Loading...
HomeMy WebLinkAboutItem 20 PPP 9-25-19 Board - Strategic Plan 3rd SessionStrategic Plan Development Tonight's Policy Discussions: •Resilient Staffing •Safety and Physical Security •Cyber Security •Property Management Resilient Staffing Book page: 261 Presented by Laura Maravilla Human Resources & Risk Manager Policy Question Is OCSD properly prepared for the future challenges of employee attrition and loss of institutional knowledge through employee development and leadership programs? Background Diverse workforce of highly skilled and educated employees who carry out OCSD’s mission and vision •640 budgeted full-time employees •70% of positions require a degree, certification, and/or license (scientists, engineers, environmental and regulatory specialists, operators, mechanics, construction inspectors, accountants, and specialized analysts) •Since 2014, OCSD has lost 3,025 years of knowledge and experience primarily through retirement. Current Situation 100% 64% 49% 29% 46% 23% 100% 73%69% 36% 52% 34% 0% 20% 40% 60% 80% 100% 2019 2022 45% of OCSD’s employees are eligible for retirement which does not account for other forms of turnover OCSD’s current programs effectively develop and retain its current workforce, and attract highly technical and skilled talent Workforce Planning Workforce Vulnerability Assessments Management evaluates key and vulnerable positions, based on: •Criticality •Retention •Difficulty to Fill To develop current and future staffing plans. Talent Readiness Assessments Feeder positions are identified and talent pools are developed to build a talent pipeline for key and vulnerable positions. Overview of Existing Programs Vocational Internship Technical Trades within Operations & Maintenance Started in 2010 with 4 positions, currently at 10 positions 14 program participants have been hired Student Internships Employee Development Recruitment and Selection Partnerships Leadership Development Overview of Existing Programs Policy Statement OCSD will attract and retain high-quality talent to support its mission and continue to be an industry leader. OCSD will safeguard leadership continuity and support effective performance of the organization by proactively monitoring the changing work environment and requirements to ensure development programs are relevant and build a skilled bench of readily available successors for key leadership and mission- critical positions. Initiatives Initiative: Maintain and enhance current programs to provide the direction to identify, develop, attract and retain the next generation of prepared, capable and engaged leaders. Initiative: Continue cyclical Classification & Compensation studies to ensure job classifications accurately depict the work and that compensation levels are set accordingly. Policy Question Is OCSD properly prepared for the future challenges of employee attrition and loss of institutional knowledge through employee development and leadership programs? Questions? Safety and Physical Security Presented by Rod Collins Safety & Health Supervisor Book Page: 267 Policy Question Is OCSD properly prepared to ensure the safety, health, and security of the workforce and have we adequately planned for emergencies? Background •OSHA requires a workplace free of recognized hazards •Safety of the public and employees is OCSD’s top priority •OCSD is committed to identifying and mitigating all hazards •OCSD has programs that have proved effective to ensure the safety and health of its workforce, visitors, and contractors Overview of Existing Programs Current Situation •Safety •Routinely review written policies and procedures by collaborating with internal stakeholders, third-party audits, and ensuring compliance with regulatory requirements •Preparing safety programs and facilities in pursuit of California OSHA Voluntary Protection Program status Current Situation •Emergency Management •Ensure available resources are identified and engaged in the event of an emergency •Collaborations with local agencies and municipalities •Minimum of two emergency response drills per year Current Situation •Security •Manage third-party security service provider •Preparation for expansion of Security requirements •Oversee Security Committee (Physical and Cyber Threats) Proposed Future Policy Statement Continue to administer existing programs that ensure the safety, health, and security of the workforce, and proactively plan for emergencies to ensure continuity of operations. Proactively monitor the changing work environment and requirements to implement new programs that address future vulnerabilities. Improvements will be measured using leading metric indicators and reported to the workforce to foster employee engagement. Initiatives to Support Policy Safety Initiative: Complete outstanding safety projects, improvements, and corrective actions to apply and obtain Cal/OSHA Voluntary Protection Program (VPP) status; and continue to foster a culture where employees are accountable for their safety as well as the safety of others. Initiatives to Support Policy Emergency Management Initiative: Support facility and countywide emergency preparedness, response, and recovery efforts by partnering with entities, such as, the Water Emergency Response Organization of Orange County, Orange County Sheriff’s Department, and local fire departments to plan and continue to conduct disaster preparedness training and exercises. Initiatives to Support Policy Security Initiative: Continually identify and assess vulnerabilities and implement solutions through the Security Committee and third-party assessments. Prevent/mitigate security breaches using physical security systems such as video monitoring, access control, and armed security patrols. Policy Question Is OCSD properly prepared to ensure the safety, health, and security of the workforce and have we adequately planned for emergencies? Questions? Cyber Security Presented by Lorenzo Tyner Assistant General Manager Book Page: 273 Policy Question Has OCSD properly prepared for the increase in cyber security threats faced by today’s government agencies? What we’re protecting? Industrial Control Network •Remote control or monitoring of Plant assets -370,000 electronic input and output data points​ •23 SCADA servers and 151 workstations​ •160 Programmable Logic Controllers (PLCs)​ •6 Terabyte of Data​ and 69 network switches What we’re protecting? Office Network •310 Servers &1,000 workstations and laptops​ •2 petabytes of data​ and 100 network switches​ •Enterprise software applications •Financial Systems, Maximo Asset Management System, Laboratory Information Management System •Personal identifiable information Current Cyber Security Threats •Business Email Compromise​ (BEC) •Ransomware​ •Attacks on Critical Infrastructure Business Email Compromise Recent OCSD Attacks •Email spear phishing campaigns that appear very credible with OCSD logo, targeted at EMT, Managers, and specific business functions •Voicemail attachments noting that you have several missed calls.Attachment leads to a phishing website to steal user credentials. •False attempts to get users to change their password •Phishing emails that disclose previously used passwords acquired from outside breaches to lure the recipient to open a malicious file Security Assessments •Department of Homeland Security assessment​ •Design Architecture Review •Network Architecture Verification and Validation •Microsoft Active Directory Security​ •Microsoft Security Incident Management​ •Microsoft Securing Lateral Account Movement​ •Office 365 Security assessment •CIS Top 20 Security Controls Defense in Depth •Network Firewall​s •Intrusion Prevention System​ •Web Filtering Gateway​ •Next-gen Anti-malware​ •Patch Management​ •Backups​ •Security Awareness Training Security Awareness & Training Program •Multiple phishing security tests per month​ •Quarterly security training videos​ •Communicate cyber security best practices and tips​ •Implemented Industrial Control Systems (ICS) Engineer Security Training •Implemented Software Developer Security Training Critical Security Controls Best Practices •Defense in Depth strategy​ •Security Training and Awareness programs​ •Patch Management processes​ •3-2-1 Backup Strategy​ •Critical Security Controls and Frameworks​ •Incident Response​ •Sensitive Data Classification and Handling Policy​ •Develop close relationship with Operational Technology Policy Statement The Sanitation District must maintain adequate cyber security (information technology security) techniques that protect computer assets, networks, programs, data, and industrial control equipment from unauthorized access or attacks that are aimed for exploitation. Initiatives to Support Policy Initiative:Conduct various Incident Response tabletop exercises to determine the organization's ability to respond to a targeted cyberattack and to improve the quality of the response, should an attack occur. Initiative:Evaluate, enhance and monitor network security including activities to protect the usability, reliability, integrity and safety of the network by developing Security Operations Center (SOC) capabilities that support continuous monitoring and is responsible for the continuous threat protection process. Initiative:Conduct a comprehensive third-party cyber security operations assessment (Red Team). A thorough Red Team engagement will expose vulnerabilities and risks regarding:•Technology —Networks, applications, routers, switches, appliances, etc.•People —Staff, contractors, departments, business partners, etc. •Physical —Offices, warehouses, substations, data centers, buildings, etc. Policy Question Has OCSD properly prepared for the increase in cyber security threats faced by today’s government agencies? Questions? Real Estate and Property Management Presented by Lorenzo Tyner Assistant General Manager Book Page: 277 Policy Question Should the OCSD develop in-house Property Management/Real Estate resources or continue to outsource specialized services as needed? Sanitation District Assets OCSD has more than $11 billion in assets •Most of these assets are directly related to the plant or physical infrastructure. •However, OCSD owns considerable real estate, property rights, and easements. •OCSD owns and maintains real estate for the specific purpose of supporting its operations. OCSD does not purchase for speculation or investment purposes. Recent Property Activities In the last three years, OCSD has been very active •In February 2017, OCSD purchased two the properties each approximately 25,000 square feet. This will be the location of OCSD’s future headquarters building. •In March 2018, OCSD purchased a commercial office building that currently houses OCSD’s Resource Protection Division with 37 staff, as well as nine commercial tenants. •In August 2018, OCSD purchased 3 commercial/industrial properties with a combined total of 66,000 square feet. This will be part of the new Headquarters parking compound. When purchased, the properties were leased to a total of 8 tenants. •In April 2019, OCSD sold its Garden Grove commercial/industrial building. This building has been leased to the same tenant since 2011 and had generated more than $1.6 in revenue prior to its sale. Recent Property Activities In the last three years, OCSD has been very active •Edinger Pump Station (Huntington Beach) •Bay Bridge Pump Station (Newport Beach) •Western Regional Sewers Project (Denni Street, Cypress) Recent Property Activities Upcoming Activities •Yorba Linda Pump Station (Fullerton) •West Side Pump Station (Rossmoor/Unincorporated area) •Miller-Holder Trunk Sewer on Rhone (Huntington Beach) •Mass Annexations in our Service Area Other Property Activities OCSD is often involved with other agencies •OCSD has leased two of its vacant buildings to the Fountain Valley Police and Fire Departments for training exercises. •The Fire Department runs nighttime training exercises and has numerous joint sessions scheduled with the City of Huntington Beach Fire Department between October and May. •Before the Doig Drive building was leased, the City of Garden Grove’s K-9 unit utilized that commercial/warehouse for drug sniffing exercises with their elite team of canine officers. Property Rights and Easements OCSD has just begun to assess all its property rights •OCSD has a vast array of property rights including ownership in fee, easements, permits, perpetual encroachment permits, licenses and leases, as well as shared utility corridor rights, and public rights-of-way. •OCSD is working with an outside consultant to map, label, and quantify all property rights and encumbrances inside and outside of the plants. • This is about 50% complete and we hope to complete the project by the end of December 2019. OCSD Resources •OCSD maintains minimal staff that currently manages its Real Estate or Property Management activities. • Staff is familiar with general issues in this area • OCSD utilizes General Counsel as needed • To date, OCSD has made a conscious decision to use in-house generalists and general counsel for its day-to-day needs instead of building property management infrastructure and adding staff. • OCSD has relied on specialized contracted resources when specialized support is required. Initiatives to Support Policy Initiative: Complete work with an outside consultant to map, label, and quantify all property rights and encumbrances inside and outside of the plants. Initiative: As part of the 2020-21 budget process, add in-house professional real estate and property management staff to ensure comprehensive management of OCSD’s significant real estate and property rights. Policy Question Should the OCSD develop in-house Property Management/Real Estate resources or continue to outsource specialized services as needed? Questions?