Marin County Civil Grand Jury
The Marin County Civil Grand Jury recently released a report on the threat of cyberattacks on Marin County Government. A complete copy of their report is attached and can be accessed by CLICKING HERE.
A summary of their findings are as follows:
Local governments are targets of opportunity for cybercriminals. Hackers seek unauthorized access to computer networks so they can install ransomware, steal personal information, benefit from fraudulent payments, and disrupt government operations. As our government agencies become more reliant on online systems and remote work capabilities, cybersecurity awareness and best practices are increasingly critical.
Unbeknownst to the public, the Marin County government and most of Marin’s municipalities have suffered financial frauds or debilitating network breaches in recent years. The county lost almost $250,000 in a wire fraud scheme in 2018. More than half of Marin’s 11 cities and towns—Corte Madera, Fairfax, Larkspur, Novato, Sausalito, and Tiburon—have fallen victim to successful breaches, and these are just the ones disclosed to the Marin County Civil Grand Jury.
Our government leaders have not disclosed most of these incidents to other Marin agencies or the public, leaving us under informed and underprepared.
The Grand Jury’s recommendations include the following:
- The county should take a lead role in sharing cybersecurity information and best practices with Marin’s cities and towns.
- Cities and towns should implement basic prudent cybersecurity practices, including user training, email filtering, password management, and backups.
- The county and each city and town council should hold public discussions, at least annually, on their cybersecurity measures, which would also raise awareness among residents and local organizations on ways to improve cybersecurity.
- If the county or a municipality experiences a breach, it should promptly notify federal law enforcement and disclose the breach publicly.
- Municipalities should pursue shared cybersecurity services, where feasible, to lower costs and raise their level of security.
The Grand Jury focused its investigation on the security of the computer systems used by Marin's county and municipal governments. This investigation did not attempt to assess the cybersecurity posture of other Marin agencies, but the Grand Jury recommends that all of them undertake a comprehensive review of their cybersecurity practices, if they have not done so already.