A 48-page external assessment recommending improvements to Luzerne County’s information technology department was presented to the county board on Monday.
Acting County Executive Romilda Crocamo had requested the review by the Pennsylvania County Commissioners Association’s (CCAP) Technology Services Office in November after the county’s former CIO, Mauro DiMauro, allegedly told the board that the county was “on the brink of disaster” if it did not provide funding and resources. DiMauro then resigned.
In an email conveying the completed assessment on Monday, Crocamo said the administration is meeting to develop a plan to implement the recommendations and will update the board.
“The administration wants to work with the council to ensure that the county’s information technology department provides the best services and protects this county asset.”
The association’s report highlighted several recommendations that “stand out as the most important ones that need to be acted upon as soon as possible.”
According to the assessment, these include recommendations for the IT department:
• Develop and maintain a multi-year strategic plan for the county with a roadmap documenting all existing technologies and indicating when and how they should be replaced.
“The county does not currently have an IT strategic plan, only annual short-term strategic planning as part of the budgeting process,” he said.
IT has a lifecycle document through 2028, but it is maintained separately from budget, planning and strategic planning processes, he said.
• Encrypt the hard drives of all county workstations and laptops.
• Prepare an incident response plan detailing all actions that will be taken when a cyber incident occurs.
• Work towards the full implementation of a technology safety awareness program for workers that includes online training, posters, signs and emails.
• Review and update IT and cybersecurity policies and treat them as guidelines.
• Regularly perform external and internal penetration testing to “identify vulnerabilities and attack vectors that can be used to successfully exploit enterprise systems,” possibly working with the Pennsylvania National Guard to obtain penetration testing. external intrusion.
• Perform regular full backups of infrastructure and critical data, with encrypted copies kept locally and offsite.
• Create a county IT security policy banner that displays when users log in to any county device.
Crocamo said these recommendations and others in the assessment provide “a roadmap of much-needed improvements for the IT department.”
“The county’s reliance on technology has reached new heights,” Crocamo said. “What is abundantly clear is that the county’s IT department needs a long-term strategic plan.”
As part of the assessment, CCSI Chief Information Officer Michael Sage visited the county Dec. 6-7 and met with DiMauro and other county IT staff to conduct a ” general overview of the county’s technological situation”.
During the November presentation that triggered the request for an external review, DiMauro had asked the board for $3.1 million of the county’s $113 million U.S. bailout package.
Its demands included a $970,000 virtualization infrastructure upgrade. He said only one additional maintenance extension of $40,000 is possible through October 2022, and that this system “runs the entire county.” It will take nine months to buy and switch to a new system, and failure to act would force the county back to “manual, paper-based processing,” he said.
Another request was for $425,000 for cybersecurity improvements that DiMauro said were necessary to comply with liability insurance requirements, including enhanced identity requirements for employees accessing email.
The Board is expected to vote Tuesday on an allocation of up to $2.463 million to American Rescue for computer hardware, software and services, including $425,000 for cybersecurity and upgrades to American Rescue’s virtualization infrastructure. $970,000, according to the agenda.
Crocamo is still considering options to replace DiMauro, who stepped down Dec. 16 after citing a lack of staff and resources. A majority of the board agreed to fund three additional positions in the IT department this year, meaning the department is now approved for 12 positions.