DES MOINES — Iowa senators voted overwhelmingly Wednesday to clearly put counties in charge of their courthouses after chastising Judicial Branch officials for conducting ill-conceived “penetration tests” via a cybersecurity contractor in Dallas and Polk counties last year that resulted in arrests.
“Counties have custody and control of their facilities, not the courts,” said Sen. Zach Whiting, R-Spirit Lake, in floor-managing a bill that passed the Senate 45-1. “Senate File 2394 makes the county auditor the person who has custody and control of the courthouse subject to the direction of the county board of supervisors.”
Wednesday’s action became necessary, said Whiting, due to an incident last September in which two employees of a Colorado-based company were arrested on burglary charges related to a penetration test at the behest of court officials seeking to assess technical and physical security flaws that could put data at risk.
The two employees of the Coalfire cybersecurity firm were charged with third-degree burglary and possession of burglary tools after they tripped an alarm at the Dallas County Courthouse in Adel early last Sept. 11 but the counts were later dropped. The company also had performed similar “pen tests” on the Polk County Courthouse and Judicial Building.
Former Iowa Supreme Court Chief Justice Mark Cady, who died last November, had appeared before a Senate committee last fall to apologize for the incident, though break-ins were never intended to be part of the security testing.
Whiting said someone could have been injured, shot or killed because no county or law enforcement agencies were contacted in advance of the early-morning testing, which he described as a contract by the judicial branch to “create a crime” against county governments.
“I cannot, will not sugarcoat what happened and why we’re taking this dramatic step in considering this bill,” Whiting said. “It’s troubling. It’s stupid, it’s dangerous and it’s irresponsible.”
ARTICLE CONTINUES BELOW ADVERTISEMENT
“The goal of this legislation is to address the ambiguity and the question of who control the courthouses. Spoiler alert — this bill leaves no ambiguity. We are sending a very clear message with this bill — it very clearly states that it’s the counties and indeed the taxpayers of the county who owns, maintains, operates and provides security for the building. Not the judicial branch of state government,” he added.
The bill now goes to the House for consideration.
In other action, the Senate voted 46-0 to create criminal penalties for elder abuse in Iowa. SF 2341 has offenses ranging from simple misdemeanors to Class D felonies and sizable fines for assault, theft, abuse or financial exploitation of someone aged 60 years or older.
“It’s one of the most under-recognized problems in the United States,” said Zach Nunn, R-Altoona, who noted state officials received 8,195 reports of alleged adult abuse in 2018. “The important aspect here is we are treating elder abuse in the same way we treat abuse for any other class.”
Also Wednesday, senators vote 28-17 along party lines to prohibit state and local political subdivisions from spending taxpayer money as payment to criminals, hackers, terrorists or other bad actors responsible for ransomware attacks. Exceptions were made for cases of critical infrastructure or emergency situations.
SF 2391 includes proactive measures that include cybersecurity training, software and mitigation strategies to be in place by July 1, 2021, to minimize situations where hackers use malware to take control of the user’s critical data and hold the governmental entities hostage until ransom is paid, Nunn said. He added that the approach requires consultation with state and federal law enforcement agencies in a statewide response effort.
Comments: (515) 243-7220; firstname.lastname@example.org
05:51PM | Wed, March 11, 2020
05:16PM | Wed, March 11, 2020
04:02PM | Wed, March 11, 2020