Agenda

Back to Calendar Return

Consent

Brentwood City Commission Agenda

Meeting Date:	02/24/2020
Resolution 2020-17 - Approval to perform a Cyber Security Assessment from Dynetics, Inc.
Submitted by:	Dan Harrison, Technology
Department:	Technology

Information

Subject

Resolution 2020-17 - Approval to perform a Cyber Security Assessment from Dynetics, Inc.

Background

In 2016, the Technology Department conducted its first Cyber Security Assessment by an outside agency. The results of that study produced two major security action items for the Technology Department. The first weakness was physical port security to network switches. At the Library, patrons were unplugging City computers and connecting their laptops to the City’s network. While servers and network resources were secure with passwords, the network could have been susceptible to viruses on those laptops. We have corrected this by implementing port level security on both the physical network ports and the City’s corporate wireless access networks to non-authorized equipment.

The second major lesson learned was the lack of end user cyber security training. In the first Cyber Security Assessment, random users across all City departments were targeted in a phishing email campaign. A phishing email is when criminals try to “lure” users in clicking a link in an email that launches malicious programs in the background designed to harvest the user’s network credentials. In the first assessment, 25% of the targeted users clicked through, which would have meant that their account information was compromised had it been a true phishing attack. Based off the study, the City of Brentwood partnered with the vendor Knowb4 for end user cyber security training. All users with the City were required to complete mandatory cyber security training. All new employees and commissioners are now required to complete training within one month of receiving their City email address. Periodically, phishing email campaigns are sent to all users and those who fail the test are automatically signed up for refresher training. Completion is required within one month of notification.

The training from KnowB4 has proven to be successful with users demonstrating the knowledge to inspect emails to determine if they are legitimate emails or phishing emails. In the business environment where users undergo Cyber Security Training, the “click” rate where users click on links on a bogus email is approximately 20%. Email users at the City of Brentwood are currently at a 4.7% click rate, which is four times better than the national average.

Since the last Cyber Security Assessment in 2016, cyber attacks have grown exponentially. According to Industryweek.com, ransomware attacks grew 350% from 2018 to 2019, and that rate is expected to continue to increase in 2020. Part of the non-routine work plan for the Tech Department in the fiscal year 2020 is to conduct another Cyber Security Assessment. We have been researching companies to for the assignment and have chosen Dynetics, Inc. located in Huntsville Alabama. They specialize in vulnerability discovery, cyber hardening and anti-tamper technologies. Their cyber experts will be onsite to evaluate and assist in securing systems from the inside by evaluating platforms, network structure, and mission systems to fully assess the threats.

The Technology Department is seeking permission to hire the vendor Dynetics, Inc. to perform the assessment. Total for services and expenses for Dynetics is $18,800.00 that is a higher the budgeted amount of $15,000 but will be absorbed in the department’s budget. This purchase will be made under State contract, SWC #405.

Please contact the Technology Director with any questions.

Staff Recommendation

Staff recommends the purchase the cyber security assessment from Dynetics.

Fiscal Impact

Amount :	$18,800.00
Source of Funds:	General Fund
Account Number:	110-41640-82599

Fiscal Impact:

Attachments
Resolution 2020-17
Contract No. 2020-007
Scope of Work
Signed Resolution