CrowdStrike outage could boost Marin County’s cybersecurity preparedness

A recent CrowdStrike software update failure could have a significant impact on answers given to a Marin County grand jury next month following its report on modernizing and securing the county’s databases and computer systems at all levels of government.

The report contains four recommendations for consideration by boards and public agencies aimed at protecting online content and information from hackers and other malicious actors.

While the CrowdStrike outage was not the result of a cyberattack, ransomware attacks on California public agencies were widely publicized last year, according to the grand jury report.

The Marin County Grand Jury has the authority to conduct independent investigations and inquiries (both public and private) into matters it deems important or in the public interest, and often issues findings and reports based on its findings. In 2020, it issued its first cyber report and recommendations.

The May 17 report calls on the county Board of Supervisors, as well as 11 city governments, the Marin County Departments of Information and Technology and Human Resources to review its recommendations. The groups have until Aug. 17 to respond.

The document, titled “Cybergotry: Are We There Yet?”, calls for an assessment of the possibility of establishing a joint authority on cybersecurity.

The goal is to raise general awareness of cyber preparedness among members. This proposed authority would acquire and maintain perimeter defense systems designed to prevent and eliminate ransomware and other more advanced cyberattacks.

The California Legislature defines a Joint Powers Authority as an independent organization created by two or more governmental entities for a specific purpose or project, such as solving a common problem, funding a project, or acting as a single entity representing a specific activity.

This definition includes county agencies, municipalities, special districts and other public agencies in Marin that wish to find alternative ways to provide public services.

This would enable public entities to pool resources, coordinate efforts, and eliminate redundancies or overlapping services, which can save taxpayers money and provide services cost-effectively. Such an authority could also obtain better rates or quotes from external services to achieve economies of scale.

However, it only authorizes the agency to exercise legal powers that are common to all contracting public agencies. Such an agreement must be approved by all the governing parties involved.

New positions in the security services

The 22-page report recommended the creation of a new position in the IT department for fiscal year 2025-26 that would be tasked with providing assistance to other Marin agencies and municipalities in cybersecurity awareness, training, implementation and monitoring of cybersecurity systems.

The report also proposed the creation of two new systems engineering positions to be filled by cybersecurity experts who would be responsible for conducting security risk assessments, making recommendations and implementing cybersecurity solutions for public agencies in Marin.

One of these positions would be as a member of the district joint authority and liaison to the head of IT security.

The final recommendation advises Marin agencies to require current, written, competitively bid contracts (signed within the last five years) that include business continuity provisions for any third-party IT services they use.

In its 2020 report, the grand jury made nine recommendations to address the growing risks.

Following the release of the 2020 jury recommendation, county officials launched the Marin Information Security Collaborative, which is tasked with providing cybersecurity information and best practices to Marin municipalities — including representatives from the county’s cities and towns.

The collaboration later expanded to include other Marin community partners and private organizations. In 2022, it was renamed the Marin Security and Privacy Council.

Increased risk exposure

In recent years, global cyberattacks have become more sophisticated.

Phishing and spoofing are the most common forms of attacks. Phishing is the deceptive practice of sending emails or other messages that purport to be from reputable companies in order to trick people into revealing personal information, such as passwords and credit card numbers.

Impersonation is when someone or something pretends to be something else (e.g., makes an email appear to come from a legitimate source) in order to gain someone else’s trust, gain access to computer systems, steal data, money, or spread malware.

The new report also found that the so-called “dark web” plays a significant role in cyberattacks due to its anonymity and lack of regulation, providing cybercriminals, hackers and others with a platform to operate beyond the reach of law enforcement.

The Center for Internet Security’s national cybersecurity review found that cyberattacks on state and local governments increased between 2022 and 2023. The report compared the first eight months of 2022 and 2023, when participating government organizations said they saw significant increases in several types of cyberattacks.

Security awareness firm SoSafe reported that the average cost of a cyber incident at a public sector agency was more than $2.6 million.