Riechel Reports - Events - City of San Bruno CA

San Mateo County Mosquito & Vector Control District
October 2020 Department Reports


Article Source:  San Mateo County Mosquito & Vector Control District - CA

San Mateo County MVCD
Board of Trustees Meeting November 12, 2020

MANAGER’S REPORT


Coming Months

•    Review strengths and weaknesses of all departments and programs with department heads
•    Review strategic plan to determine if goals are being met
•    Meet with each staff member individually to receive feedback about improvements in their department
•    Meet with Vector and Special District Mangers individually to review best practices and future goals in all departments
•    Meet with each committee chair to review goals and future meetings
•    Schedule meetings with each Board member to receive feedback regarding all District business
•    Review ways to allow staff more training opportunities during the COVID-19 protocol District projects
•    Community Power Resiliency Allocation to Special Districts
In late October, the District applied for a competitive grant that would allow for continuity of services when the power goes out due to public safety power shutoffs (PSPS) or other outages. The purpose of the Community Power Resiliency Allocation to Special Districts Program is to support California special districts with additional preparedness measures in response to power outage events. Of the $50 million overall appropriation for Community Power Resiliency funding, $20 million has been reserved for special district needs. The monies requested would go towards a battery bank and generator to support the District solar project.
•    Electric Vehicles
Staff investigated the cost of electric vehicles and how they could play a role in District activities. Staff was notified by Enterprise Fleet Management (enterprise) that EV (Electric Vehicle) light duty trucks will not be available for a minimum of 2-3 years. Staff was also notified by Enterprise that electric vehicles are not currently cost effective when using a typical vehicle cycle. Attached (Item 9A) is a cost per mile comparison of existing EV’s. Staff is actively working with Peninsula Clean Energy to research incentives that could lower the cost of electric vehicles and the installation of EV charging stations.
CSDA
President Martin and Manger Weber attended the San Mateo County California Special District Association (CSDA) local meeting. Highlights of the meeting included:
•    Presentation by Senate 13 Candidates Josh Becker and Alexander Glew. A debate/discussion took place outlined how each candidate would help Special Districts
•    Colleen Haley (CSDA Bay Area Regional Rep.) highlighted various resources on the CSDA website that are free to members.
Trustee Field Day
•    The December Board meeting shall be designated as a Trustee Field Day in accordance with District Policy 5010.10. Staff will facilitate Zoom meetings with your technicians.
Congratulations
•    To Tina Sebay on her retirement. It has been an absolute pleasure working with her. Tina has been with the District for over sixteen years. Tina was a huge asset to the District and bridged the gap between Operations and the Laboratory. We wish her well in her new ventures.

######




Information Technology

Monthly Program Report

 

October 2020

Cybersecurity Awareness

Summary

San Mateo County Civil Grand Jury Report on Ransomware.

Assessment of the district’s preparedness based on the Grand Jury Report recommendations.

Grand Jury Report on Ransomware

On October 7, 2020, the Grand Jury of San Mateo County released a report to highlight the risks and impact of ransomware to government entities in the county of San Mateo. In short, the report recommends an internal review of a government entity’s security systems and plans, by applying some of the best practices the grand jury compiled through its research and investigations on the topic.

Recommendations:

     Report request on system security, backup, recovery, and prevention by November 30, 2020.

     Report provided to governing body by June 20, 2021

     (Optional) Request Cybersecurity review from U.S. Department of Homeland Security and/or cyber hygiene assessment from County Controller’s Office.

     Develop Cybersecurity Plan, based on Federal Communications Commission (FCC) Cybersecurity Planning Guide.

Best Practices:

The grand jury best practices are based on in-depth interview with a private enterprise IT Manager and professional literature. These recommended best practices are repeated in several variations throughout the report, of which this district program report organizes into three (3) areas and nine (9) sub-areas: prevention, protection, and mitigation.

Prevention

Firewalls and Firewall-Related Services

     Utilizing multiple layers of defense

     Using firewalls to protect internal environments from breaches.

     Filter incoming email for viruses, malware, and phishing attempts.

Anti-Virus / Anti-Malware

     Using malware detection software to monitor incoming emails and network activity.

     Install Anti-malware / Antivirus software on all machines and keep current (update at least monthly).


 

Maintanence

     Keeping systems up-to date.

     Anti-Malware definitions need to be constantly updated to retain their effectiveness.

     Software updates need to be kept current.

     Update at least monthly, patches for operating systems, firewalls, spam filters, malware, and other key applications.

Account Protection

     Strengthen the password policy (long, complex, with expiration dates).

     Employ 2-factor authentication (password then keycode) for external user access.

User Awareness

     To identify external emails, message rules can be used to flag external emails and thereby decrease the probability that a user clicks on bad content.

     To thwart phishing attempts, footers can be added to incoming emails to warn about opening attachments and clicking on links.

     Ensuring that users are educated and tested to learn what to watch for and avoid, especially in emails;

     Security training, awareness and assessmentneed to be routine along with testing all employees to recognize, delete and report attempted attacks.

                                                        Protection Diversity

Utilizing multiple layers of defense

     Utilizing protection software from multiple vendors

     Consider cloud-hosting of email and other applications to provide added security, backup & restore capabilities and filtering benefits to close the largest and easiest route for Ransomware to penetrate entity systems.

Backups

     Establishing a thorough and comprehensive backup process for all Servers using the 3-2-1 rule (three backups into two different media, including one offsite) and establishing a separate backup process for key users’ critical folders (e.g. administration, accounting, human resources) to be able to restore/recover from a secure onsite and/or offsite backup.

     Snapshots and/or image backups provide the most complete backup and the fastest recovery option.

Recovery

     Developing and fully testing a thorough backup and restore strategy to enable a complete recovery from an attack;


 

Perform Backup & Recovery (focus on full testing of recovery);

                                                         Mitigation Separation

       Putting in place internal controls such as subnets, which require departmental authorization to access other department’s data or programs.

       Use Subnets to section out servers with separate security permissions and limited access.

       Disable and block unused services, protocols and ports.

Monitoring

       Perform monitoring and auditing of failed logins, password changes, resource usage, and services stopping.

Security State of the District

Many of the best practices cited in the Grand Jury report have been implemented at the district approximately 8-9 years ago, and most of systems in place have been updated and/or replaced over time. The district demonstrated its resilience to cyber threats in 2016, when ransomware encrypted district files. The district was able to “clean” and restore files to approximately 8 hours prior to the encryption.


Current Practices

The district currently maintains a hybrid of on-premise and cloud-based technologies. Plans are also to leverage more cloud services. As suggested by the grand jury report, security for many of these cloud-based services are more robust and comprehensive, the maintenance for which is included in the service subscription costs.

Prevention

Firewalls have been put in place at both district sites. The district also subscribes to firewall-based services, such as filtering Internet traffic, emails included, of known viruses, malware, illicit content, and other cyberthreats. In addition, desktops and laptops also have antivirus software installed for prevention at the endpoints.

Automatic updates are enabled where available, particularly for antivirus and operating system updates. Routine checks are performs, in case devices did not run updates as expected. For updates that cannot be set to run automatically, such as device firmwares, those updates are performed twice a year, or when a critical update is announced by the device manufacturer.


 

Workstation passwords have been set to expire after 90 days. The district is also implementing multi-factor authentication for their cloud service, where applicable.

User awareness is generally good, due to the prevalence of “spam” emails and phone calls attempting to phish for personal information or install malicious software. Staff generally ignore and delete such emails or phone calls. Some emails have been reviewed and shared as educational opportunities to reinforce staff awareness on such threats.

Protection

The district employs multiple layers of “defense”, from multiple vendors, along with cloud-based email and storage services, as suggested among the grand jury report’s best practices. These include, but not exclusive to, firewalls, firewall threat protection services, antivirus software, and mobile device management.

Server-connected workstations, and critical servers, are backed up three times, in three locations, one of which is off-site: locally, on a separate server, and into a cloud location. Backups are set to run twice daily to some, and nightly to the cloud location. The cloud location maintain historical images of backups for up to 30 days. While not preventative of Ransomware 2.0 that can affect backup files, it can allow the district to recover unaffected files pre-dating the ransomware.

Mitigation

The district firewalls have only necessarily ports and services enabled. Most vendors and online services use conventional ports to communicate with devices or applications in the district. However, when a non-standard port is requested, vendors or other services must request approval, and justify the need for additional ports to be opened.

Additionally, the district network is separated so that wireless users – mostly field staff – can access their online services and the internet, but do not have access to the on-premise servers. The on-premise servers are subsequently partitioned, and access to sensitive partitions are limited to staff that require access to those partitions (i.e. Finance to financial drive partition.)

Considerations

In addition to the San Mateo County Civil Grand Jury’s cited best practices, the district will consider seeking an independent assessment of its system

Prevention

With repect to software updates, frequency of manual updates can be increased, as suggested by the Grand Jury’s cited best practices. Manual updates to maintain good, complex password, however, is a general challenge that many in the cybersecurity industry grapple with, one which adding a second-factor authentication does not completely address. The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) continue to address the “human factor” to this challenge, identifying ways to address easy to remember and complexity. The district is actively exploring methods that balance complexity and ease of use, in addition to the multi-factor authentication for all users and accounts.


 

Despite the prevalence and general staff knowledge, more formal staff training and testing, as suggested by the grand jury report, can certainly help to reinforce, and to quantify user awareness and ability to recognize cyber threats. There are now many educational providers with sophisticated tools to test users on their ability to identify threats. The district will consider subscribing to one of these providers for cybersecurity education and testing for users.

While flags and footers of external emails may be good practice to alert staff of potentially malicious messages, it is the opinion of this IT Director that the number of false positive alerts erodes the efficacy of these alerts and can cause, if not already causes, alert fatigue. Such alerts should be employed when better rules are developed to reduce the number of false positives, and indicate true areas of discrepancies. For example, identifying links to “Microsoft secure messages” that do not direct a user to an actual Microsoft website.

Protection

The district will consider performing regular test of full recoveries, as suggested by the grand jury report’s best practices. These can be very time consuming, so frequency may need to be balanced with resources and availablility. The district may consider full recoveries less frequently, and interim subset recoveries of critical systems.

The district will also consider extending backups to more than 30 days. There is more to understand about Ransomware 2.0, how it affects backups, how backup providers are addressing this threat, and what practices the district should implement. Beyond the grand jury report best practices, the district may want to consider cloud-to-cloud backups as well.

Migation

The district may review additional separation of applications and the district network. More importantly, the district will look into monitoring tools and auditing services that can alert staff to unusual activity or potential threats to the system.

Cybersecurity Planning

As recommended by the Civil Grand Jury report, the district will work on a Cybersecurity Plan. This will be a living document that should be reviewed and updated regularly, especially as new threats, security applications, and monitoring tools become available. As healthcare and public health systems are being targeted in this current climate where healthcare resources are needed to combat the Covid-19 pandemic, it is important to keep current on ways to combat cyberthreats.

Resources:

San Mateo County Civil Grand Jury. Ransomware: It is Not Enough to Think You are Protected. October 7, 2020. [http://sanmateocourt.org/documents/grand_jury/2019/ransomware.pdf]

Department of Homeland Security, Cybersecurity & Infrastructure Security Agency, National Cyber Awareness System. Alert (AA20-302A): Ransomware Activity Targeting the Healthcare and Public Health Sector. October 28, 2020 (Revised November 2, 2020). [https://us-cert.cisa.gov/ncas/alerts/aa20-302a]

Donald E. Hester. MISAC Ransomware Prevention (Webinar). February 12, 2020. 

https://www.brighttalk.com/webcast/17235/383521/misac-ransomware-prevention

Kaspersky. What are the different types of ransomware? No Date. 

https://www.kaspersky.com/resource-center/threats/ransomware-examples

Mike Garcia. Easy Ways to Build a Better P@$5w0rd. October 4, 2017 

https://www.nist.gov/blogs/taking-measure/easy-ways-build-better-p5w0rd

Dmitry Dontov. The Future of Ransomware 2.0 Attacks. June 5, 2020.

https://www.forbes.com/sites/forbesbusinesscouncil/2020/06/05/the-future-of-ransomware-2-0-attacks/?sh=705f17604dc9

#######


Public Health Education and Outreach Program
October 2020

•    During October 2020 there were 5,170 visits to the District website, a decrease of 2% compared to September. Web traffic will continue to decrease through the fall and winter before rising again in the spring. Traffic to the employment and job posting pages was higher than usual due to the posting of the Vector Ecologist job, while traffic to yellowjacket and wasp pages is has finally started decreasing as summer ends.

•    Top 10 website pages during October 2020:
1.    Homepage    6. Biting Mites
2.    Other Mosquito-Like Insects    7. Media Release: Dead Bird is First Indication...
3.    Mosquitoes and Midges (blog post)    8. Employment
4.    Current Openings    9. Rodents (ID & Info)
5.    Job Announcement: Vector Ecologist    10. Online Service Request Form

•    Email campaigns in October 2020:
•    October 2020 newsletter: 1,336 recipients, 38% opened, 1% clicked a link

•    Compliments from the resident survey in October:
•    “Excellent service provided: prompt response to online request; polite and professional service by a congenial and knowledgeable expert who provided clear information regarding our problem, what she was going to do to mitigate it and any further help we could request if necessary; quick handling of the problem; no damage to plants or debris left behind.”

•    “Thank you for this opportunity to give feedback. I was so pleased and impressed with the rapid and expert assistance from the county service. I received a call within less than a day of sending a request email and the assessor came within less than an hour to evaluate the yellow jacket issue - immediately determined the problem and treated on the spot. Thank you very much. I am waiting 1 week to make sure the yellow jackets are gone before proceeding further with backyard landscape work. I appreciate the help.”

•    “I submitted the request on Sunday and Monday early afternoon the doorbell rang. Was delighted at the fast response and the guy who came knew what he was doing and was friendly and polite.”

•    Pests, vectors, and vector-borne disease in the news in October 2020:

•    Family escapes swarm of yellowjackets thanks to strangers. Oct. 7th, 2020
(https://bit.ly/30L8VeK). In Kentucky, hikers faced an emergency situation when one member of their group developed an allergic reaction to a yellowjacket sting and another sprained her ankle trying to escape the yellowjackets. Life-threatening allergic reactions to insect stings can occur even in people who have not been allergic in the past.

•    Residents on high alert after video shows third mountain lion sighting in San Mateo. Oct. 18th, 2020 (https://abc7ne.ws/31iO8zC). Although mountain lions are larger than most backyard wildlife, the advice for dealing with them remains the same. Avoid feeding them – in this case, by attracting deer to your property – and give them plenty of space when they pass through your yard.

•    Marauding raccoons tearing up lawns in Santa Clara neighborhood. Oct. 19th, 2020 (https://bayareane.ws/2T5u13o). Raccoons can cause a variety of issues in residential neighborhoods in their search for food and shelter. Damage to lawns can be prevented by eliminating grubs – a potential food source for raccoons – from the lawn using beneficial nematodes.

•    Raccoons Break into Redwood City Bank, Make Themselves Completely at Home. SFist.com, Oct. 20th, 2020 (https://bit.ly/34iOQ1D). A local bank is reminded of the need to seal up openings and trim trees back from rooflines after two marauding raccoons break in.

•    ‘Wild Animals Are Not Pets’: Tynette Housley Fined $1,000, Admits to Raising Deer That Gored Neighbor. 4CBS Denver, Oct. 20th, 2020 (https://cbsloc.al/2Tflwmg). Feeding deer may seem harmless, but allowing any wild animal to become habituated to humans can be dangerous. In Denver, a hand-raised deer attacked and injured a resident, causing serious injury.

•    Gerald the turkey that terrorized Oakland has been captured. Mercury News, Oct. 22nd, 2020 (https://bayareane.ws/2TkP7Lu). While this wildlife story has a happy ending (Gerald was relocated to an area with fewer people), feeding wildlife often results in the animal being euthanized.

•    First 'Murder Hornet' Nest In U.S. Is Found In Washington State. NPR, Oct. 23rd, 2020 (https://n.pr/3e0asDq). Efforts to locate and destroy an Asian giant hornet nest in Washington have finally been successful. A regular bee suit isn’t protective enough against these wasps’ long stingers; a special double-thickness bee suit is required.

#####
Operations Report November 2020





####
October Laboratory Report





###

Back To PRRiechel.com
Editor:  Robert Riechel       Contact      WEB:  www.PRRiechel.com       Copyright 2020