DEPARTMENT: Information and Technology Services Department
DEPARTMENT HEAD: Craig Hopkins, Chief Information Officer and Patsy Boozer, Chief Information Security Officer.
COUNCIL DISTRICTS IMPACTED: Citywide
SUBJECT:
Cyber Events Plan
SUMMARY:
In this briefing we will provide an overview of the City of San Antonio cyber team roles and responsibility and how they positively impact the cyber resilience of the CoSA network. We will then discuss cyber event planning and execution that occurred in FY2018 and will continue in FY2019-FY2020. Additionally, we will discuss advanced technology of artificial intelligence and advanced learning. The last item of discussion will demonstrate how current and future planning will affect the future state of the CoSA cyber security and resiliency.
BACKGROUND INFORMATION:
The City of San Antonio security team was established in 2012 and operates using the National Institute of Standards and Technology (NIST) cyber security framework. The Cyber security team is designed and organized to implement, within the five disciplines of the Cyber Security Framework (CSF) and requires the use of Innovative technologies to coordinate and execute cyber security training table top and live fire exercises with the EOC, SAPD, FEMA, DHS, Municipal and Community partner representatives. A major component of the CSF framework is identification and detection which requires 24/7 year around cyber security monitoring of systems and networks. CoSA is working with municipal partners in the San Antonio area; City of San Antonio, CPS Energy, San Antonio Water System and VIA Metropolitan Transit on the planning and design of a shared Municipal Security Operations Center. The end state vision is to become the model Urban Cyber Security Center of Excellence.
ISSUE:
A shared municipal Security Operation Center (SOC) would allow us to share in the cost, monitoring, training and innovation required to become the model Urban Cyber Security Center of Excellence. The Municipal SOC concept will establish the following shared capabilities:
1. Preventing cybersecurity incidents through proactive, operational monitoring,
2. Monitoring, detection, and analysis of potential intrusions in real time.
3. Coordinating and integrating response to confirmed incidents.
4. Providing real-time situational awareness and reporting on cybersecurity status, incidents, and trends in adversary behavior to member organizations.
5. Integrating technical infrastructure and security procedures for partner collaboration.
6. Creating a security training ground for local talent through CivTechSA program.
ALTERNATIVES:
This item is for briefing purposes only
FISCAL IMPACT:
This item is for briefing purposes only
RECOMMENDATION:
Continue to use innovative technologies to coordinate and execute cyber security training, table top and live fire exercises with the EOC, SAPD, FEMA, DHS, Municipal and Community partner representatives. Establish a San Antonio area Information Sharing and Analysis Organization (ISAO) so that members can participate in a cyber security information sharing ecosystem where information is commonly shared between organizations and ISAO’s. Continue Municipal Security Operations Center planning, location selection, design, build out to realize the innovative vision of San Antonio becoming the model Urban Cyber Security Center of Excellence.