Thursday, November 21, 2019

IS ANOTHER STARK CO TREASURY-ESQUE "CRISIS IN CONFIDENCE IN GOV'T"(2009) LOOMING ON CYBER SECURITY ISSUES?

REVISED BLOG ORIGINALLY PUBLISHED ON NOV 15


REGARDING STARK COUNTY'S CYBER SECURITY PLAN

We Stark Countians all remember hearing the revelation on April 1, 2009 that Stark County taxpayer money had been stolen from the county treasurer's office.

The fallout on elected Stark County officials was enormous.

A county treasurer ends up resigning, a county auditor is defeated for re-election and Stark County sinks into a deep, deep fiscal crisis that took the election of two new Stark County commissioners (Creighton and Bernabei) to institute the values of accountability, openness, official/citizen communication and transparency and thereby redeem the 2009-2011 loss of public confidence in county government.

One of the reasons we humans pay attention to history, is to decipher from history the error of our ways and to institute measure to ensure that similar matters do not go awry again.

The hot issue these days is cyber security of all of U.S. government (federal, state and local [and, yes, even Stark County, its cities, townships, boards of education, et al] included.

On October 8, 2019 the Stark County commissioners held an executive session with Stark County auditor Alan Harold regarding the security of Stark's cyber system(s).

On November 15th, the SCPR sent an inquiry to the Stark County commissioners, to wit:
Having read today a couple of articles on state and county cyber security (LINK 1) (LINK 2) (LINK 3), I am curious as to how on top of the issues presented in the articles are the Stark County commissioners and Auditor Harold's IT department. 
I realize threat the auditor's office is specifically responsible for Stark County IT security.  But I want to know from "the buck stops here" unit of overall county government the state of the commissioners' understanding of the potential for cyber problems in Stark County, whether or not preventative measures are in place and the degree to which the commissioners and Auditor Harold can assure the Stark County public that the county is as secure as "the state of the art" allows. Has there been within the last year a work session on the topic(s) raised in this e-mail. If so, when? If not, why not? If not, whether or not the commissioners think such a session is warranted?
Chief County Administrator Brant Luther's response:


The SCPR appreciates Administrator Luther's "assurances," but we all know that "the best laid plan of mice and men" often go awry.

The antidote?  Fundamental democratic-republican values of government accountability, openness, two way communication and, above all, transparency.

On October 8, 2019, Luther says, the commissioners did have an "executive session" on Stark County's cyber security preparedness.

But that is all we know and that is still all we know after the SCPR raised the issue of transparency in yesterday's meeting.

In the video, note that Administrator Luther asks for "specifics."

Apparently, he had forgotten that the SCPR had provided a specific line of inquiry.  In a follow up SCPR email to Auditor Harold (copied to Luther):
The SCPR cites you to a National Law Review article (LINK) which outlines 11 areas which local governments need to be addressing, to wit: 
Nonetheless, the commissioners "stood their ground" and would not discuss even non-sensitive information on Stark County's plan of preparedness to prevent cyber attack.

Anyone who knows the SCPR knows that this blog will be unrelenting in ferreting out those specifics of the plan that cyber experts agree on is appropriate for public dissemination.

The SCPR is of the opinion that the commissioners are being overly cautious in sharing information on Stark County's apparently, "in the works" cyber security plan.

REGARDING FEDERAL/OHIO/STARK COUNTY'S PLAN FOR ELECTION SECURITY

Cong. Anthony Gonzalez says he is for US/Ohio/Stark Co election security. () But what is doing to encourage support of the Paris Call () by US, Ohio and Stark County government entities?



Ransomware attacks on local governments can and have cost local governments huge payouts to ransomware attackers

Meanwhile, you and I are denied electronic access to our governments.

Recently, the Canton Auditor's Office was duped into paying an employee's paycheck to a spammer.

So for any local government official who thinks that the rest of Stark County government will not fall prey to hackers, spammers, phishers etc, out to think again.


Several months ago Ohio secretary of state Frank LaRose put out a press release (LINK) on his office's effort to provide Ohio with secure elections.

However, when the SCPR asked the Stark Co Board of Elections (Travis Secrest/Dir Jeff Matthews) for information what the LaRose directive would be implemented in Stark County, the BOE replied that the SCPR would have to ask LaRose, whom, of course, failed to answer the SCPR inquiry.

The public needs know at least an outline with as much specificity as is prudent to reveal in order to have a measure upon which to hold public officials accountable if their planning proves inadequate if not non-existence which seemed to be the case with the Stark County treasurer's office under then-treasurer Gary Zeigler.

The public having a ready accountability standard appears to be something that many elected/appointed public officials are deathly afraid of.

But they do not mind taking in their annual salaries.

No comments: