title
Receive a presentation and consider adopting a resolution recognizing October 2023 as National Cybersecurity Awareness Month
body
Published Notice Required? Yes ____ No _X _
Public Hearing Required? Yes ____ No _X _
DEPARTMENTAL RECOMMENDATION:
The Department of Information Technology recommends that the Board of Supervisors receive a presentation and consider adopting a resolution recognizing October 2023 as National Cybersecurity Awareness Month.
SUMMARY:
National Cybersecurity Awareness Month is a nationwide effort held each October to raise awareness about the importance of cybersecurity. The U.S. Department of Homeland Security (DHS) leads the outreach effort, and has received support from other Federal, State, and local agencies, as well as industry partners and centers of research. For 2023, the DHS’ National Cybersecurity Awareness Month campaign is, “It’s easy to stay safe online.” This theme encourages individuals and organizations to own their role in protecting their part of cyberspace, stressing personal accountability and the importance of taking proactive steps to enhance cybersecurity. Recognizing October as National Cybersecurity Awareness Month also complements the Board’s priority of addressing election security and will facilitate outreach to present a unified message to the general public.
FINANCIAL IMPACT:
The costs associated with preparing this agenda item and informational messaging are nominal and absorbed by the department’s FY2023/24 Working Budget. The costs associated with preparation and purchase of the resolution materials is included in the Board’s FY2023/24 Working Budget.
DISCUSSION:
The 2023 theme of “It’s easy to stay safe online” encourages individuals and organizations to own their role in protecting their part of cyberspace, stressing personal accountability and the importance of taking proactive steps to enhance cybersecurity.
In 2023, ransomware attacks are not only getting more targeted and sophisticated, but they are getting more costly to recover from. To address the ransomware threat, the Department of Information technology (DoIT) has implemented security technologies to reduce the risk and impact of a ransomware infection in the network.
This year DoIT has implemented a variety of measures to increase cybersecurity within the network. DoIT completed deployment of the KnowBe4 Phish Alert button on Outlook clients, allowing our users to instantly report suspicious emails directly to DoIT. DoIT has also implemented passwordless authentication using YubiKey smart card in the County domain. YubiKey smart card are hardware-based security tokens that provide multi-factor authentication (MFA) when authenticating to systems using domain administrator accounts. Additionally, DoIT recently completed the deployment of Privilege Identity Management (PIM), enabling DoIT to manage, control, and monitor access to important resources in Microsoft Azure cloud.
DoIT periodically organizes tabletop exercises focused on ransomware attacks to assess and enhance the effectiveness of our incident response plan and playbook.
Cybersecurity awareness training to County employee will continue to be offered. This training is updated regularly and available on an annual basis for County employees to stay current on threats the County is likely to face. Formal declaration of National Cybersecurity Awareness Month by the Board of Supervisors will facilitate awareness to present a unified message to employees and the general public. Additional information on cybersecurity awareness can be obtained online at:
<https://www.cisa.gov/national-cyber-security-awareness-month>.
ALTERNATIVES:
The Board of Supervisors could choose not to receive the presentation and not adopt the attached resolution; however, this alternative is not recommended as adoption by the Board will signal the importance of developing positive, lasting cybersecurity habits.
OTHER AGENCY INVOLVEMENT:
Cybersecurity and Infrastructure Agency (CISA), a subdivision of the Federal Department of Homeland Security is a key partner in cybersecurity.
CAO RECOMMENDATION:
APPROVE DEPARTMENTAL RECOMMENDATION