CORPORATION OF THE TOWNSHIP OF ESQUIMALT - File #: 24-126

• File #: 24-126
• Version: 1
• Type: Staff Report
• Status: Passed
• File created: 2/26/2024
• In control: Council
• On agenda: 3/18/2024
• Final action: 3/18/2024
• Title: Grant Application - Cybersecurity Tabletop Exercise, Staff Report FIN-24-008

Date	Ver.	Action By	Action	Result
3/18/2024	1	Council	approved	Pass

TOWNSHIP OF ESQUIMALT STAFF REPORT

MEETING DATE:  March 18, 2024                     Report No. FIN-24-008

TO:                       Council                                          

FROM:                      Ian Irvine, Director of Financial Services and Information Technology

SUBJECT:                      Grant Application - Cybersecurity Tabletop Exercise

RECOMMENDATION:

Recommendation

That Council direct staff to submit a grant application for $7,000 to the Community Emergency Preparedness Fund - Emergency Operations Centres Equipment and Training Stream and authorize staff to execute any agreements related to a successful grant application, as outlined in Staff Report No. FIN-24-008.

Body

EXECUTIVE SUMMARY:

This grant application has been completed to seek support for a cybersecurity tabletop exercise that is essential for enhancing the Township’s resilience, improving incident response capabilities, and fostering a proactive security mindset. As part of the application process, UBCM requires a Council resolution confirming their support for the project.

BACKGROUND:

The Community Emergency Preparedness Fund (CEPF) is a suite of funding programs intended to enhance the resiliency of local governments and their residents in responding to emergencies. Funding is provided by the Province of BC and is administered by the Union of BC Municipalities (UBCM). The funding stream being applied for is “Emergency Support Services - Equipment and Training.”

The Township has never dealt with a cybersecurity incident; thus staff has no experience going through this process. This exercise represents a training opportunity for staff and will result in an assessment of the Township’s readiness in handling various cyber threats.

ANALYSIS:

The primary objective of this project is to conduct a cybersecurity tabletop exercise to assess the Township’s preparedness against potential cyber threats. This exercise will be facilitated by a third-party consultant specializing in cybersecurity. The exercise is expected to provide valuable insights into our cybersecurity posture and will help the Township understand its cyber threat response readiness, identify gaps in its current procedures, and develop action plans to enhance its cybersecurity framework.

The consultant will play a crucial role through the design and facilitation of simulated cyber threat scenarios that the Township’s internal team will respond to as if it were a real-life situation. The consultant will observe our responses, provide expert analysis and recommendations, and facilitate discussions to identify areas of strength and opportunities for improvement.

The scope of the exercise will include, but not be limited to, the following areas:

•                     Incident response procedures

•                     Threat detection capabilities

•                     Data breach scenarios

•                     Disaster recovery and business continuity plans

•                     Employee awareness and training

The participants will consist of the Township’s Information Technology department as well as representatives from other relevant departments such as human resources, risk management, and operations. The Township will also invite members of other regional municipalities and First Nations to attend as observers so we can maximise the project benefits.

OPTIONS:

1.                     That Council direct staff to submit a grant application for $7,000 to the Community Emergency Preparedness Fund - Emergency Operations Centres Equipment and Training Stream and authorize staff to execute any agreements related to a successful grant application, as outlined in Staff Report No. FIN-24-008.

2.                     That Council does not provide a resolution in support of the Community Emergency Preparedness Fund application.

COUNCIL PRIORITY:

Good Governance and Organizational Excellence

FINANCIAL IMPACT: 

The total anticipated cost of the exercise is approximately $7,000. If the grant is not successful, the exercise will still be performed, and the Township will then seek to recover the costs from the Risk Management Grant program through the Municipal Finance Authority. In either case, the exercise will be funded through external sources and will not require any additional taxation to complete.

COMMUNICATIONS/ENGAGEMENT: 

The Information Technology Manager will collaborate with an external consultant to plan the exercise, arrange the sessions, and extend invitations to all relevant parties as identified in the analysis.

TIMELINES & NEXT STEPS:

After Council passes a resolution, the application will be considered complete and preparations will commence in the hopes of performing an inaugural cybersecurity exercise during the third period of 2024. The exercise is scheduled to take place over a one-week period and will include, in addition to the exercise, pre-exercise briefings, post-exercise debriefings, and report generation.

REPORT REVIEWED BY:

1.                     Deb Hopkins, Director of Corporate Services, Reviewed

2.                     Dan Horan, Chief Administrative Officer, Concurrence

LIST OF ATTACHMENTS: 

There are no attachments to this report.