IT concerns dominate supervisors’ agenda
BY BROOKS TAYLOR
Mt. Pleasant News
Information technology (IT) items dominated the over three-hour meeting of the Henry County Board of Supervisors Thursday.
Supervisors heard a presentation from a local firm on the maintenance of the county’s computer hardware and from a national firm regarding cyber security.
EZ PC Solutions of Mt. Pleasant told the supervisors that it could manage the county’s IT system, monitor computers 24/7, back up data and provide anti-virus support.
“We tailor our services to your needs,” noted Trent Robertson, co-owner of the firm. “We have quite a few clients in Mt. Pleasant already. We know that no matter how great the technology is, something will go wrong.”
Robertson and his co-owner, Nate Folker, each have about 15 years of experience in the field. Robertson and Folker are the lone employees of the company.
“Do you design your services around what we need?” asked Marc Lindeen, supervisor vice chairman. “The problem is that I don’t know what we need.”
Folker said the company would do an audit of the county’s IT system and go from there.
EZ PC Solutions said its fee would be $6,500 per month for basic service and $10,000 monthly for expanded service.
Currently, the county employs Derek Wellington to handle its IT needs. The county also has received software and application support for several decades from Solutions for Computer Service of Spencer.
County department heads have lobbied the board for cyber security for their computers for some time. On Thursday, the board discussed the matter with RSM, an international cyber security company with offices throughout the United States. In addition to its customers in the United States, RSM has many overseas clients. Scott Leonard, from the company’s Cedar Rapids office, and Bryan Nelson from RSM in Burlington handled the presentation in person. Autumn Hurley, an RSM manager of security and privacy headquartered in Waterloo, participated by telephone.
Supervisor Chairman Gary See said the purpose in asking for a proposal was so the board could get a better handle of where county computers stood in terms of cyber security. “We would like to have a barometer on where we are regarding security,” See told the group. “Are we sufficient or do we go up?”
County Assessor Gary Dustman said the county computer system never has had a cyber security assessment and county officials also have questions regarding backup potential. “We are not sure our backups are there. We don’t know if our machine blows up whether we have another machine that we can start up again.”
“We want to know if our system is sufficient or has loopholes,” added County Recorder Shirley Wandling.
“We do a lot of advising to help clients through issues they may have,” Leonard told the board. “We help clients maintain their infrastructure. RSM focuses a lot of attention on how you can better serve your citizens.”
Hurley said the assessment targets vulnerabilities. “We take a look at where vulnerabilities may exist and what information can be accessed,” she said. “We base our services on a fiber security assessment and put together a framework. We discuss with you where you want to be in the future and develop a road map for getting there.
“Security and privacy are where we would start,” Hurley continued. “We have seen an increase in compromised websites. We determine what we can do moving forward so this doesn’t happen again.”
Although no cost figures were discussed as Hurley said she would draft a proposal with costs, RSM’s brochure lists an approximate cost of $11,000 for a vulnerability assessment.
With the knowledge and information gained from the vulnerability assessment, RSM can do a network/application exploitation. During that, RSM will identify and test potential vulnerabilities/entry points to obtain access to the network or applications.
Approximate cost of the network/application exploitation is listed at $15,000 on the RSM brochure.
“There are a lot of areas that we can focus on,” Leonard stated. “We can do an IT assessment and see if there are gaps and deficiencies.”
Leonard quickly added that today’s “hackers” are very proficient and persistent. “If they (hackers) want to get some information, you still have a vulnerability.”
“The most important thing is determining your vulnerability from the outside and what you can do to remediate those issues,” Hurley explained. “We make an overall assessment rating of the internal network. It’s up to you what your areas of concern are initially.”
Lindeen agreed with the approach. “I like the idea of a vulnerability assessment and then deciding what to do.”
Hurley said the vulnerability assessment would take about a week and an internal on-site network assessment would last about three days.
She said she would put together a formal proposal including cyber security.
The board said it was looking at making a decision on how to proceed by the end of the year.
Supervisors will meet again in regular session Tuesday, Nov. 22, at 9 a.m., in the courthouse.