Title
Recommendation to Authorize the City Manager to Execute a Two-Year Agreement with SHI International Corp. for Arctic Wolf Cybersecurity Services in an Amount Not-to-Exceed $227,757. (Information Technology 60626070-51040)
Body
To: Honorable Mayor and Members of the City Council
From: Jennifer Ott, City Manager
EXECUTIVE SUMMARY
Staff is requesting City Council approval of a two-year agreement (Exhibit 1) with SHI International Corp. for Arctic Wolf cybersecurity services to enhance cybersecurity for the City of Alameda (City) by providing around the clock monitoring for malicious or irregular activity on the City’s network.
BACKGROUND
Arctic Wolf would serve as the City’s 24x7x365 Security Operations Center (SOC) to monitor the City’s network for any malicious or anomalous activity. Such robust monitoring is accomplished by aggregating all of the City’s cybersecurity-related alerts from the City’s various cybersecurity solutions to form a holistic view of the City’s network. With this visibility, Arctic Wolf would immediately alert the City to any malicious/anomalous activity and take action, when appropriate. In general, the earlier the response to an attack, the better the chances are to decrease the impact on City systems, operations, and personnel. In addition to responding to attacks, Arctic Wolf would also serve as a trusted cybersecurity advisory partner as the City’s cybersecurity posture is increased across City systems.
DISCUSSION
After thorough research and evaluation, staff identified Arctic Wolf as the best-suited solution to enhance the City’s defenses and overall cybersecurity posture. Arctic Wolf provides comprehensive threat monitoring and a suite of advanced security services offering effective protection for both the City and its employees against cyber-attacks. In a climate where cyberattacks are getting more and more sophisticated and persistent, staff selected Arctic Wolf as the most capable solution to meet the unrelenting need for both defending the City’s systems from attacks and also supporting the City’s compliance with cybersecurity best practices.
Benefits of Arctic Wolf include:
• 24/7 Threat Monitoring: Continuous surveillance of City systems to detect and respond to cyber threats in real time. Cyber attacks often occur outside of normal working hours when attackers believe the system is not monitored.
• Advanced Threat Detection: Uses AI-driven analytics to identify sophisticated and emerging threats across networks, endpoints, and cloud platforms.
• Concierge Security Team (CST): Provides dedicated security experts who offer tailored guidance, system configuration support, and proactive recommendations.
• Incident Response Support: Assists with rapid containment, investigation, and remediation of security incidents.
• Risk Management & Compliance: Regular vulnerability scans and reporting help maintain required compliance with Criminal Justice Information Service (CJIS) and Health Insurance Portability and Accountability Act (HIPAA) as well as industry standards such as National Institute of Standards and Technology (NIST), and others.
• Cost-Effective Security: Provides SOC with rigorous, continuous protection at a predictable cost.
• Ongoing Posture Reviews: Delivers monthly and quarterly reports to assess improvements, track trends, and guide long-term cybersecurity strategy.
Below are some examples of cyber-attacks of neighboring agencies highlighting the increasing vulnerability of local governments, leading to significant service disruptions and financial costs.
• In 2023, the City of Oakland was hit by a major cybersecurity attack that disrupted city services, including public records, licensing systems and employee data. Sensitive data was leaked online.
• Also in 2023, the City of Hayward was a victim of a major cybersecurity attack that shut down its computer network and public-facing website. A customer of Arctic Wolf, the City of Hayward staff credits the agency for quickly identifying and responding to the attack that occurred in the early morning Sunday hours, limiting the scope of the damage. Without Arctic Wolf’s assistance, the attack would have been more extensive and far-reaching.
• San Bernadino County reported a ransomware attack in 2023 that targeted its IT systems causing disruption to public services.
• In 2024, the Cities of Oakley and Pleasant Hill also experienced cyber-attacks. Oakley declared a state of emergency though 911 emergency services were not impacted. Pleasant Hill’s servers were targets of an attack, but City services remained operational throughout the incident, and public safety was not compromised.
The solutions agreement with Artic Wolf is a departure from the City’s standard indemnification language in its service provider agreement, which typically requires that providers indemnify the City from all claims or actions related to the provider’s performance of its obligations under the agreement, with few exceptions. Arctic Wolf agreed to indemnify the City from any third party claim only to the extent that the claim is based on intellectual property rights or on Artic Wolf’s gross negligence or willful misconduct. Indemnification is not available for Artic Wolf’s simple negligence. Further, Artic Wolf limits its liability to three times the total fees paid by the City, which is approximately $227,757. Given the type of service being provided by Arctic Wolf, staff recognizes that third party claims are relatively less common. Additionally, staff understands that other jurisdictions have accepted similar terms from Arctic Wolf or like vendors and that software agreements in general often contain such limitations of liability for the software provider.
Staff recommends City Council authorize the City Manager to execute an agreement with Arctic Wolf to provide 24/7 comprehensive cybersecurity monitoring for the City.
ALTERNATIVES
• Approve a two-year agreement with Arctic Wolf for continuous cybersecurity monitoring of City systems.
• Maintain Current Internal IT Security Practices: The City could choose to continue relying solely on existing internal resources for cybersecurity monitoring and incident response. This option limits monitoring capabilities, delays incident detection and response, creates a higher risk of undetected or prolonged cyberattacks and poses difficulty in meeting evolving compliance requirements.
Develop an In-House SOC: The City could invest in building its own SOC by hiring additional cybersecurity personnel and acquiring additional monitoring and detection solutions. This likely would cost significantly more than the Arctic Wolf solution for City staff to maintain similar continuous coverage and expertise.
FINANCIAL IMPACT
The cumulative cost over the two-year period is not-to-exceed $227,757. The total cost will be paid in the first year. Funds for this agreement for Arctic Wolf were included in the City Council approved Fiscal Year 2025-27 Biennial Budget.
MUNICIPAL CODE/POLICY DOCUMENT CROSS REFERENCE
The action is consistent with the Alameda Municipal Code. This agreement also supports the City Strategic Plan project TIE 33 to implement increased cybersecurity measures under the Priority to Invest in Transportation, Infrastructure, Economic Opportunities and Historic Resources.
This action is subject to the Levine Act.
ENVIRONMENTAL REVIEW
This action does not constitute a “project” as defined in CEQA Guidelines Section 15378 and therefore no further CEQA analysis is required.
CLIMATE IMPACT
There are no identifiable climate impacts or climate action opportunities associated with the subject of this report.
RECOMMENDATION
Authorize the City Manager to execute a two-year agreement with SHI International Corp. for Arctic Wolf cybersecurity services in an amount not-to-exceed $227,757.
Respectfully submitted,
Demetrius Cagampan, Information Technology Director
Financial Impact section reviewed,
Ross McCarthy, Finance Director
Exhibit:
1. Agreement