County Officials Approve Encryption Contract
The Tewksbury, Massachusetts Police Department got national headlines this week after it was forced to pay a $500 ransom to hackers who held the department’s data hostage. Lawmakers in Essex County are taking steps to make sure that — or worse — doesn’t happen to them.
The Essex County, New York Board of Supervisors voted unanimously this week to obtain an encryption service for the county’s computers.
The $7,500 contract will encrypt all portable devices linked to the county’s servers. According to the Plattsburgh Press Republican the software can wipe missing laptops and restore functions when returned. The Board of Supervisors voted to buy the software at their last meeting.
Newcomb Supervisor Rep George Canon says they are trying to be proactive. “We’re trying to stay ahead of the curve. There isn’t any question that a lot of the information, private information, is included in some of our county records and we certainly want to make sure none of our computers can be attacked or picked on. The contractor that our county manager was able to run down or find meets all federal guidelines, as I understand it, and exceeds them. Of course one of the things we’re concerned about is our health and safety records. That’s an import thing to be kept private. That’s the whole deal, to protect ourselves a little bit against cybersecurity.”
Keene Supervisor Rep Bill Ferebee is Vice-Chair of the Board of Supervisors. He notes that there has been some encryption, but this will now extend to portable devices. “We have a number of employees that will use their personal device, whether it be their cell phone or their laptop. So this is to prevent any county information from being able to be taken off their personal electronic devices. I think the fear is that a person loses their device then someone else could take their device and gain entry to the county system. I mean I have a cell phone I use more than I do my desktop at work now because it’s easier for me, you know, in downtime. When I’m riding in the car with my wife or if I’m home I’m just continually doing town work because there’s no distractions and honestly in an eight hour day you can’t get everything done anymore.”
The supervisors relied on the county manager’s expertise regarding obtaining an IT encryption system. The minutes for the March 30th Ways and Means Committee meeting show that Dan Palmer explained to Vice Chairman Tom Scozzafava that personal computers and tablets are carried outside of the county facility, especially by Health Department employees for home health care visits.
Palmer, unavailable for comment Wednesday, stated “I’ll carry my own laptop in, put county files on that laptop and leave and it happens all the time. In Public Health that happens a lot they carry tablets and all those kinds of things, those machines are going out.”
He also explained that one of the most common devices, and one of the most vulnerable to attack, are mobile phones. “Phones can actually access county network if they know the passwords..... so you have to have a way to assure that if they do ...and if they pull any county data it’s going to be encrypted.”
Scozzafava, Moriah Supervisor, is Vice Chair of the Ways and Means committee. “It can happen. Look at Target. Look at Blue Cross Blue Shield. So can it happen? Absolutely. How worried am I about it? To be honest until this issue came up I really didn’t give it a whole lot of thought. But Dan’s our IT person. He’s the county manager. He feels that this is something that the county should have in place. That’s why we supported him. It’s a whole new world out there. Everything’s on an IPad. You go to the doctor, your whole medical history now is put into a laptop. It’s all electronic. The unfortunate part of all this is that all this electronic information can be breached.”
The contract with IBM follows state contract guidelines.