Title
a. Authorize the Director of Information Technology to execute a Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) Cyber Assessment Rules of Engagement in order to allow an upcoming no-cost cyber Red Team Assessment (RTA) to be performed by CISA as a mean to proactively test the County's cybersecurity defenses.
Report
RECOMMENDATION:
It is recommended that the Board of Supervisors:
a. Authorize the Director of Information Technology to execute a Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) Cyber Assessment Rules of Engagement in order to allow an upcoming no-cost cyber Red Team Assessment (RTA) to be performed by CISA as a mean to proactively test the County's cybersecurity defenses.
SUMMARY/DISCUSSION:
With the ongoing threats to local government including but not limited to ransomware, the activities of nation state actors and threats to election security, the IT Department is registering for a no-cost Red Team Assessment from Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) in order to audit and test the county's cyber security defenses and incident response procedures. The goal is to obtain a review of these defenses and procedures and to subsequently improve or correct them as necessary.
In order to assist a variety of stakeholders to ensure the cybersecurity of our nation's critical infrastructure, CISA offers a range of cybersecurity assessments that evaluate operational resilience, cybersecurity practices, organizational management of external dependencies, and other key elements of a robust cybersecurity framework. CISA's cybersecurity assessment services are offered solely on a voluntary basis and are available upon request.
A CISA assessments Red Team Assessment (RTA) is a comprehensive evaluation of an IT environment where the CISA team attempts to gain unauthorized access into and persistence within the requesting ent...
Click here for full text