LTC 098-2022 Addressing Cyber Security Threats Through Training and Exercises098-2022
MIAMI BEACH
OFFICE OF THE CITY MANAGER
NO . LTC# LETTER TO COMMISSION
TO:
FROM:
DATE :
Mayor Dan Gelber and Members of the City Commission
Alina T. Hudak, City Mana~
March 11 ,2022 LJ' 1 ~
SUBJECT: Addressing Cyber Security Threats Through Training and Exercises
The purpose of this L TC is to advise you of the combined efforts of the Information
Technology (IT) Department and the Fire Department Division of Emergency Management
(DEM) to improve cyber security awareness , identify vulnerabilities in our IT substructure
and ultimately increase our readiness for and prevention of attacks.
As part of overall cyber resilience activity, the Information Security team in IT are working
with DEM to conduct a series of exercises aimed at identifying cyber security gaps,
increasing threat awareness and finding solutions for City offices to resume operations
as quickly as possible should an attack occur.
On March 7, 2022 a computer-based survey went out to all City departments and
divisions, including the Charter offices. The 15-question survey is designed to assess the
understanding of existing systems, awareness of potential threats and the level of
planning that may address outages and attacks. Once the information from the surveys
is collected, IT and DEM will conduct virtual tabletop exercises (VTTX) to be held in early
April. The objectives for the exercises are:
1. Improve the understanding of potential impacts and cascading effects that
cyber intrusions can cause on each department and the City of Miami Beach
government and community.
2. Examine current cyber incident response policies, plans, and protocols, (per
department and citywide) and identify potential shortcomings or gaps.
3. Assess the preparedness of staff to respond to and manage cybersecurity
incidents.
4. Identify alternative methods of service that meet city standards and regulatory
requirements in the event of a widescale cyber security incident.
5 . Explore inter-organizational information sharing and collaboration mechanisms
within Miami Beach during a cyber incident.
This will be the first of reoccurring exercises that will be held periodically, like the annual
hurricane exercise . Exercises comprise an integral part of the broader preparedness
process by testing response and recovery plans to insure they are realistic and well-
coordinated.
C: Executive Staff
Management T earn
ATHNF/FQ/ JRM/shl