Agenda Item   

AGENDA STAFF REPORT

 

                                                                                                                        ASR Control  24-000553

 

MEETING DATE:

07/23/24

legal entity taking action:

Board of Supervisors

board of supervisors district(s):

All Districts

SUBMITTING Agency/Department:

County Executive Office   (Approved)

Department contact person(s):

KC Roestenberg (714) 567-5075 

 

 

Ed Althof (714) 834-3069

 

 

Subject:  Approve Amendment to Contract to add Cybersecurity Incident Response Services

 

      ceo CONCUR

County Counsel Review

Clerk of the Board

          Concur

Approved Agreement to Form

Discussion

 

 

3 Votes Board Majority

 

 

 

    Budgeted: Yes

Current Year Cost:   $252,000

Annual Cost: N/A

 

 

 

    Staffing Impact:

No

# of Positions:            

Sole Source:   No

    Current Fiscal Year Revenue: N/A

   Funding Source:     Fund 289: 100% (OCIT Countywide Services)

County Audit in last 3 years: No

   Levine Act Review Completed: Yes

 

    Prior Board Action:         9/13/2022 #27

 

RECOMMENDED ACTION(S):

 

 

Authorize the County Procurement Officer or Deputized designee to execute Amendment No. One to amend Contract with Dell Marketing L.P. for Microsoft Unified Support Services in an amount not to exceed $252,000 commencing October 20, 2024, through October 19, 2025, for a revised cumulative contract total amount not to exceed $1,083,462.

 

 

 

SUMMARY:

 

Approval of the contract amendment will provide professional services for cybersecurity incident response to help assess and remediate the impact to County systems and ensure ongoing availability of the County’s investment in Microsoft products.

 

 

 

 

BACKGROUND INFORMATION:

 

In October 2023, the County experienced a cybersecurity incident at one of its agencies. An external bad actor gained unauthorized access to the agency’s Active Directory data, which effectively compromised access to the agency's Information Technology (IT) infrastructure, systems, servers, email, and devices. The County's Chief Information Officer (CIO) ordered the immediate block of all network connectivity to the agency's IT environment to mitigate the potential of any associated risk to all other County agencies. A second, potentially impacted agency was also blocked from interfacing with the County network. In the course of mitigating the incident, the impacted agencies and Orange County Information Technology (OCIT) sought the assistance of external professional service organizations (consulting, legal, and technical) to assess and remediate the impact to the affected systems. Contracting with these professionals was on a reactive basis (after the incident had occurred), which took time to craft, review, and execute agreements.

 

On September 13, 2022, the County Board of Supervisors (Board) authorized OCIT to execute a contract with Dell Marketing L.P. (Dell) for Microsoft Unified Support Services (MUSS) to provide extended support and professional services for existing Microsoft-based products. To be able to quickly receive cybersecurity incident response services, OCIT is requesting approval to amend the current MUSS contract with Dell to add pre-paid support hours required as a retainer for Microsoft’s Detection and Response Team (DART), which includes a team of Microsoft engineers with a deep knowledge of cybersecurity as it relates to Microsoft products. The cost to add the prepaid minimum support hours is $75,600 for 120 hours. In addition to the prepaid support hours, OCIT is requesting to add a limited pool of money known as “Reserved Dollars” in an amount not to exceed $176,400 to cover additional support hours if needed. 

 

The cost breakdown is reflected in the table below:

 

Description 

Hours

Unit Cost

Total

 

Existing Unified Support Services

N/A

N/A

$831,462

 

Cybersecurity Incident Response Add-on

120

$630/Hr.

$75,600

 

Reserved Dollars

280

$630/Hr.

$176,400

 

Cumulative Contract Total Amount Not to Exceed: 

$1,083,462

 

 

In addition to adding DART professional services, OCIT is taking a proactive approach to support its recent firewall investment with Palo Alto Networks (Palo Alto). Similarly, Palo Alto has a cybersecurity incident response team (Unit 42). Since Unit 42 pre-paid support hours do not exceed the County Contract Policy Manual (CPM) established monetary threshold for Board approval, the contract is not included in the recommended action; however, it is noted here for the Board’s awareness.

 

The Orange County Preference Policy is not applicable to this contract amendment.

 

OCIT now requests Board's approval to execute the conttract amendment to add professional services for cybersecurity incident response.

 

 

 

 

FINANCIAL IMPACT:

 

Appropriations for this contract has been included in the FY 2024-25 Budget for Fund 289, OCIT Countywide Services, and will be included in the budgeting process for future years.

 

 

STAFFING IMPACT:

 

N/A

 

 

 

ATTACHMENT(S):

 

Attachment A – Amendment Number One to Contract MA-017-23010189
Attachment B – Contract Summary Form