan Incident Response Plan Current and Upcoming Measures •Public Safety Network Security •Cybersecurity Framework and Incident Response Plan •Policy for Governance, Risk, and Compliance •Planning for AB 1637 (.gov domain)