Rise and Report (Items Released from Closed Meeting)

36954124

Board and Information Services Tel. 604 432-6250 Fax 604 451-6686

Rise and Report (Items Released from Closed Meeting)

On January 31, 2020, the attached report dated January 22, 2020 titled “Metro Vancouver Cybersecurity” was authorized by the Metro Vancouver Regional District (MVRD) Board of Directors to be released to the public:

Metro Vancouver Cybersecurity

On January 31, 2020, the Metro Vancouver Regional District (MVRD) Board of Directors appointed Dean Rear to the position of Chief Financial Officer and Treasurer for the Metro Vancouver Regional District.

On January 31, 2020, the Metro Vancouver Regional District (MVRD) Board of Directors appointed the 2020 Metro Vancouver representative(s) to external agencies:

• Harold Steves, Richmond, to the Agricultural Advisory Committee;

• Darrell Penner, Port Coquitlam, to the Board of Trustees of the Sasamat Volunteer Fire Department;

• Lois Jackson, Delta, to the Delta Heritage Airpark Management Committee;

• Bill Dingwall, Pitt Meadows, as the nominee to the E-Comm Board of Directors (to take effect at the time of its Annual General Meeting);

• Lois Jackson, Delta, Steven Pettigrew, Surrey, and Petrina Arnason, Township of Langley, to the Flood Control and River Management Committee of the Lower Mainland Local Government Association;

• Jen McCutcheon, Electoral Area A, to the Fraser Valley Regional Library Board;

• Val van den Broek, Langley City and Brenda Locke, Surrey (as the Alternate Representative), to the Fraser Basin Council;

• David Hocking, Bowen Island, and Christine Boyle, Vancouver, to the Fraser Basin Council - Lower Mainland Flood Management Strategy Leadership Committee;

• Neil Belenkie, Belcarra, to the Lower Mainland Local Government Association;

• Malcolm Brodie, Richmond, and Craig Hodge, Coquitlam, (as the Alternate Representative), to the National Zero Waste Council;

• John McEwen, Anmore, and Ron McLaughlin, Lions Bay, to the Pacific Parklands Foundation;

• Darryl Walker, White Rock, and Rob Vagramov, Port Moody, (as the Alternate Representative), to the Western Transportation Advisory Council; and

Rise and Report (Items Released from Closed Meeting) MVRD Board Closed Meeting Date: January 31, 2020 Page 2 of 2

36954124

• the following ten directors and alternate representatives, to the Municipal Finance Authority for 2020, and assign a total of 50 votes with a representative having up to five votes each, as follows:

Representative Alternate Representative Votes

Mary-Ann Booth, West Vancouver Ron McLaughlin, Lions Bay 5

Malcolm Brodie, Richmond Neil Belenkie, Belcarra 5

Linda Buchanan, North Vancouver City Jen McCutcheon, Electoral Area A 5 Jonathan Coté, New Westminster Bill Dingwall, Pitt Meadows 5 Jack Froese, Langley Township Darryl Walker, White Rock 5

George Harvie, Delta Richard Stewart, Coquitlam 5

Mike Hurley, Burnaby Mike Morden, Maple Ridge 5

Kennedy Stewart, Vancouver Sav Dhaliwal, Burnaby 5

Val van den Broek, Langley City Rob Vagramov, Port Moody 5

Brad West, Port Coquitlam John McEwen, Anmore 5

36645965

CLOSED MEETING To: MVRD Board of Directors

From: Performance and Audit Committee

Date: January 22, 2020 Meeting Date: January 31, 2020

Subject: Metro Vancouver Cybersecurity RECOMMENDATION

That the MVRD Board:

a) receive for information the report dated January 22, 2020 titled “Metro Vancouver Cybersecurity”; and

b) authorize the Corporate Officer to release the report to the public.

EXECUTIVE SUMMARY

This report provides an overview of potential cyber threats and counter measures employed at Metro Vancouver.

PURPOSE

To provide the Board with an update regarding the measures taken to ensure cyber security for Metro Vancouver systems.

This matter is being presented at a closed meeting pursuant to Community Charter provision, Section 90 (1) (d) as follows:

“90 (1) A part of a meeting may be closed to the public if the subject matter being considered relates to or is one or more of the following:

(d) the security of the property of the regional district.”

BACKGROUND

At the Performance and Audit Committee meeting of October 10, 2019 a request was made of staff to provide an update on what actions are being taken to protect the information and automated processes at Metro Vancouver. A report was presented to the Performance and Audit Committee at its meeting held on January 22, 2019. The committee directed staff to forward this matter to the Board for information.

CYBER THREATS

There are numerous ways that unethical individuals use to attempt to infiltrate and/or disrupt an IT environment. While these threats are always changing and evolving they are categorized as follows:

Section E 1.1

Metro Vancouver Regional District - Closed

Metro Vancouver Cybersecurity Performance and Audit Committee Closed Meeting Date: January 22, 2020 Page 2 of 4

Spam

The mass distribution of unsolicited messages, advertising to addresses which can be easily found on the Internet through mediums such as social networking sites, company websites and personal blogs.

Spoofing

A website or email address that is created to look like it comes from a legitimate source. An email address may even include your own name, or the name of someone you know, making it difficult to discern whether or not the sender is real.

Hacking

The process by which cyber criminals gain access to your computer. Usually a direct attack at passwords, application programming interface, system access point (APIs).

Phishing

Fake emails, text messages and websites created to look like they are from authentic companies. They are sent by criminals to steal personal and financial information from you.

Viruses

Malicious computer programs that are often sent as an email attachment or a download with the intent of infecting your computer, as well as the computers of everyone in your contact list or everyone on your common network.

Ransomware

There are two common types of ransomware:

• Lockscreen ransomware: displays an image that prevents you from accessing your computer.

• Encryption ransomware: encrypts files on your system's hard drive and sometimes on shared network drives, USB drives, external hard drives, and even some cloud storage drives, preventing you from opening them.

Ransomware will display a notification stating that your computer or data have been locked and demanding a payment be made for you to regain access. Sometimes the notification states that authorities have detected illegal activity on your computer, and that the payment is a fine to avoid prosecution.

Denial of Service Attacks

Malicious users get a large network of computers to sabotage a specific website or server.

The attack happens when the malicious user directs all the computers to contact a specific website or server over and over again. That increase in the volume of traffic overloads the website or server causing it to be slow for legitimate users, sometimes to the point that the website or server shuts down completely.

Metro Vancouver Cybersecurity Performance and Audit Committee Closed Meeting Date: January 22, 2020 Page 3 of 4

CYBER SECURITY BEST PRACTICE RESPONSE

The best response to these types of attacks is a multi-pronged response system as each threat can require its own unique solution. Given the sensitivity of this information this report will only cover the responses at a very high level. Metro Vancouver has an IT Usage Policy which includes IT network security. These are being updated and included in a IT Cyber Security Policy. Below are the ways that IT ensures our data is safe and our systems keep operating:

Multiple Networks

Metro Vancouver maintains several different and distinct networks for different systems.

Mission critical systems operate on an ultra-secure network that has no access to and from the internet.

Modern AI (Artificial Intelligence) Firewalls /Metro Cloud

In support of the numerous networks, Metro Vancouver utilizes state of the art firewall systems that detect and report abnormal activity to the IT Network and Server teams via instant messaging and emails. The firewalls are patched regularly and are replaced as per the IT Digital Strategy every few years, or as needed.

Effective Back Ups

One of the most cost effective ways to protect against most of the threats noted above are regular and best practice back-up processes. This is particularly useful in defense against viruses, malware and ransomware attacks. At Metro Vancouver we use an incremental backup process that records both the base data and daily changes and we store our backups off site.

Staff Training

All of the best electronic and automated techniques can be defeated if staff aren’t appropriately trained on potential threats and fraudulent techniques. Metro Vancouver has implemented a half day Cyber Training course that initially was targeted at all staff and managers who can authorize payments, issue contracts or could adjust payroll or benefits.

This has now been expanded to be available to all Metro Vancouver staff.

Password Management and Two Factor Authentication.

For over two decades Metro Vancouver has maintained best practice password management and password policies as part of our IT Usage Policy. Whenever possible two factor authentication has also been used in the form of “authentication fobs” or authentication texts, to ensure that the use is validated. Within the IT network, only recognized IT devices are permitted to logon, effectively adding a third authentication factor.

Software Patching

As part of the IT Roadmap and Digital Strategy, all critical software at Metro Vancouver is regularly patched and moved to the most current version available from the vendor. In rare cases where this is not technically possible, applications are firewalled from other systems.

Metro Vancouver Regional District - Closed

Metro Vancouver Cybersecurity Performance and Audit Committee Closed Meeting Date: January 22, 2020 Page 4 of 4

Antivirus

Every PC and Server in use at Metro Vancouver has an active and up-to-date antivirus package installed. The logs from this system are reviewed regularly to look for issues and trends.

When we see attacks coming from international locations, those locations will be blocked.

PENETRATION TESTS

Penetration tests are also referred to as “ethical hacks” and are performed by staff and trusted third parties who actively test and try to defeat the layers of security that the team has built. Based on these tests, our systems and firewalls are patched and upgraded.

ALTERNATIVES

This is an information report. No alternatives are presented.

FINANCIAL IMPLICATIONS

Statistics Canada reports that there were 7,727 cyber-victims in 2018 and the problem is not decreasing. The Federal government estimates that Canadians will lose about $43 million to cybercrime in 2019.

While there are no direct financial implications for this report, failing to take cybercrime seriously could have financial implication to Metro Vancouver either from direct fraud or from loss of productivity. The IT team at Metro Vancouver continues to monitor this situation and actively implements counter measures to every known threat.

CONCLUSION

This report provides the Performance and Audit Committee with an update regarding the measures taken to provide adequate cyber security for Metro Vancouver systems. Cybercrime and the Cybersecurity counter measures are constantly evolving. We are continually monitoring the ever changing landscape of cyber security and regularly update our programs and processes. This report identifies known threats and the counter measures that Metro Vancouver uses to keep our data protected and our automated processes working without impact to productivity or levels of service.

36645965