Legislation Details

File #: 22-713    Version: 1
Type: Financial and General Government Status: Agenda Ready
File created: 11/7/2022 In control: BOARD OF SUPERVISORS
On agenda: 11/15/2022 Final action:
Title: AUTHORIZATION TO APPLY FOR AND ACCEPT GRANT FUNDING RELATED TO INFORMATION TECHNOLOGY AND CYBERSECURITY OPPORTUNITIES (DISTRICTS: ALL)
Attachments: 1. 111522 CTO Grant Authority final, 2. Agenda Information Sheet grantfunding final signed, 3. 111522 CTO Grant Funding Authority Approval Log final, 4. 11152022 ag20 Speakers, 5. 11152022 ag20 Minute Order

 

DATE:

November 15, 2022

 20

                                                                                                                                                   

TO:

Board of Supervisors

 

SUBJECT

Title

AUTHORIZATION TO APPLY FOR AND ACCEPT GRANT FUNDING RELATED TO INFORMATION TECHNOLOGY AND CYBERSECURITY OPPORTUNITIES (DISTRICTS: ALL)

 

Body

OVERVIEW

In response to the unprecedented number of cybersecurity threats facing local governments, an increasing number of information technology and cyber security grant opportunities have been established by state and federal agencies. These grant opportunities are designed to help local governments address the ever-increasing cybersecurity risks and cybersecurity threats to information systems by domestic and foreign actors.

 

County Technology Office staff have been researching various recently announced programs and evaluating how the potential grants can improve the County’s current and future cybersecurity posture. Today’s actions authorize the Chief Information Officer, or their designee, to apply for and accept grants that provide opportunities to improve the information technology environment and cybersecurity posture of the County of San Diego.

 

 

RECOMMENDATION(S)

CHIEF ADMINISTRATIVE OFFICER

1.                     Authorize the Chief Administrative Officer, or their designee, through December 31, 2027, to pursue grant funding, submit applications, and accept awarded grants that provide opportunities to improve the information technology environment and cybersecurity posture of the County of San Diego.

2.                     Authorize the Chief Administrative Officer, or their designee, to execute all required grant documents, including any applications, agreements, annual extensions, amendments, and/or revisions.

 

 

EQUITY IMPACT STATEMENT

Today’s actions would provide the Chief Administrative Officer, or their designee, with the authority to apply for and accept grant funding that has the potential to improve the information technology environment and cybersecurity posture of the County of San Diego. Community engagement and outreach will be paramount to the success of any program that is implemented under this authority.

 

SUSTAINABILITY IMPACT STATEMENT

The request to apply and accept proposals to continuously improve the County’s information technology and cybersecurity infrastructure supports the County of San Diego’s sustainability goal of providing just and equitable access to County services, policy decision-making, and resource allocation in support of sustainable communities by protecting and providing resilience to the information technology systems the County uses to deliver public services.

 

FISCAL IMPACT

There is no fiscal impact associated with the authority to pursue grant funding. Staff will return to the Board as necessary to establish appropriations for grants that are awarded that cannot be supported by the Operational Plan at the time of award. There will be no change in net General Fund costs and no additional staff years as a result of today’s proposed actions.

 

BUSINESS IMPACT STATEMENT

N/A

 

Details

ADVISORY BOARD STATEMENT

N/A

 

BACKGROUND

Like all federal, state, and local governments, the County of San Diego (County) faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public services and data the County provides and maintains. The result of an attack on the County’s computer and information technology systems could impact its operations and damage the County’s digital networks and systems. The costs of remedying any such damage will be substantial. Prevention, detection, assessment, and remediation of cyber incidents is essential in maintaining data security and service provision. Recently the federal government, in conjunction with State of California have announced grant programs to help local governments improve their prevention and detection systems as well as remediation and recovery efforts to combat the persistent threat for malicious actors.

 

The County relies on a complex technology environment to conduct its operations. As a recipient and provider of personal, private and sensitive information, the County faces multiple cyber threats including, but not limited to, hacking, viruses, malware and other attacks on computers and sensitive digital networks and systems. The County uses a third-party contractor for its information technology services and that contractor provides security and technology functions and processes that protect the services and data of the County.

 

County IT system security requirements are based on IT Governance, defense in depth principles, people, process, and procedures, and from National Institute of Standards and Technology (NIST) and are designed to comply with federal and state regulations.  Processes and procedures have been designed to ensure the right controls are applied to the right systems in a predictable fashion. The result is a secure and compliant environment with a balanced use of resources to protect County processes, data, and assets.

 

In addition, the County has developed a number of business continuity, incident response and disaster recovery plans related to cybersecurity that it tests regularly throughout each year. The County also has a Learning Management System that is integrated into the County’s Security Awareness Training Program. The County continuously updates the content in this program using information from multiple training providers on topics like spam and phishing attempts.

 

Today’s actions authorize the Chief Administrative Officer, or their designee, to apply for and accept grants that provide opportunities to continue to improve upon the existing information technology environment and cybersecurity posture of the County of San Diego. This action will enable the County to apply additional resources to improve the cybersecurity posture and continuously improve information technology infrastructure while also supporting innovation in these areas. 

 

The authority would remain active through December 31, 2027, unless rescinded by the Board, to allow for the continued review of grant opportunities that the County could leverage to assist improving the information technology environment and cybersecurity posture of the County of San Diego.

 

LINKAGE TO THE COUNTY OF SAN DIEGO STRATEGIC PLAN

Today’s proposed action to authorize the Chief Administrative Officer, or their designee, to apply for and accept grants that provide opportunities to improve the information technology environment and cybersecurity posture of the County of San Diego supports the Sustainability, Equity, Empower, Community, and Justice Strategic Initiatives by providing additional opportunities for the County to receive funding that can directly benefit our residents and businesses and help our regional economy grow.

 

Respectfully submitted,

HELEN N. ROBBINS-MEYER

Chief Administrative Officer

 

ATTACHMENT(S)

N/A