📋
Extraído del Informe Consolidado
Esta investigación fue publicada originalmente como parte de un informe consolidado más amplio que contiene múltiples investigaciones. Consulte el PDF consolidado para ver el documento completo.
Santa Cruz County Grand Jury
• 2022-2023
Santa Cruz County Civil Grand Jury SantaCruzTownClock the Reports
⚠️ Aviso de traducción: Este contenido ha sido traducido automáticamente. El texto original en inglés es la versión oficial. La traducción puede contener errores.
⚠️ Este contenido ha sido traducido automáticamente. El texto original en inglés es la versión oficial. La traducción puede contener errores.
Findings and Recommendations 23 findings
F1
Page 27
Santa Cruz County does not have a Cybersecurity Plan, and the absence of a current plan that defines security policies, procedures, and controls required to protect its networks and devices increases the risk of vulnerabilities.
Related Recommendations (1)
R1
Page 27
Santa Cruz County should prepare and implement a Cybersecurity Plan , ensuring that city officials and all staff are well aware of the plan details, their responsibilities, and associated policies. (F1)
F2
Page 27
Santa Cruz County does not have a sufficiently detailed Incident Response Plan, indicating they would not be prepared to respond rapidly and effectively in the event of a cyber incident.
Related Recommendations (1)
R2
Page 27
, the county should revise and expand its Incident Response Plan to clearly delineate the steps it will take in response to a cyber attack, the responsibilities of identified officials, and the coordination required with state and federal officials for each type and level of cyber attack. A detailed plan is a requirement for continuity of county operations in a cyber incident. (F2)
F3
Page 27
Santa Cruz County participates in multiple information sharing groups at regional and state levels, although it has only minimal interaction with the cities across Santa Cruz County, degrading their ability to fully understand regional vulnerabilities.
Related Recommendations (1)
R3
Page 27
The County’s information sharing efforts should be expanded to ensure fulsome information sharing across all government entities in the county, specifically Santa Cruz, Watsonville, Scotts Valley, and Capitola, A simple schedule of monthly meetings would permit regular sharing of possible threats, TTPs seen across the county, and information learned from outside organizations such as the Cal-CSIC. (F3) Cyber Threat Preparedness published May 18, 2023 22 Santa Cruz County Civil Grand Jury
F4
Page 28
The City of Santa Cruz seems to have an adequate IT Department structure; however, in late 2022, 40 percent of its positions remained vacant, leaving them inadequately staffed to mitigate and respond to cyber attacks.
Related Recommendations (1)
R4
Page 28
The City of Santa Cruz should prioritize filling its vacant IT department positions by Fall 2023. The IT Department and the Human Resources (HR) Department should revise its position requirements, compensation packages, and recruiting priorities to enable the City to attract qualified personnel to these positions. (F4)
F5
Page 28
Inadequate staffing and high attrition has led to overworked staff and raises the risk of cyber vulnerabilities across its networks.
Related Recommendations (1)
R5
Page 28
By Fall 2023, Santa Cruz should identify and implement creative approaches to hiring and retention so they can maintain a fully staffed IT Department despite the competition with surrounding counties. The City should investigate potential partnerships with one or more of the 18 California colleges and universities with National Centers of Academic Excellence in Cybersecurity. (F5)
F6
Page 28
The City does not have an individual dedicated as the lead for cyber security, which could lead to inadequate preparation for and response to a cyber attack.
Related Recommendations (1)
R6
Page 28
By Fall 2023, the City of Santa Cruz should assign one individual responsible for cybersecurity. Adoption of a managed service provider arrangement will boost its security posture, although it does not eliminate the need for a dedicated security lead within the City’s IT Department. (F6)
F7
Page 28
The City of Santa Cruz does not have a Cybersecurity Policy, suggesting that preparations to mitigate a cyber attack are inadequate and not widely shared.
Related Recommendations (1)
R7
Page 28
or sooner, the City of Santa Cruz should develop and implement a Cybersecurity Plan that encompasses all aspects of information security. (F7)
F8
Page 28
The City of Santa Cruz does not have an Incident Response Plan, and this absence indicates that the City will be challenged in responding to a cyber attack, especially a ransomware attack.
Related Recommendations (1)
R8
Page 28
or sooner, the City should complete an Incident Response Plan with sufficient detail for city officials to use as a step-by-step guide in the event of a cyber incident. (F8) Cyber Threat Preparedness published May 18, 2023 2022–2023 Consolidated Final Report 23
F9
Page 28
Santa Cruz participates in some information sharing organizations such as the California Municipal Information Services Association (MISAC), yet it has minimal collaboration within the county and the other cities, forfeiting opportunities to share best practices and understand threats.
Related Recommendations (1)
R9
Page 29
Once the IT Department has adequate staffing and , it should expand its participation in local and state information sharing groups to maintain current knowledge of the threat environment and emerging technologies. (F9)
F10
Page 29
After recently expanding its IT Department, the City of Watsonville has improved its IT functions although it does not yet allocate sufficient resources to cybersecurity.
Related Recommendations (1)
R10
Page 29
Watsonville should conduct an evaluation of its recently expanded IT Department, critical IT upgrades, and the status of cybersecurity measures Based on this assessment, the City should allocate existing or newly identified resources to ensure cybersecurity is adequately addressed going forward. (F10)
F11
Page 29
The City does not have an individual whose primary responsibility is cybersecurity for the city networks, leaving cybersecurity oversight to the IT Director–along with a multitude of other IT responsibilities–and lowering the priority for cybersecurity measures.
Related Recommendations (1)
R11
Page 29
Given the size of Watsonville, the City should have a dedicated position for cybersecurity , to ensure adherence to best practices, mitigation of potential threats, and education of city staff and leadership. (F11)
F12
Page 29
Watsonville does not have a Cybersecurity Plan that defines security policies, procedures, and controls required to protect its networks and devices, a situation that increases the risks of vulnerabilities.
Related Recommendations (1)
R12
Page 29
By early 2024 or sooner, Watsonville should prepare and implement a Cybersecurity Plan that addresses all of the best practices for strong cyber hygiene. (F12)
F13
Page 29
Watsonville does not have an Incident Response Plan that provides detailed information on how to respond to an attack, suggesting the City would not be able to respond rapidly and effectively to a cyber attack.
Related Recommendations (1)
R13
Page 29
By early 2024 or sooner, Watsonville should prepare and implement an Incident Response Plan with sufficient detail to serve as a guide in the event of a cyber attack. (F13)
F14
Page 29
Watsonville participates in some regional information sharing forums, but it does not have the resources to expand its participation or tap into state-level information sharing, thus forfeiting valuable best practices and cyber threat information.
Related Recommendations (1)
R14
Page 29
Upon completion of IT structural upgrades and a higher level of cyber maturity, and , Watsonville should participate in local, regional, and state information sharing initiatives. (F14) Cyber Threat Preparedness published May 18, 2023 24 Santa Cruz County Civil Grand Jury
F15
Page 30
Although Scotts Valley’s managed service provider is very knowledgeable and capable of providing cybersecurity services, there is no single city official with cybersecurity oversight, potentially leading to a poor understanding of the threats and an inadequate response to a cyber attack.
Related Recommendations (1)
R15
Page 30
By mid-2023, Scotts Valley should assign a city official as the lead for cybersecurity for the city. This individual should oversee the contractor’s performance in cybersecurity and ensure city leaders are well informed on emerging threats, cybersecurity challenges, and information provided from regional and state entities. (F15)
F16
Page 30
Scotts Valley does not have a current Cybersecurity Plan that defines security policies, procedures, and controls required to protect its networks and devices, potentially increasing the risks of vulnerabilities.
Related Recommendations (1)
R16
Page 30
Working with its IT contractor, by Fall 2023, Scotts Valley should write and implement a Cybersecurity Plan that is shared with all city officials to demonstrate comprehensive security measures and executive-level cyber threat awareness. (F16)
F17
Page 30
Scotts Valley does not have a current Incident Response Plan, which could exacerbate the effects of a cyber incident such as increase the time a network is unavailable or raise the potential financial costs of a resolution.
Related Recommendations (1)
R17
Page 30
By Fall 2023, Scotts Valley should write an Incident Response Plan that clearly delineates the steps it will take in response to a cyber attack, the responsibilities of identified officials, and the coordination required with state and federal officials for each type and level of cyber attack. (F17)
F18
Page 30
Scotts Valley does not participate in any cybersecurity information sharing groups to enhance best practices, rather they depend on their contractor to stay informed, which makes the City last to know of critical cyber threats.
Related Recommendations (1)
R18
Page 30
Scotts Valley should participate in local, regional, and state cybersecurity organizations for information sharing (F18)
F19
Page 30
With one individual responsible for IT services, Capitola does not allocate sufficient resources to cybersecurity, a status that could lead to poor cyber knowledge and unnecessary vulnerabilities.
Related Recommendations (2)
R19
Page 31
By Fall 2023, Capitola should hire a full-time IT Director to replace the IT Director who departed in mid-2022. The IT Director should oversee and expand IT services, including those of the consulting company, and lead cybersecurity initiatives. (F19)
R24
Page 31
By mid-2023, Capitola city management should raise the priority it assigns to cybersecurity and demonstrate a recognition of their role in ensuring the security of the City’s information networks.(F19–F23)
F20
Page 30
The City of Capitola does not have a robust cybersecurity training program, nor does it conduct phishing tests or routinely remind employees to adhere to cybersecurity measures during potential periods of increased threats. Cyber Threat Preparedness published May 18, 2023 2022–2023 Consolidated Final Report 25
Related Recommendations (2)
R20
Page 31
The City should develop a more robust cybersecurity training and phishing testing program for all employees by Fall 2023 or earlier. (F20)
R24
Page 31
By mid-2023, Capitola city management should raise the priority it assigns to cybersecurity and demonstrate a recognition of their role in ensuring the security of the City’s information networks.(F19–F23)
F21
Page 31
The City of Capitola does not have a Cybersecurity Plan to address cybersecurity measures city wide, suggesting the city is not adequately mitigating the potential impact of cyber incidents.
Related Recommendations (2)
R21
Page 31
Capitola should establish and implement a Cybersecurity Plan Several resources exist to provide a foundation or templates for these plans including NIST Guidelines, CISA resources, and Cal-CSIC guidance. (F21)
R24
Page 31
By mid-2023, Capitola city management should raise the priority it assigns to cybersecurity and demonstrate a recognition of their role in ensuring the security of the City’s information networks.(F19–F23)
F22
Page 31
The City of Capitola does not have an Incident Response Plan, which could exacerbate the effects of a cyber incident such as increase the time a network is unavailable or raise the potential financial costs of a resolution.
Related Recommendations (2)
R22
Page 31
By Fall 2023 Capitola should prepare an Incident Response Plan that provides detailed guidance for a city response to a cyber attack. (F22)
R24
Page 31
By mid-2023, Capitola city management should raise the priority it assigns to cybersecurity and demonstrate a recognition of their role in ensuring the security of the City’s information networks.(F19–F23)
F23
Page 31
Capitola does not participate in any cyber-focused information sharing groups, nor does it take advantage of state and federal resources designed to assist small cities with mitigating cyber attacks, thereby forfeiting opportunities to learn best practices and raise their cyber awareness.
Related Recommendations (2)
R23
Page 31
When appropriately resourced to monitor cyber threats, and , Capitola should participate in regional cybersecurity information sharing groups, to gain valuable information to best protect the City. (F23)
R24
Page 31
By mid-2023, Capitola city management should raise the priority it assigns to cybersecurity and demonstrate a recognition of their role in ensuring the security of the City’s information networks.(F19–F23)
Conclusions 29
-
CL1The City of Santa Cruz does not have a Cybersecurity Policy, suggesting that preparations to mitigate a cyber attack are inadequate and not widely shared.
-
CL2The City of Santa Cruz does not have an Incident Response Plan, and this absence indicates that the City will be challenged in responding to a cyber attack, especially a ransomware attack.
-
CL3Santa Cruz participates in some information sharing organizations such as the California Municipal Information Services Association (MISAC), yet it has minimal collaboration within the county and the other cities, forfeiting opportunities to share best practices and understand threats.
-
CL4After recently expanding its IT Department, the City of Watsonville has improved its IT functions although it does not yet allocate sufficient resources to cybersecurity.
-
CL5The City does not have an individual whose primary responsibility is cybersecurity for the city networks, leaving cybersecurity oversight to the IT Director–along with a multitude of other IT responsibilities–and lowering the priority for cybersecurity measures.
-
CL6Watsonville does not have a Cybersecurity Plan that defines security policies, procedures, and controls required to protect its networks and devices, a situation that increases the risks of vulnerabilities.
-
CL7Watsonville does not have an Incident Response Plan that provides detailed information on how to respond to an attack, suggesting the City would not be able to respond rapidly and effectively to a cyber attack.
-
CL8Watsonville participates in some regional information sharing forums, but it does not have the resources to expand its participation or tap into state-level information sharing, thus forfeiting valuable best practices and cyber threat information.
-
CL9Although Scotts Valley’s managed service provider is very knowledgeable and capable of providing cybersecurity services, there is no single city official with cybersecurity oversight, potentially leading to a poor understanding of the threats and an inadequate response to a cyber attack.
-
CL10Scotts Valley does not have a current Cybersecurity Plan that defines security policies, procedures, and controls required to protect its networks and devices, potentially increasing the risks of vulnerabilities.
-
CL11Scotts Valley does not have a current Incident Response Plan, which could exacerbate the effects of a cyber incident such as increase the time a network is unavailable or raise the potential financial costs of a resolution.
-
CL12Scotts Valley does not participate in any cybersecurity information sharing groups to enhance best practices, rather they depend on their contractor to stay informed, which makes the City last to know of critical cyber threats.
-
CL13With one individual responsible for IT services, Capitola does not allocate sufficient resources to cybersecurity, a status that could lead to poor cyber knowledge and unnecessary vulnerabilities.
-
CL14The City of Capitola does not have a robust cybersecurity training program, nor does it conduct phishing tests or routinely remind employees to adhere to cybersecurity measures during potential periods of increased threats. Cyber Threat Preparedness published May 18, 2023 Page 14 of 24 2022–2023 Consolidated Final Report 25
-
CL15The City of Capitola does not have a Cybersecurity Plan to address cybersecurity measures city wide, suggesting the city is not adequately mitigating the potential impact of cyber incidents.
-
CL16The City of Capitola does not have an Incident Response Plan, which could exacerbate the effects of a cyber incident such as increase the time a network is unavailable or raise the potential financial costs of a resolution.
-
CL17Capitola does not participate in any cyber-focused information sharing groups, nor does it take advantage of state and federal resources designed to assist small cities with mitigating cyber attacks, thereby forfeiting opportunities to learn best practices and raise their cyber awareness.
-
CL18Secure long-term funding for cybersecurity in the core budget. A proactive approach that prioritizes network defense, situational awareness, and education is a critical element of cybersecurity and well worth the commitment. Cybersecurity should be a budget item on a business level, not solely an IT budget allocation.
-
CL19Hire and retain cyber talent. Small and medium-sized cities need to identify innovative methods for hiring and retaining the appropriate expertise to ensure secure networks and a vigilant security program. If funding limits the ability to hire a sufficient number of competent IT professionals, cities may want to consider a part-time CISO position, shared resources, or hiring an outside contractor.
-
CL20Set up strong relationships with the private sector. Santa Cruz is well positioned to leverage private sector partnerships in the region that may offer additional resources and superb cyber expertise with minimal investments.
-
CL21Build an exhaustive Incident Response Policy. Every entity should maintain a current Incident Response Policy that delineates established relationships, detailed scenario planning, step-by-step instructions for incident responses, defined public relations measures, and plans for business continuity. Such a plan is critical to delineate the processes that will allow cities to continue serving the public in the event of an attack. The plan should define how systems will be restored without disrupting the business continuity, steps for a thorough investigation of the nature of the breach, and an immediate investment in addressing the vulnerabilities. Cyber Threat Preparedness published May 18, 2023 Page 10 of 24 2022–2023 Consolidated Final Report 21
-
CL22Improve training and culture. A company culture that encourages security and provides a broad range of cybersecurity training is the best approach to mitigating cyber threats, in both government and private entities.[73] [74]
-
CL23Rely on cybersecurity best practices. At a minimum, entities should ensure the use of reputable automation and cybersecurity tools across all networks. The cybersecurity foundation should encompass firewalls, antivirus software, and strong endpoint and network security products that allow visibility into the network.[18] With proper cybersecurity measures in place, our county and cities could take advantage of the cybersecurity grant opportunities available from federal agencies such as DHS/CISA and the Federal Emergency Management Agency (FEMA). In the event of limited resources to prepare and apply for grants, the County and cities would be well served by hiring a consultant to write grant proposals. In the long run–or possibly in the short run–such expenditures would pay for themselves and much more.[43] [73] [79] Findings—Santa Cruz County F1. Santa Cruz County does not have a Cybersecurity Plan, and the absence of a current plan that defines security policies, procedures, and controls required to protect its networks and devices increases the risk of vulnerabilities. F2. Santa Cruz County does not have a sufficiently detailed Incident Response Plan, indicating they would not be prepared to respond rapidly and effectively in the event of a cyber incident. F3. Santa Cruz County participates in multiple information sharing groups at regional and state levels, although it has only minimal interaction with the cities across Santa Cruz County, degrading their ability to fully understand regional vulnerabilities.
-
CL24The Santa Cruz County Civil Grand Jury is delighted to report that the Santa Cruz County CORE (Collective of Results and Evidence Based Investments) program provides fair and equitable distribution of funds to the many deserving non-profit organizations throughout the County. This process has removed any specter of bias and allows all potential organizations an even playing field. Their approach is completely transparent, from the application process, all the way through to the funded awards. The equity-centered approach clearly sets Santa Cruz County apart from any other counties in the region. It provides very clear parameters of how the process works and how each organization can benefit. The Grand Jury applauds the County and City officials and community members for their continued dedication and looks forward to the further evolution of CORE. CORE published May 18, 2023 Page 5 of 9 6 Santa Cruz County Civil Grand Jury
-
CL25In a perfect world, the Sheriff’s Office would have sufficient funding to raise Correctional Officers’ pay sufficient to hire all the officers they need, and build the new jail they want. But in that perfect world, there would also be sufficient resources to give all inmates the mental health care they need and to provide adequate continuing care after they are released, including supportive housing as appropriate. This report asks the question “In the real world, with the funding constraints in this County, what is the best solution to both the aging Main Jail and to the distressingly high recidivism rate?” The Santa Cruz County Grand Jury believes that funding for the Sheriff’s Office to hire and retain more Correctional Officers should be increased. Funding for the Public Defender’s Office and County Behavioral Health should also be increased so their anti recidivism efforts can reduce the current horrifying 60 percent recidivism rate.
-
CL26There is no doubt that the small, charming coastal City of Santa Cruz and the surrounding county municipalities are going to have to change. We can no longer ignore the fact that our highways and city streets have become gridlocked; rents and housing prices are beyond the reach of most; and many businesses are unable to find and keep the employees that they need. School enrollment is dropping as families move away to Housing Our Workers published June 2, 2023 Page 17 of 38 74 Santa Cruz County Civil Grand Jury find more affordable places to live, and businesses are moving to other locations. Perhaps the state laws and high housing goals are unattainable, but living in an area that only the wealthiest can afford is untenable without access to the businesses and services that all communities expect. It is too early to tell if it is possible to build all of the housing that the state demands, but it is undeniable that more housing, especially more affordable housing, needs to be built for the essential workers in Santa Cruz County. If that affordable housing is built near jobs and along transportation corridors, it will also alleviate traffic gridlock.
-
CL27The 2022-2023 Grand Jury reviewed responses to five of the 2019-2020 reports and found that, in general, commitments were kept. In some cases, the agencies are implementing recommendations but it’s not clear if the actions are in response to the Grand Jury or whether they were instigated by the agencies. The Grand Jury also reviewed Ready? Aim? Fire!, however we did not evaluate whether commitments were kept. Over the past three years there have been a major wildfire and three other fire-related investigations;[30] [31] therefore, it would be difficult to gauge whether or not the studied entities fulfilled any of the recommendations specifically from the 2019-2020 Grand Jury report. The Grand Jury continues to recommend that all organizations create and regularly update formal records of the actions they take to address Grand Jury recommendations, and to share those records with the public, in accordance with CA Penal Code Section 933(c).[32] Honoring 2019-2020 Commitments published June 7, 2023 Page 14 of 21 2022–2023 Consolidated Final Report 109 Findings and Recommendations General
-
CL28The longstanding and serious staffing shortage at the Behavioral Health Division is a contributing factor to all the issues discussed in this report, such as lack of step-down capability, services for marginalized groups including homeless persons, those involved with the criminal justice system and racial minorities. Until the staffing level is significantly improved, expecting improved service in any of these areas is unreasonable. The Grand Jury typically recommends an increase in funding when an agency has more responsibilities than budget, even while understanding that if there were funding available to increase the budget, this would already have been done. In this case, however, not only are County residents not getting adequate mental health services, the cost to the County is also higher because patients sometimes need to repeat treatment.
-
CL29By enforcing violations of building and environmental codes, the CCD bears an important role in the health and safety of our county. This investigation found that the CCD employees work hard to carry out their mission in a professional manner. Unfortunately, the division suffers from chronic understaffing, inadequate management, and a lack of basic organizational practices and procedures. This report highlights the areas where it is especially lacking—documentation, procedures and policies, employee training and education, and quality assurance. Because the division is resolving violations of planning and building codes, they work within the larger culture of the Planning Department that is noted for its slowness, inaccessibility to the public, and inconsistent implementation, which makes the CCD’s work even more challenging. As a result, the CCD has a huge backlog of unresolved violations, and public confidence in both the CCD and the Planning Department is low. This Grand Jury recommends that the CCD division quickly increase staffing and improve processes to enable it to resolve the backlog of cases that represent potential community safety and environmental hazards, lost revenue, and county liability. In addition, the CCD needs to urgently overhaul its organizational procedures and practices to improve consistency and to increase transparency and accountability. Moreover, the Grand Jury recommends that the Planning Department increase its accessibility to the public and document all interactions with the public. Code Compliance Division – Out of Compliance published June 23, 2023 Page 9 of 18 174 Santa Cruz County Civil Grand Jury
Commendations 9
-
CM1The County of Santa Cruz California Proposed 2022-23 Budget. March 29, 2022. “Proposed Budget in Brief.” Accessed April 24, 2023. https://www.co.santa-cruz.ca.us/portals/27/county/budget/pdf/Proposed%20Budg et%20in%20Brief_05030745.pdf
-
CM2County and City of Santa Cruz. February 4, 2022. “Request for Proposal.” Accessed April 24, 2023. https://www.co.santa-cruz.ca.us/Portals/0/County/GSD/Purchasing/Solicitations/ HSD1-2021%20CORE%20Investments%20RFP.pdf
-
CM3Santa Cruz County Data Share. Accessed April 24, 2023. https://www.corescc.org/about-us
-
CM4Santa Cruz County Data Share. Accessed April 24, 2023. https://static1.squarespace.com/static/619279f72531c218d085aee6/t/63f7ef8c3b 2d295e3044c389/1677193225008/CORE+Conditions+Bilingual Site Visits Human Services Department, County of Santa Cruz County of Santa Cruz Health Services Agency Human Services Department Archives CORE published May 18, 2023 Page 9 of 9 10 Santa Cruz County Civil Grand Jury [This page intentionally left blank.] 2022–2023 Consolidated Final Report 11 Cyber Threat Preparedness Phishing and Passwords and Ransomware, Oh My! Summary Cyber attacks targeting computer information systems, personal digital devices, or smartphones increase every year with the largest number of attacks typically hitting California. Cyber criminals target all types of businesses and all sizes of government agencies including small cities that often have limited resources to invest in cybersecurity. As Santa Cruz County continues its plans to expand broadband access and to provide efficient digital services to its residents, adherence to cybersecurity measures and best practices is critical. Santa Cruz County and the cities of Santa Cruz, Watsonville, Scotts Valley, and Capitola understand the cyber threat environment and the potential consequences of a cyber attack. These government entities have implemented varying levels of security measures to mitigate such threats. The Jury’s overall recommendations encompass the following: ● The County and the four cities should write and implement Cybersecurity Plans and Incident Response Plans that detail frameworks for mitigating cyber attacks and details for responding to a cyber incident. ● Each of our cities should designate a city official as the lead for cybersecurity. Even when an information technology consulting firm supports the city, one government official should be responsible for cybersecurity. ● The County and cities would benefit from cyber threat information sharing across the county, enabling greater knowledge of potential threats and shared ideas for threat mitigation. Cyber Threat Preparedness published May 18, 2023 Page 1 of 24 12 Santa Cruz County Civil Grand Jury Table of Contents Background 3 Scope and Methodology 5 Investigation 6 Cyber Best Practices across Santa Cruz County 7 Steps in the Right Direction 9 Conclusion 9 Findings—Santa Cruz County 11
-
CM5C1. Santa Cruz County has built an excellent foundation for preparing for the possibility of cyber incidents. Its Information Services Department (ISD) has a very knowledgeable Director, is very well informed, and has taken steps to prioritize cybersecurity. The integration of ISD in all IT purchasing processes provides a sound check on the security of third-party software, and its cyber training appears well integrated for all county staff. C2. The City of Santa Cruz has instituted a cyber awareness program that is strongly enforced. Its IT Advisory Team and standard security questions provide a security perspective for all third-party software purchases, thus minimizing supply chain threats. Cyber Threat Preparedness published May 18, 2023 Page 15 of 24 26 Santa Cruz County Civil Grand Jury C3. Watsonville has instituted commercial cyber security training for all employees and has recently begun to raise cyber risk awareness among city executives, highlighting that cyber security is a business problem for all departments and that promoting cyber education among government leaders is a critical element of effective cyber hygiene.
-
CM6C1. The Probation Office and the Public Defender’s Office are doing an excellent job of diverting low level offenders away from the criminal justice system. C2. The Probation Office is providing their Juvenile Hall youngsters a more physically and emotionally healthy environment that most of them ever had at home.
-
CM7C1. By acquiring and using City owned property, and seeking State grants and other outside funding, Santa Cruz is developing projects that are more affordable for tenants. With projects already underway and in the pipeline, Santa Cruz is on track to meet its 5th Cycle Housing goals, though the 6th cycle will present a larger challenge. C2. The City of Watsonville has continued to build housing during the years when other municipalities were not. They have collaborated well with non-profits and Santa Cruz County to build housing at all affordability levels. C3. All county municipalities have made a concerted effort to identify housing sites in the urban corridors in order to preserve the local coastal zones, mountains and green spaces in the rest of the County. C4. County school districts, Peace United Church, Cabrillo College and UCSC are working collaboratively to design and build affordable housing for teachers, staff and students. Housing Our Workers published June 2, 2023 Page 21 of 38 78 Santa Cruz County Civil Grand Jury
-
CM8C1. The Grand Jury commends the Behavioral Health Division for development of a Psychiatric Healthcare Facility for children and youths which will provide much needed mental health services for this population. C2. The Grand Jury commends the Behavioral Health Division’s efforts to develop a wide range of crisis care services that are not routinely offered in similar sized counties, including Mobile Emergency Response Teams for adults and youth, a Crisis Services Program, and a Psychiatric Health Facility. Diagnosing the Crisis in Behavioral Health published June 12, 2023 Page 17 of 27 134 Santa Cruz County Civil Grand Jury
-
CM9C1. The Sheriff’s Office Annual Report is easy to read, well organized, and provides useful information to the public. This publication offers thoughtful views of equipment, events, and Sheriff’s Office personnel. Surveillance State in Santa Cruz County published June 20, 2023 Page 13 of 20 158 Santa Cruz County Civil Grand Jury