Marin County, California, is facing increasing challenges in safeguarding its government agencies against cyber threats, according to insights from the Marin County Civil Grand Jury. A recent report by the panel revisits issues highlighted in last year’s review, emphasizing the need for improved cybersecurity measures across various county agencies.
The report points out that two Marin agencies were targeted in cyberattacks within the past year. Last July, the Marin Housing Authority fell victim to a phishing scheme, resulting in a loss of $950,000. The attacker masqueraded as a vendor and redirected funds through what appeared to be routine transactions. As of now, none of that money has been recovered, the grand jury noted.
In a separate incident, more than 190,000 hacking attempts were made on the Sausalito city website in March, all within a single day. City officials successfully thwarted the attack, but it prompted the City Council to cancel a scheduled meeting and defer agenda items. The grand jury underscored the persistent threat that cybercrime poses to local municipalities.
Previously, between 2017 and 2018, Marin County experienced five cyberattacks on its government systems. This included an incident that led to $309,000 being wire-transferred to a hacker’s account after financial staff were misled. A prior grand jury investigation revealed that all 11 municipalities in Marin were implementing or had already adopted many of the cybersecurity recommendations made in 2020.
In an effort to bolster cybersecurity across the county, officials established the Marin Security and Privacy Council, aimed at providing municipalities with best practices and guidance. The grand jury had previously urged county supervisors to consider the formation of a joint powers authority dedicated to cybersecurity, which could acquire and operate resources to defend against cyber threats.
Liza Massey, the county’s chief information officer, mentioned that interest in the joint powers authority was minimal among city representatives. Some municipalities expressed a willingness to consider collaboration, provided costs were manageable, while others were content with their existing cybersecurity measures.
According to the latest report, Marin County’s Information Systems and Technology (IST) department is tasked with supporting the cybersecurity framework for various county departments and special districts. However, key components of the cybersecurity infrastructure at the Marin Housing Authority and Marin Transit District are managed by third-party contractors, leaving a significant portion of the systems decentralised.
The grand jury cautioned that this fragmented approach to information systems presents challenges in securing data and managing resources effectively. It recommended that all departments centralize their operating systems under the IST, which would streamline oversight and minimize risks related to cybercrime.
Massey confirmed that the IST remains the primary source of cybersecurity resources for county agencies, including the sheriff’s office, and has been actively working with the Housing Authority to investigate and address issues stemming from last year’s breach.
The grand jury’s report includes six new recommendations aimed at guiding county authorities. Among them, the jury advocates for the centralization of enterprise operating systems for all county departments, and for the IST staff to oversee computer security for Marin Transit and the Housing Authority. Additionally, it suggests that the county transition all website domains from .org to .gov by the end of the year to enhance public recognition of government-operated sites.
“We are reviewing this report for its new recommendations and preparing our responses,” Massey stated. Meanwhile, Kimberly Carroll, director of the Housing Authority, confirmed that she will provide a direct response to the grand jury’s findings.
Marin County Supervisor Mary Sackett, who leads the board, indicated that the county will address the report’s findings, though she did not elaborate further.
This report is available online for public access.
This article was automatically written by Open AI, and the people, facts, circumstances, and story may be inaccurate. Any article can be requested for removal, retraction, or correction by writing an email to contact@publiclawlibrary.org.