An item that wasn’t even on the agenda dominated this months meeting of the McLean County Finance Committee. The item was not on the agenda because the Finance Committee didn’t get the information 48 hours in advance of the meeting. Sunshine laws require agendas be available to the public 48 hours before a public body meets. As a result a “Stand Up Meeting” of the Finance Committee will be required next week.
The item was the counties insurance policies. Christopher J. Spanos, First Assistant States Attorney, Civil Division was not able to get necessary information regarding renewing the counties policies to the Finance committee until Wednesday. Consequently the “Stand Up Meeting” will be held before the County Board meeting on Thursday February 16.
County Administrator Cassy Taylor advised us these policies included items like General Liability, Property, and Cybersecurity. The price for these policies this year is $1.51 million. That price represents a 16.8% increase. Most of the discussion at the meeting involved cybersecurity insurance.
County Board Member Chuck Erickson explained, “We do this every year and we ty to make sure that we have good insurance for the county. And we are just trying to make sure we get the best insurance at the best rate. And the issue was brought up, what about cyber insurance? Do we have enough coverage?”
Taylor described the situation, “Our coverage in the past was $1 million. It currently is $3 million and there was some discussion on whether we would want to increase that to $5 million or more up to $10 million of coverage specifically for the cybersecurity insurance.”
According to Taylor, “The National Association of Counties is recommending more for coverage” and that is where the $5 million number came from.
The discussion certainly has merit.
According to a November 28, 2022 article in the New York Times, “Since 2017, more than 3,600 local, tribal and state governments across the country were hit by ransomware hackers, according to the Multi-State Information Sharing and Analysis Center, an organization that seeks to improve the United States’ cybersecurity posture.”
The Times wrote the 2022 article after an attack on New York’s Suffolk County that sent the organization “back into the 1990s after a malicious ransomware attack forced it largely offline.” ““We are going to revert to 1990,” Ms. (Lisa) Black (Chief Deputy County Executive) said, describing the thinking at the time. “We are going to teach millennials what a fax machine was,” the newspaper wrote quoting Black.
Going back to the 90’s also meant, “Emergency dispatchers taking down 911 calls by hand, unable to use their geolocation technology for callers” according to to the Times. The article also described, “Police officers radioing in crime scene details, rather than emailing reports to headquarters.”
According to the Times report, “After the attack, Mr. (Steve) Bellone (Suffolk County Executive) increased the county’s 2023 operating budget by $9 million to fund cybersecurity measures.” Suffolk County has a population of 1.53 million.
“Today, some services in Suffolk County are still scrambled, with no real sense as to when they will be fixed,” the Times wrote almost three months after the attack.
A November 21, 2022 article by Security Week revealed the County of Tehama, California, had, “started informing employees, recipients of services, and affiliates that their personal information might have been compromised in a data breach.”
Security Week wrote, “The incident, Tehama County says, was identified on April 9, but the investigation into the matter stretched to August 19, when it was determined that personally identifiable information (PII) was compromised.”
The investigation revealed that an unauthorized third-party had access to the county’s systems between November 18, 2021, and April 9, 2022, and that files on the county’s department of social services systems were accessed,” according to the article.
“Compromised information included names, addresses, birth dates, Social Security numbers, driver’s license numbers, and details about the services that the impacted individuals might have received from the social services department,” Security Week said.
The periodical also stated, “The stolen data reportedly includes financial details, human resources information, payroll files, PII, IDs, birth certificates, incident reports, Covid vaccine cards, medical information, insurance information, criminal record documents, and other confidential documents.”
Unfortunately due to the item not getting on Wednesday’s Finance agenda, the general public was not aware the subject would be discussed and some may have missed an opportunity to speak during the public comment portion of the meeting. According to Taylor, the item could not be delayed until next month because the current insurance policies are expiring soon.
The public is also not able to hear a “Stand Up” meeting because it literally occurs with members standing around the dais before the regular board meeting.
Taylor told us, We try to avoid having “Stand Up” meetings before a county board meeting and we do everything we can to avoid a stand up conversation.”
Taylor said that, “If there are citizens that would like to comment on this item I would recommend that they review the You Tube of this particular meeting and they submit those questions to County Administration and I can work with our Civil States Attorney to get those answered and we can provide those answers to them prior to the county board meeting and then they could also come to the county board meeting.”
