Agenda

Return

C. 37

To:	Board of Supervisors
From:	Marc Shorr, Chief Information Officer
Date:	February 4, 2020

Contra

Costa

County

Subject:

Restore Critical Services and Purchase Software Licenses for the County Library

APPROVE	OTHER
RECOMMENDATION OF CNTY ADMINISTRATOR	RECOMMENDATION OF BOARD COMMITTEE

Action of Board On: 02/04/2020

APPROVED AS RECOMMENDED

OTHER

Clerks Notes:

VOTE OF SUPERVISORS

AYE:

John Gioia, District I Supervisor
Candace Andersen, District II Supervisor
Diane Burgis, District III Supervisor
Karen Mitchoff, District IV Supervisor
Federal D. Glover, District V Supervisor

Contact:	Marc Shorr 925-608-4071
cc:	CAO-Muni Svcs Deputy CAO Analyst

I hereby certify that this is a true and correct copy of an action taken and entered on the minutes of the Board of Supervisors on the date shown.
ATTESTED: February 4, 2020
David Twa,

BY:	, Deputy

RECOMMENDATION(S):

APPROVE and AUTHORIZE the Chief Information Officer, or designee, to move forward with an emergency purchase for the County Library in an amount not to exceed $475,000, to restore critical services and implement a secure email environment by doing the following:

Engage Microsoft Incident Response Team to remediate and perform recovery work from the ransomware attack on the Library’s network.

Procure Office 365 licensing for the Library staff, so they are in a more secured email environment.

FISCAL IMPACT:

The cost for Microsoft Incident Response Team is $125,000 for the first week and $112,000 for an additional week if necessary. The cost for migrating the Library to Microsoft Office 365 is as follows:

$28,000 for remainder of year 1 Enterprise Agreement
$105,000 for year 2
$105,000 for year 3

BACKGROUND:

On January 3, 2020, the Library sustained a Ransomware attack on their administrative network. Library staff are unable to access any files stored on their servers. The attack also affected their ability to receive and send email. In addition, the Wi-Fi network was damaged, making it inaccessible to staff and citizens utilizing Library locations. The Microsoft Incident Response Team will assist DoIT in its investigative process and restore the Library’s infrastructure back to a healthy state. The next step will be to migrate Library staff to Office 365, which will give them the ability to utilize email and increase both the security and resilience of their business files.

CONSEQUENCE OF NEGATIVE ACTION:

The Library’s infrastructure would be at risk of another possible attack. Critical Services would take longer to restore, causing further service impacts to citizens.