Ron Galperin is calling for tens of millions in ongoing capital investment to safeguard the city's critical IT systems.
Whatever the disaster, whether it be a citywide inferno, earthquake or doomsday scenario of a ballistic missile from North Korea, Los Angeles Controller Ron Galperin is urging the city to protect its core IT systems.
Galperin’s office released a report on Wednesday showing the city was unprepared to shield its critical information systems against a major disaster. After an audit, his office discovered the city has no uniform IT disaster recovery strategy in place, but only fragmented emergency plans that differ depending on department. Galperin said this fact has lifted responsibility for emergency IT plans off of any one department, and has left the city vulnerable.
“With the safety of 4 million people at stake, we need to protect critical IT operations if we don’t want all of our other emergency planning to be compromised,” Galperin said in a statement. “This report shows we still have work to do.”
The report, which Galperin's office said arose following a routine audit, notes that staff lack disaster and recovery planning to save IT systems during disasters. Further, the testing and preparation that does exist is limited to only a few disaster scenarios.
"Earthquakes can strike without any warning and certainly we're as vulnerable as any organization or large city is to cyber attacks, terrorist attacks or any kind of large natural disaster, so we we realized this was an important area to look at," said James Nash, a spokesperson for the Controller's Office.
The city has nine IT systems that include emergency dispatch for first responders. Galperin has recommended a few key measures to bolster the city's emergency resiliency, the first being a recommendation to create a steering committee that will help the Los Angeles Emergency Management Department (EMD) take on a lead role in citywide IT emergency management.
The report also calls for a formal recovery strategy that can be adopted across departments, training for staff, testing system capabilities in different scenarios and duplicating essential systems so government can continue to operate in the wake of a disaster. The need to act on these recommendation is so great, Halperin said, he suggested that the city avoid using general funding so it can pay for upgrades immediately, something that might be done through bonds financing.
Nash said it is expected the amount of funding needed for such a project could enter into the tens of millions or hundreds of millions, but the exact cost would be determined by a future IT assessment. After the city determines costs, Nash said a proposal will make its way to the city council's budget committee, the chief Administrators Office and then Mayor Eric Garcetti.
The report has been sent to the Mayor's Office and City Council to begin the process of implementing recommendations that Nash said are not controversial because of their obvious necessity.
"We're not talking about a one-time upgrade here. We're talking about ongoing capital that needs to be going into these systems," Nash said.
Before releasing the report, Galperin's office reported that it had reached out to a few of the departments that would be affected by the proposed changes. This outreach included talks with Aram Sahakian, the EMD’s general manager; Ted Ross, the Information Technology Agency general manager; and Charlie Beck, chief of the Los Angeles Police Department. Galperin's office reports the departments agreed with the report’s conclusions and recommendations, some of which are already underway, such as a revamp of the city's 911 system.
"Effective emergency response depends on communication, and the consequences of communications infrastructure failure during a disaster can be the difference between life and death for those affected,” said Aram Sahakian, the EMD’s general manager. “Investing in our city’s IT infrastructure and building alternate communications methods to back up our primary systems are critical!"