NORTH CANTON: Adjustments to Cybersecurity Policies Under New Legislation
NORTH CANTON ‒ In response to a newly enacted state law, local officials are undertaking measures to establish a formal cybersecurity policy. This legislation mandates that municipalities maintain written protocols, and any financial dealings with ransomware perpetrators must receive approval from a legislative body.
The City Council is scheduled to deliberate on cybersecurity legislation on October 27. This urgent measure is poised to be implemented immediately and will empower the mayor to initiate standardized cybersecurity practices.
“Municipalities are increasingly becoming targets,” remarked David Metheney, Ward 2 representative and chair of the Personnel and Safety Committee, during a recent assembly. “Without adequate security, their sensitive information is at risk.”
Jason Segedy, the deputy director of administration, emphasized that the intent of the legislation is to codify the city’s existing cybersecurity measures, ensuring compliance with state requirements.
Segedy noted that the city has proactively exceeded baseline state mandates to shield its data and technological infrastructure from cyber threats.
Over the past two years, North Canton has engaged AtNet Plus of Stow, which has been instrumental in managing its cybersecurity frameworks and IT consulting.
“We’re quite assured in the robust procedures we’ve structured,” Segedy declared. “This initiative serves to formalize our approach and document it.”
Mayor Matt Stroia indicated that, to his knowledge, North Canton has thus far avoided falling victim to any ransomware assaults.
The prospect of paying a ransom to recover compromised municipal data prompted an uncertain response from Stroia. “It’s a challenging question to resolve,” he admitted. “Fortunately, we’ve never been in that dilemma.”
City Council Clerk Liam Ott stated that, concerning state obligations, “I don’t believe there’s anything we have not already implemented.”
Ohio’s Newly Enacted Cybersecurity Protocols
The state budget bill, which the General Assembly ratified in late June, mandates Ohio’s municipalities and counties to formulate a cybersecurity program by January 1. This program is intended to protect data and information technology assets.
Essential components of the mandated cybersecurity framework include the establishment of systems capable of “detecting potential threats,” procedural responses to cyber incidents, and the provision of cybersecurity training for city personnel.
The statute further stipulates that no municipal authority may fulfill ransom requests to regain access to encrypted or locked data without prior approval from its governing council. Any endorsement of ransom payments must justify its necessity for the city’s benefit.
In the event of a cyber incursion, municipalities are required to inform Ohio’s executive director of the Division of Homeland Security and the state auditor.
This legislation also provides confidentiality for documents pertaining to a city’s cybersecurity program and reports on incidents of cyber or ransomware breaches, sparing them from being classified as public records.
“One can appreciate that a hacker would seek insight into our protocols,” Segedy remarked. “Thus, this safeguard from the state is prudent.”
Source link: Yahoo.com.
