title
Authorize the Chief Information Officer, with concurrence from the County Administrator’s Office, to provide mutual aid to regional local governments and agencies in the event of a cyber incident; Authorize the County Administrator to enter into Memorandums of Understanding to establish two-way cybersecurity services mutual aid agreements with local governments and agencies; and Authorize the County Administrator, with concurrence from County Counsel, to make technical changes to the Memorandums of Understanding
body
Published Notice Required? Yes ____ No _X _
Public Hearing Required? Yes ____ No _X _
DEPARTMENTAL RECOMMENDATION:
The Department of Information Technology (DoIT) recommends that the Board of Supervisors:
1. Authorize the Chief Information Officer (CIO), with concurrence from the County Administrator’s Office, to provide mutual aid to regional local governments and agencies in the event of a cyber incident; and
2. Authorize the County Administrator to enter into Memorandums of Understanding (MOUs) to establish two-way cybersecurity services mutual aid agreements with local governments and agencies; and
3. Authorize the County Administrator, with concurrence from County Counsel, to make technical changes to the Memorandums of Understanding.
SUMMARY:
In today's digital age, local governments are increasingly reliant on technology to deliver critical services, manage infrastructure, and communicate with citizens. This reliance on technology also makes them vulnerable to cyber incidents, such as ransomware attacks, data breaches, and other forms of cybercrime. A mutual aid agreement for responding to cyber incidents is part of a strategic effort for local governments to enhance their cybersecurity, ensure continuity of operations, and protect sensitive data.
A mutual aid agreement allows local governments to collaborate and share resources, expertise, and support during a cyber incident. This collaboration can significantly reduce the time it takes to respond to and recover from a cyber attack, minimizing the impact on public services and infrastructure. Furthermore, such agreements foster a proactive approach to cybersecurity by encouraging information sharing and joint exercises, helping to identify and mitigate potential threats before they escalate.
The benefits of a mutual aid agreement include cost savings, as the pooled resources may reduce the need for each entity to independently invest in expensive cybersecurity measures. It also ensures access to a broader range of expertise, as local governments can tap into the knowledge and experience of their peers. Additionally, a coordinated response reduces the risk of isolated and inconsistent actions that could exacerbate the situation.
FINANCIAL IMPACT:
The costs associated with coordinating with local agencies are absorbed by the Department’s FY2024/25 Working Budget. Any requests for mutual aid will be considered within existing departmental appropriations and resources.
DISCUSSION:
In discussion with senior information technology leaders from local city governments, the desire and intention to establish an MOU outlining mutual aid agreements to work as a regional team during a cyber incident has broad support. The Draft MOU is included as Attachment A. The MOU seeks to authorize the use of county or city resources to assist in a cyber incident response, but it does not obligate either party.
The intention is for a responding agency to offer resources and assistance as suitable to the incident without meaningfully degrading the responding agency’s ability to fulfil their own mission. Close coordination with the County Administrator’s Office during a response will be necessary to ensure wise use of County resources should the County be asked to provide mutual aid to a city or agency. The expectation is that cities would exercise the same level of internal control should the County make a request for mutual aid. The type of resources that could be anticipated to be offered include staff time, spare equipment to loan out, and/or physical office space with safe networking connections.
A mutual aid agreement is a vital tool for local governments to strengthen their collective cybersecurity defenses, enhance resilience, and ensure the continued delivery of essential public services in the face of evolving cyber threats.
The CIO in coordination with the County Administrator will be working to finalize the Draft MOU with the cities. If any substantial changes to the Draft MOU are identified during this process, the revised MOU will be presented to your Board for approval.
ALTERNATIVES:
The Board could choose not to authorize mutual aid response to local governments and agencies. This is not recommended as establishing proactive mechanisms to support local governments and in turn be supported by other local governments can be of benefit during a cyber incident response.
OTHER AGENCY INVOLVEMENT:
DoIT coordinated with the County Administrator’s Office and County Counsel on the MOU and intentions to offer mutual assistance.
CAO RECOMMENDATION:
APPROVE DEPARTMENTAL RECOMMENDATION