CEDAR RAPIDS — As national debate over cybersecurity and the ubiquitous threat of hacking persists, officials in Linn County are taking steps to fortify their own defenses.
On Wednesday, the Linn County Board of Supervisors approved an acceptance letter authorizing the National Cybersecurity and Communications Integration Center to conduct continuous network and vulnerability scanning on county networks and systems.
Starting in 2017, the center, which is part of the U.S. Department of Homeland Security, has offered municipalities free cyber security program — including phishing campaigns, penetration testing, continuous monitoring and education.
“We’re getting some pretty good resources from the Department of Homeland Security passed down to us at no cost,” said Phil Lowder, Director of Linn County’s Information Technology department. “These programs would help us assess risks and vulnerabilities and strengthen our defense.”
Lowder added that the threat of hacking exists for everyone, including local governments.
“It’s a thing to come and it’s not going away. It’s only going to be more persistent,” he said.
Nationally, cyber security has become a household topic following reports of hacking of the Democratic National Committee leading up to the 2016 election. U.S. intelligence agencies have since concluded that Russian interference took place during that campaign.
In addition, the Department of Homeland Security reported that Iowa was one of 21 states targeted by Russian hacking attempts in 2016.
ARTICLE CONTINUES BELOW ADVERTISEMENT
“Although there was supposedly no penetration of the system, nonetheless we think they will be back,” Linn County Auditor Joel Miller, who spoke in favor of Wednesday’s cyber security votes, said Wednesday.
Followed a voter data incident last year in which about 216,000 Linn County voters’ Social Security numbers were accidentally released, Miller retained Coralville-based cybersecurity firm ProCircular to review the county’s voter registration and election system.
Also on Wednesday, supervisors passed a resolution making certain documents relating to the county’s technology infrastructure — such as IP addresses, security procedures or network topology — confidential in regard to public records requests.
“Someone could use that insider information to have a better knowledge of how to break into our system,” Lowder said.
Lowder said the county has not received any requests for such data so far.
While the state this year made a similar update to Iowa’s public records law, the county ordinance further strengthens the local rules, Lowder added.
“We wanted to make it crystal clear and transparent,” he said.
l Comments: (319) 339-3175; firstname.lastname@example.org