Subject:
Title
Cyber forensic team service agreement for data incident response services
label
Recommended Action:
Recommended Action
Approval and execution by the County Administrator of the cyber forensic team service agreement with Charles River Associates (CRA) for data incident response services.
• Services provide for a pre-approved negotiated agreement for a cyber forensic team if needed, enabling engagement of services from CRA immediately should a cyber incident occur. The team will work under the direction of the County’s cyber incident counsel, Mullen-Coughlin LLC (approved via Legistar No. 21-908D), and Business Technology Services (BTS).
• CRA will assist Mullen-Coughlin and BTS with privileged consultation and analysis in the above-referenced matter. The team’s objective is to minimize any disruption to County systems and assist in the restoration of services using their specialized services.
• The agreement limits the initial cost to the County to $250,000.00 on an as needed basis. No liability shall be incurred by the County, or any department, beyond the $250,000.00, unless amended in writing by the parties and only if an incident occurs. Fees paid under this agreement will be funded from the Risk finance operating fund during an actual event.
• The term of the agreement remains in full force and effect until resolution of a cyber matter or unless otherwise terminated or extended. No funds will be expended unless forensic team is engaged due to a cyber incident.
Body
Strategic Plan:
Ensure Public Health, Safety, and Welfare
2.1 Provide planning, coordination, prevention, and protective services to create and enhance a safe, secure, and healthy community
Deliver First-Class Services to the Public and Our Customers
5.2 Be responsible stewards of the public’s resources
5.3 Ensure effective and efficient delivery of county services and support
Summary:
The purpose of this agreement is to provide a pre-approved negotiated agreement for a cyber forensic team if needed, enabling data incident response services from the cyber forensic team immediately should an incident occur.
Background/Explanation:
The County was covered for $15M in cyber liability through Chubb Insurance Co. to March 1, 2022. Due to deterioration of cyber insurance market, the County was only able to obtain a quote for $1M in coverage with a $1M deductible. It was determined by Technology Steering Committee that cyber coverage would not be renewed due to low limit offered.
Establishing this agreement with a cyber forensic team gives the County the ability to react immediately to a cyber incident without cyber coverage. The cost for the forensic services would not be covered by insurance (ex., had the County purchased the $1M cyber insurance policy, the services covered under this agreement would likely not exceed the $1M deductible). Should the County acquire cyber insurance in the future, it is to the County’s advantage to have an established agreement in place. Cyber insurers typically rely on a forensic team during an event. The CRA was a team that BTS is familiar with and approved by the prior cyber insurance carrier. Risk will confirm that the CRA is an approved vendor with a new insurance carrier should the cyber market improve in the future.
Upon execution of this agreement, Risk and BTS will have in force the agreements and specialists needed to respond to a cyber incident. When a cyber breach occurs, time is of the essence in order to mitigate damages. There will be no delay in response time resulting from the process of creating and approving an agreement during an actual event due to having these agreements in place in advance.
Fiscal Impact:
Amount not to exceed: $250,000.00
Fees paid under this agreement will be funded from the Risk Financing Fund (5005) in an actual event. It is not currently budgeted for in Fiscal Year 2023.
Delegated Authority:
Authority for the County Administrator to sign this agreement is granted under Code Section 2-62 (a)(1).
Staff Member Responsible:
Jeff Rohrs, Chief Information Officer, Business Technology Services
Merry Celeste, Division Director, Purchasing & Risk, Administrative Services
Joe Lauro, Director, Administrative Services
Partners:
N/A
Attachments:
Agreement