Grand jury makes cybersecurity recommendations for special districts
By Santa Ynez Valley Star Staff · Tue Mar 17 2020
By Pam Olsen
for Santa Barbara County Grand Jury
The 2021 Santa Barbara County grand jury has prepared a report about cybersecurity for special districts and county service areas following the 2019-20 grand jury report “Cyber-Attacks Threaten Santa Barbara County,” which focused on the broader county issues.
The report urges the 53 special districts in Santa Barbara County to review their cybersystems to identify cybersecurity threats. The jury urges the special districts and service areas to take all necessary measures to protect their operational data and computer systems.
The jury has proposed a list of best practices for Santa Barbara County special districts to consider identifying, protecting and, if necessary, upgrading their cybersecurity activities to advance the best interests of their consumers.
There are three types of special districts within the county: independent special district, dependent special district and county service area.
An independent special district has its own board of directors, either elected directly or appointed; they make their decisions on activities and budgets independent of any city or county oversight.
A dependent special district is actually run by its respective city council or county board of supervisors.
County service areas (CSA) are different from special districts in that they are also governed by the County Service Area Law (Cal. Govt. Code §§ 25210 et seq) in addition to Cortese-Knox-Hertzberg Local Government Reorganization Act of 2000. There are currently 39 independent special districts, eight dependent special districts, and six community service areas in the county.
Press accounts have reported cybersecurity breaches across the U.S. including the two-day shutdown of a part of Colonial Pipeline’s oil distribution system on the East Coast in early 2021, which reportedly cost the company more than $2 million in ransom payments.
Costly or potentially even deadly cyberattacks also impacted, among many other business and government entities, police departments, water distribution systems, a major national meatpacking company, and hospital systems. California had the highest percentage of attempted health-care system hacks, with 21% of the nationwide total.
These intrusions can be expensive to correct. Even when ransoms are paid, the breached or maliciously encrypted systems must be reconfigured or even rebuilt entirely. Moreover, there remain potential financial liabilities for critical infrastructure businesses like utilities, as well as financial institutions, to their customers.
It, therefore, is incumbent upon the special districts to take whatever proactive steps possible to reduce the threats and thereby mitigate the damaging consequences.
To assess the readiness of special districts in Santa Barbara County, the jury interviewed a representative sampling of Santa Barbara County special districts and municipal officials, as well as private industry internet technology and cybersecurity experts. The jury also reviewed informative articles, reports, and official publications dealing with the subject of cybersecurity.
There are at least three U.S. agencies that address cybersecurity crime. Special districts are encouraged to access these and strengthen their own websites: