The URL can be used to link to this page

Home My WebLink AboutIR 10166 INFORMAL REPORT TO CITY COUNCIL MEMBERS No. 10166 To the Mayor and Members of the City Council June 26, 2018 h�T�i7 Page 1 of 2 �i �i7 Y *a SUBJECT: DATA LOSS PREVENTION AND NETWORK THREAT VISIBILITY #qU f 10,?5 Background: On Tuesday, May 1, 2018 Councilmember Flores requested a future agenda item describing data loss prevention, network visibility, intrusion detection efforts and resources invested in protecting the City's computing assets. Discussion: The City of Fort Worth is investing resources and expanding the Information Security program to improve network visibility and data loss prevention programs. Like all organizations with a large Internet presence, the City experiences constant attempts to compromise computing systems. The Department of Information Technology Solutions (ITS) is continually monitoring and reacting to these attempts. The Information Security staff is comprised of 1 Senior Manager and 3 Analysts. Over a typical 90 day period this staff will: • Block 704,000 attempted vulnerability exploits from the Internet (540,000 towards web servers, 18,000 towards email) • Block 16.9 million brute force password cracking attempts on web applications • Block 3,260 spyware downloads • Block 1 ,350 virus downloads • Block 21,840 attempts from users browsing malware hosting sites • Detect and remediate 232 successful malware downloads • Log 15 million mentions online (2.6 million documents, 206 dark web posting, 13,000 social media posts, 12 million other) • Investigate 76 data leaks with potential credentials compromised • Investigate 18 brand protection cases including 6 brand misuses and 10 phishing sites (Fort Worth domain impersonations) The efforts of staff are supported by equipment and software systems that scan and detect threats as well as automate some response actions when a threat is detected. A summary of these systems is provided in Table 1 . Protection Measure Description Scanning/Intrusion detection . Computer systems accessible from the public Internet are routinely scanned for known vulnerabilities • All network traffic from the public Internet is scanned for source and content to ensure the traffic is secure and business related • Each computer within the network scans files and user activity for potential threats Software Updates . Known vulnerability are published by each software vendor and software updates are issued by the vendor to address the vulnerability. Staff regularly deploy software updates. • Staff regularly upgrade to the latest versions of critical software to ensure the most secure software is being utilized. ISSUED BY THE CITY MANAGER FORT WORTH, TEXAS INFORMAL REPORT TO CITY COUNCIL MEMBERS No. 10166 To the Mayor and Members of the City Council June 26, 2018 h�T�i7 Page 2 of 2 �i �i7 Y *a SUBJECT: DATA LOSS PREVENTION AND NETWORK THREAT VISIBILITY #qtF rn 10,?5 Data Loss Prevention • Cyber attackers attempt to transmit data from compromised systems out to the public Internet. Outbound network traffic is scanned for this malware activity and automatically blocked if detected. • Email content is scanned for sensitive information (e.g. SSN, DL#, credit card numbers, etc). Logging • Critical actions/events on servers and equipment are logged and collected. Time stamp, action/event details, and user account information is logged. • Examples include log in success and failures, account lockouts, software errors, and configuration changes. Threat Intelligence . Active participants in the Multi-State Information Sharing and Analysis Center • Scanning the open, deep and dark web to protect the City of Fort Worth brand and digital assets • Scanning social media outlets to protect the City of Fort Worth brand, digital assets and identify potential threats • Initiating takedown when unauthorized content is found Training . New employees receive training on appropriate use of City technology resources and information security awareness training. • All employees receive annual refresher training on information security awareness. • Employees working with sensitive information such as credit card, health information and criminal justice information receive additional training for protection of sensitive information. Conclusion: ITS employs multiple technologies to disrupt would-be cyber attacks and protect the City's computing systems. The attack attempts are constantly evolving as staff react to new threats and attackers adapt to new countermeasures. Staff continually evaluate the effectiveness of countermeasures and recommend new technologies as necessary. Questions about this report can be directed to Kevin Gunn, Director of Information Technology Solutions Department. 817.392.2015 David Cooke City Manager ISSUED BY THE CITY MANAGER FORT WORTH, TEXAS