🏛 The Cambridge Record
Search ▸ Communication to the City Council

a report from Councillor Craig Kelley, Chair of the Public Safety Committee, for a public hearing held on June 26, 2018 to discuss City’s Cyber Security Policy

From Donna P. Lopez, City Clerk·Council meeting Sep 17, 2018·17 pages·📄 Original PDF (city portal)

⚠ This document is a scan; its text was recovered by optical character recognition and may contain errors. The original PDF is authoritative.

HITACHMENT A PUBLIC SAFETY COMMITTEE COMMITTEE MEETING - AGENDA - Tuesday, June 26, 2018 3:30 PM Ackermann Room CALL OF THE MEETING The Public Safety Committee will conduct a public hearing to discuss the City's Cyber Security Policy. INTRODUCTION AND PRESENTATION Presentation by Councillor Kelley. Overview discussion about cyber-security issues as they affect the City of Cambridge, including information technology and law enforcement capacities. DISCUSSION BY STAFF DISCUSSION BETWEEN CITY COUNCIL AND STAFF PUBLIC COMMENT CLOSING REMARKS ADJOURNMENT Cily of Cambridge Last Updated: 6/22/2018 8:19 AM cambridgema.gov
ATTACHMENTB 25 June, 2018 Cambridge Cybersecurity and
Internet for...... EVERYTHING We depend on the our computers and the
Paper Work On Pen And The World Cannot computers do not work..... If we lose access to the Internet or our The world as we have come to know it ends
PAY TO THE Cumbetage CAMBR 10113005° a scary thing? identities stolen. Remember when losing a check was our various online records..... If someone else accesses our computers or We may lose personal information or have our
What does "cyber" look like?
OBL INTERCEP TEN PRICE What does "security" look like?
* ta KELLEYC CYBERSECURITY Combined "cybersecurity" looks like....
• Staff training • You name it..... • Internal attacks • External attacks • Expensive upgrades Challenges include: • Vendor applications • False sense of security • Jurisdictional limitations • Identity theft and 'wire fraud' • Failing infrastructure like telephone poles If only it were that easy
• Atlanta, GA • Kim Kardashian • Cambridge Health Alliance • 2016 US Presidential election • Equifax (credit reporting bureau) • Ashley Madison (online affair site) • Prykarpattyaoblenergo energy utility in Ukraine Where things have gone badly include
60 180 80 40 20 100 140 120 160 1.8 2011 16.1 2016 Global Data (ZB) 163 2025 Online Data is Exploding in Size What the data tells us
Data breaches and records expesed in mithons 250 1500 1 000 [phone removed] [phone removed] 321 2007 446 [phone removed] • Data breaches 2010 662 [phone removed] [phone removed] 78V What the data tells us 1 093 Data Breaches are Exploding in Number* 2017 1 579 *Records exposed have also increased but at a flatter rate
2017 (YEAR Health Banner Brazzers EX Altype Anthe (updated 8th May 2018) Selected losses greater than 30,000 records Friend 412, 000,000 Finder Network Parent company of Adult Friend Finder, Cams.com and Penthouse.com BUBBLE COLOUR S World's Biggest Data Breaches Data Breaches are Exploding in Number Interpark Instagr. КM.мвмсс Lynda com YEAR (METHOD OF LEAK) lyFitness. medical Malayaan practitioners telcos • MVNOs Orbitz Paylvest Diagnost alaysiar, Paner BUBBLE SIZE NC MyHerit What the data (differently visualized) tells us
levels escalating potential impacts, promoting cybersecurity at all Cambridge must be aggressive in In the face of expanding risks and
cyber disaster. become unusable. General IT Recommendations • Cambridge's IT Strategic Plan is 5 years out of date and does not address crucial security vulnerabilities and low-hanging fruit. This will not be cheap. • Consider obtaining cyber breach insurance to defray the cost of any potential • yes haste, we need to have a reevant recovery lan prior to the event. (roeds city business needs, and proactive cybersecret measures is essential. • Develop a disaster recovery plan in case computers or communication systems
resources. capabilities. departments. cybersecurity. responsibilities. their problem too. • Consider splitting cybersecurity responsibilities from general IT General IT Recommendations • Clarify and make public CPD's cybercrime unit's responsibilities and determine if joint training, purchasing or other ettorts could help with • Research state resources and other municipalities with similar goals and • Create a Chief Cybersecurity Officer position or clearly identity a current position with that responsibility for the City as a whole and within relevant • Resending Digital Drency Protece orega play ok or cyber curi • and ger tral training for start People need to eiderstand that securse cuelty is • Consider having the 2020 fiscal year budget specifically identify cybersecurity
Where do things stand in Cambridge?