Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Committee on Information Technology
Regular Meeting
November 21, 2019
1
1 Dr. Carlton B. Goodlett Place, City Hall, Room 305San Francisco, CA 94102
Agenda• Call to Order by Chair• Roll Call• Approval of Meeting Minutes from October 17, 2019• Chair Update• CIO Update• Digital Services Strategy Update• Policy Update: Citywide Cybersecurity Policy• Policy Update: Cybersecurity Awareness & Training Standard• Public Comment• Adjournment
2
3. Approval of MinutesAction Item
3
4. Chair Update
4
5. CIO Update
5
Department of Technology Town Hall 11.19.19
Providing Kincade Fire Refugees with Internet Access
Partnerships for
St. Mary’s Church Shelter
Services for 200 people
Department of Emergency Management, Special Event Operations
Department of Technology, Division of Public Safety
Monkeybrains – routers, WAPs and service
ATT – phone charger
Department of Technology Town Hall 11.19.19
Department of Technology Monkeybrains
Connecting Kincade Fire Refugees
Build fiberConnection
Pull fiber tothe premises
Connect wirelessaccess points
Connectswitch
Connectrouter
Department of Technology Town Hall 11.19.19
Connecting Kincade Fire Refugees
bit.ly/dthelps
Department of Technology Town Hall 11.19.19
Connecting Kincade Fire Refugees
An Overview of ballot-comparison audit for
Ranked-Choice Voting
Election Commission Meeting
November 20th, 2019
Project ShangRLA
• Implementation of a Risk-Limiting Audit on a Ranked-Choice Voting
• Independent validation of Dominion’s RCV Tabulation
• Open source voting project component piloted and tested
Introducing a few firsts
Open Source Voting System Project
11
A Risk-Limiting Audit (RLA) offers a statistical guarantee:
“If a full manual tally of the paper ballots would show that the reported election outcome is
wrong, an RLA has a known minimum chance, the RLA limit, of leading to a full manual tally”
– Philip B. Stark
“As with other elections audit, the goal is to identify not only intentional alterations of ballots
and tallies, but also bugs in election machines, such as software errors, scanners with blocked
sensors or scanners skipping some ballots. ” – Wikipedia
What is a Risk-Limiting Audit?
Open Source Voting System Project
12
Open Source Voting System Project
13
Tabulates &Convert to RAIRE
CVR(JSON)
Assertions(Json)
Raire(JSON)
RaireAssertion generator
Assertion visualizer
CVR(json)
Manifest(tab)
RLA Tool
Ballots to audit (CSV)
Manual Vote RecorderTool
Physical ballots
Dominion
MVR(json)
1
2
3
4
6
Audit results
7
Seed
8
Elections Dept
5
ShangRLA flow overview
Open Source Voting System Project
14
Next Step: Taking ShangRLA from Pilot to Product
Open Source Voting System Project
15
Phase I:
• Standardize on languages
• Transition out of Jupyter notebook
• Migrate from files to an RDBMS
• JSON is ill-suited for a system that has a natural entity-relationship model
• Build a test suite above and beyond unit tests
• Document
Phase II:
• Support for Multi-Contest auditing
• Integrate non-VBM Ballot auditing
• Enhance the UI
• ShangRLA is engineered to support various forms of contest beyond RCV
Acknowledgements
Open Source Voting System Project
16
CCSF would like to acknowledge the team effort:
RCV Team: Dr. Michelle Blom: Research Fellow, School of Computing and Information Systems, The University of Melbourne, AustraliaDr. Andrew Conway: CEO, Silicon Econometrics Pty. Ltd., AustraliaPeter Stuckey: Professor, Data Science & AI, Monash University, Melbourne, Australia
Vanessa Teague: Associate Professor, School of Computing and Information Systems, The University of Melbourne, Australia
RLA Team:
Dan King: ViewPoint Technology, San Diego Philip B. Stark:Professor of Statistics, Associate Dean, Division of Mathematical and Physical Sciences , Regional Associate Dean (Interim), College of Chemistry and Division of Mathematical and Physical Sciences, University of Berkeley, CA
San Francisco Digital Services
Digital Services update
Carrie Bishop
November 2019
Hello COIT! It’s been a while…
We launched a new website for the City!
In line with our design principles
1. Represent the diversity of the city
2. Celebrate our unique culture and progressive values
3. Be accessible and inclusive for all people
4. Reflect that the website is easy to use, efficient and reliable
5. Be flexible for the variety of services and content we offer
Done Doing To-doSearch
Service start
pages
Dept
homepages
News
EventsBranding
Homepage
Info pages
Single sign-on
for staff
Transaction
pages
Topics /
navigation
Translation
People info
pages
SEO
Analytics
Public
meetings
Content editor
for staff
Pattern library
Website progress
Emergency
info
By the new year
● Human translation implemented
● Ability to put forms online
Beyond
● Meetings, minutes and agendas
● Transactions online (digital permitting)
● Supporting more departments to move across
Thank you to the departments we’ve worked with so far!
● OCEIA
● OTI
● DPH
● County Clerk
● DPA
● Fire
● Entertainment Commission
We will be bringing an accessibility policy to COIT through APRB:
• 5th grade reading level
• Human translation
• Comply with the law and meet international
standards
We also moved 80 existing city websites to a new hosting provider.
We continue to support these existing websites.
Permitting –transactions online
We’re helping people get an ADU permit
And apply online
And connecting systems at the back end for a seamless customer experience
Case
management
Power BIPredictive
analyticsMeta-data
Digital
Forms
Document
management
Zone
checking
Appt.
booking
Payments
Unique Identifiers
Enterprise AddressSystem
Identity Access Mgmt
Electronic
SignaturesWeb
content
Fee
estimator
Status
trackingNotifications EPR
To support all of this work we are growing the team.
Into FY20/21
As we mature our services we must be able to support them. This means:
● Technical support (patches, fixes, updates)
● Customer support (public facing)
● Accessibility support (language translation, compliance)
● Content support (timely public information, legislative changes)
Questions?
7. Citywide Cybersecurity Policy
35
Background
Original Approval: November 17, 2016
Updated: June 19, 2018
2019 Update:
› Role of Department Information Security Officer
› Update to Requirement Timelines
› Emergency Support Function Unified Cyber Command
36
RequirementsThe COIT Cybersecurity Policy requires all departments to:
1.Appoint a Departmental Information Security Officer (DISO) or Chief Information Security Officer (CISO) depending on Department size.
2.Adopt a cybersecurity framework as a basis to build their cybersecurity program.
3.Support cyber incident response as needed in accordance with Emergency Support Function 18 (ESF-18) Unified Cyber Command.
4.Conduct and update, at least annually, a department cybersecurity risk assessment.
5.Develop and update, at least annually, department cybersecurity requirements to mitigate risk and comply with legal and regulatory cybersecurity requirements.
6.Participate in citywide cybersecurity forum meetings.
37
8. Cybersecurity Awareness & Training Standard
38
Background
Original Approval: October 27, 2017
Update:
› Defines role of Human Resources
› Help to improve citywide adoption
39
RequirementsUsers of CCSF information systems with access to critical systems shall participate in cybersecurity awareness training, including:
1. All users are required to take annual cybersecurity awareness training in the form of Computer- Based-Training (CBT) or instructor led workshops.
2. All new users are required to take mandatory cybersecurity awareness training in the form of the CBT or instructor led workshops.
3. Awareness reinforcement and additional training may be provided through newsletters, posters, phishing campaigns, screensavers, webcasts, workshops and national cybersecurity related events.
40
9. Public Comment
41