My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
FFY23 SLCGP (E25-313) Cypbersecurity Grant contract partially signed
>
Meetings
>
2025
>
01. January
>
2025-01-21 10:00 AM - Commissioners' Agenda
>
FFY23 SLCGP (E25-313) Cypbersecurity Grant contract partially signed
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
1/16/2025 1:08:25 PM
Creation date
1/16/2025 1:04:11 PM
Metadata
Fields
Template:
Meeting
Date
1/21/2025
Meeting title
Commissioners' Agenda
Location
Commissioners' Auditorium
Address
205 West 5th Room 109 - Ellensburg
Meeting type
Regular
Meeting document type
Supporting documentation
Supplemental fields
Item
Request to Acknowledge FFY23 SLCGP (State and Local Cybersecurity Grant Program) Agreement E23-313
Order
10
Placement
Consent Agenda
Row ID
126584
Type
Grant
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
39
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
Attachment D <br />WORK PLAN <br />FY 2023 State and Local Cybersecurity Grant Program <br />PROJECT #1 TITLE I Multi -Jurisdictional Cyber Security Assessment and Mitigation <br />PROJECT DESCRIPTION <br />Kittitas County Emergency Management is submitting this application on behalf of Kittitas County. At a high level, this <br />application outlines the cybersecurity needs based on assessments, audits, and evaluations of current systems. Our <br />projects include the needs for off -site immutable backup, mobile and laptop device management, penetration testing, <br />and a program designed to detect, analyze, and respond to security threats of government data. Already in use in <br />Kittitas County is mobile device management on a very small and basic level. By upgrading our systems to include <br />managing mobile data more in depth as well as introducing laptop device management, we are building upon our <br />system to reach cybersecurity best practices. Kittitas County also currently has an immutable backup system, <br />however, making that system off -site would add a new level of security. To continue building upon best practices and <br />security measures in place, our project includes integrating a SIEM system that enables our IT professionals to <br />efficiently identify breaches and threats to our county network using a logging system which we do not currently <br />have. As our IT professionals have collaborated, the implementation of these projects would be a stakeholder <br />approach for interoperability and maximal benefit to all agencies. This grant would specifically pay for the installation <br />of Rubrik, an offsite backup solution, or similar, and to purchase Fortigate network firewalls, or similar, to improve our <br />VPN security. This would leverage the use of our Yubikeys for remote users to VPN. This is the first step towards <br />being able to enforce Yubikey MFA for remote users. <br />GAP BEING ADpRESSED _— - - - - - - - <br />Using the NCSR and CAS security systems yearly assessments, it was identified for best practice purposes to <br />implement an off -site immutable backup system for disaster recovery in addition to the backup system currently in <br />place. Utilizing the most recent CISA audit, it was suggested to enhance penetration testing being used by <br />stakeholders to ensure consistent and periodic phishing tests occur for cybersecurity safety. To continue to build on <br />systems in place and close security gaps, a SIEM system would provide us with security logs to allow our IT <br />professionals to add a "fast and efficient" element to identifying threats to our systems. Through device management, <br />we can ensure device health and compliance with all network cellphones and laptops, instead of just some <br />cellphones, as well as advanced en point management capabilities for mitigation of cyberthreats to protect <br />ment data. <br />IMPACT <br />Giving our stakeholders the means to expedite an off -site immutable backup system would vastly increase our whole <br />county's ability to recover from an event in which a catastrophic incident impacts the location where the backup <br />servers are currently being held. Long term sustainment of the SIEM will be planned for as well as the annual backup <br />and maintenance costs. In the case of the mobile and laptop management program purchase, our IT professionals <br />would be able to conduct granulated control of updates and security measures over county owned electronics to <br />include laptops, a capability they do not currently have, outside the county network. This program is subscription <br />based, with the plan to put the subscription in the annual county budget moving forward with our plan of compliance <br />with best practices. Security information and event management (SIEM) would provide the capability to save all logs <br />from every device on the county network to a database that enables IT to identify breaches and threats to the system <br />much faster than they can right now. Budgeting in the future after the initial costs from the grant also includes <br />renewals and support for the logging and penetration programs. This grant will assist in accelerating protection <br />against security vulnerability by injecting the needed funding now instead of trickling the funding in over the next few <br />years. <br />In 2021, Kittitas County IT had penetration testing done by a third -party vendor that highlighted concerns that could <br />be addressed with this grant funding. The test findings included Kittitas County scoring at the highest risk level in <br />access and control and lifecycle management, which is an issue that could be resolved by the device management <br />piece of this project. Another finding Included Kittitas County scoring at a mid -range risk level for detection and <br />investigation, which SIEM would directly focus on. When the project is complete, our IT professionals expect to have <br />DHS-FEMA-SLCGP-FY23 Page 36 of 39 Kittitas County Sheriff's Office, E25-313 <br />
The URL can be used to link to this page
Your browser does not support the video tag.