Cyber Security Enhancements FY23
City of Durham Cyber Security Strategy
The City of Durham’s Technology Solutions Department priorities have been to continuously enhance and maintain a robust security posture. Using the IT governance process, the TS department develops strategies for the ever-changing security landscape. The CIO, CTO, and vCISO set security strategy in consultation with the CDO and Senior Cyber Security Analyst. New tools, strategies, projects, and vulnerabilities are discussed three times a week and as a result of those discussions, we are able to prioritize investments.
The City’s security strategies and investments were put to the test last year when on March 6, 2020 – two weeks before Covid-19 related lock down orders – the City of Durham had become, like many others in the country, a victim of a Cyber Security Event. Unlike some other local government agencies that were either crippled for several months or were forced to pay exorbitant ransom fees, the City of Durham was able to restore all core business systems including but not limited to: the 911, 311, ERP, utility billing systems, etc. within 5 business days thanks to the previously developed strategies
Cyber Security Accomplishments FY 2022
The City of Durham’s Technology Solutions Department priorities are to continuously enhance and maintain a robust security posture. Using the IT governance process, the TS department develops strategies for the ever changing security landscape. The CIO, CTO, and vCISO set security strategy in consultation with the CDO and Senior Cyber Security Analyst. New tools, strategies, projects, and vulnerabilities are discussed three times a week and as a result of those discussions, we are able to prioritize investments.
As a previous victim of a major ransomware attack, the City of Durham takes the maintenance and development of cyber security strategy extremely seriously. The Chief Information Officer (CIO) made cybersecurity a major strategic component of all technology-related decisions and has empowered the Chief Technology Officer (CTO) with the resources required to execute the strategies. In addition, the program is staffed with a virtual Chief Information Security Officer (CISO) and a fulltime cyber security analyst as well as cyber security intern from North Carolina Central University. The leadership that the executives provides has permeated throughout the entire technology staff who consider the security impact of every decision that is made.
We currently developed a business case that demonstrates quantifiable value to the city for its investment in the cyber security program as well as challenging current investment to ensure that the City is gaining the best business, performance, and compliance value for each of the product and/or services in our portfolio. When benchmarked against IBM’s Security Annual Data Breach Report the City’s return on investment is over 300%.
While the City’s cyber security program is mature when viewed against nationally accepted frameworks, the City’s leadership is of the opinion there is always room to improve. Repeatable processes and continuous improvement are our goal.
A cyber security program is only effective if appropriately supported with resources, both human and capital. The City’s technology leadership consistently supports the cyber security program and has provided the city’s leadership with adequate basis for their continued support. The biggest accomplishment for the City in regards to FY2022 is that our technology leadership, working with the city’s leadership, has added a Cybersecurity Analyst to the program as well as additional funding resources to invest in technologies that align the organization to the NIST 800-207 framework. There was a robust and innovative business case developed and presented that was approved for funding in May of this year. These investments are significant as it will increase the analysis the cybersecurity team can perform and allow for the addition of new tools to improve the monitoring and management of the technology environment.
The next biggest accomplishment was the commencement and completion of our FY22 Security Audits. The TS department by practice has been engaging 3rd party security audits for several years now in order to continue to improve our posture. The following items were audited during FY22:
- Firewall Configuration Audit
- Virtual Private Network (VPN) Audit
- Privileged Access Audit
- External and Internal Network Vulnerability Assessment
- MUNIS Security Audit
These audits allow us to make targeted changes and focus the investments made to increase the security posture.
The measurable benefits are evident across the environment for adding resources and doing audits in the cyber security program. Some of the metrics we analyze to measure the significance of our cyber security program include:
- SOC alerting metrics
- Number of malicious events detected by the EDR system
- Total phishing attempts blocked
These metrics are reviewed monthly with the CIO and measure the direct impact of the investments we have made.