What has happened to St. Paul, Minnesota “a large-scale cyber attack on Saint Paul that has led to a citywide service outage,” would be much more difficult for hackers to accomplish in McHenry County.
McHenry County Clerk and Recorder Joe Tirio allocated $1.4 million in funds from the Recorder’s Automation Fund to the help McHenry County fund IT infrastructure improvements.
I asked him what steps the money his office provided to protect all of McHenry County government and this is his reply:
“It is the policy of this office not to discuss specifics around our security practices.” he wrote.
“Having said that, we go through great pains to maintain tight security (cyber and otherwise) in our operations.
“We are subject to an annual audit from the state’s Cyber Navigator program.
“The most recent one was conducted a few weeks ago with no areas of concern or suggestions for remediation.
“Because the product of such an audit would reveal critical weaknesses, we take special care even when engaging in that audit.
“To give you some insight into how seriously we take security, let’s take a look at that audit exercise.
“We stipulate that the auditor bring their auditing tool (essentially a macro-enabled spreadsheet) on a USB drive.
“That drive is mounted in a specially outfitted laptop configured by county IT to prevent it from being connected to the network.
“The auditor conducts his audit, we (county IT and I) review and discuss the product of the audit with the auditor.
“That report is saved to the USB drive and it is handed to me.
“The laptop is wiped and reimaged.
“The auditor leaves with only a statement from me that the audit occurred on a particular date and time.
“I am told that McHenry is the only county that guards that report so closely, and we frequently get kudos from the auditors for our work to keep our information safe.
“By the way, that report is not subject to FOIA.
“Security is also a major factor when choosing to engage with vendors and selecting products.
“In choosing a vendor for our recent purchase of pollbooks, Knowink impressed us for a number of reasons, not the least of which was the priority they gave to security.
“Their pollbook is the only one to receive EAC (Election Assistance Commission) certification and has received many state certifications prior to the EAC creating their certification standard.
“Having been an IT Technical Director for what is now AT&T, I speak the language and understand the risks better than most lay people.
“We are also blessed with a very talented IT staff in our county.
“Having said all that, no one is invulnerable to attack and maintaining security is an ongoing process that requires constant vigilance against an unrelenting foe.
“I pray that we never are successfully breached, and I work with our resources to do our best to prevent it.”
