Local Authorities Adjust to New State Cybersecurity Regulations

GRC
Local Authorities Adjust to New State Cybersecurity Regulations

Published:

Reading time: 3 min.

Ohio Enhances Cybersecurity Regulations for Local Governments

Ohio is stepping up to the plate in a bid to strengthen its cybersecurity landscape for local governments. A recent legislative push underscores the importance of protecting personal information while ensuring that critical services continue uninterrupted. With cyber threats becoming increasingly sophisticated, it’s clear that proactive measures are more important than ever.

The New Legislation

The new cybersecurity regulations were embedded within the first 40 pages of the state budget, highlighting the importance lawmakers place on this issue. As local authorities transition into digital records management—handling court documents, utility invoices, and tax papers—they find themselves guardians of sensitive personal data that cybercriminals often target.

Kirk Herath, Cybersecurity Strategic Advisor to Governor Mike DeWine, emphasized the seriousness of the issue. "Malicious actors, including both nation-state operatives and common criminals, exploit our modern infrastructure for their nefarious purposes," he warned. This alarmingly increasing trend of ransomware attacks underscores the necessity for robust cybersecurity measures.

Compliance and Reporting Requirements

Starting tomorrow, local governments that experience a cyber incident will be required to notify both the Ohio Department of Public Safety and the Ohio Auditor’s Office. This requirement establishes a clearer line of accountability and transparency. Additionally, the approval process for ransomware payments is undergoing significant changes: payments must be made public through a resolution from the governing council or board, thereby eliminating any secrecy around such transactions.

By January 1, county and city governments are required to implement comprehensive cybersecurity programs, which also include mandatory employee training. Other local entities will have until July 1 to align with these regulations.

Local Incidents Highlight the Need for Change

Recent cybersecurity breaches in West Chester Township and the City of Middletown have served as stark reminders of the vulnerabilities faced by municipalities. In fact, the City of Huber Heights declared a state of emergency late last year due to a ransomware attack. Such incidents disrupt essential municipal services and put citizens’ data at risk, ensuring that the new regulations are both timely and critical.

Responses from Local Governments

In light of these new regulations, representatives from various local governments have shared their insights and preparedness plans:

  • City of Huber Heights: "We are formalizing our existing processes into written policy. Major alterations are not anticipated, as we have already implemented nearly all law requirements post-incident."

  • Greene County: Administrator Brandon Huddleson mentioned, "We are modifying our existing Comprehensive Cybersecurity Plan to incorporate the new mandates, especially in incident reporting and ransom payment resolutions."

  • City of Dayton: Officials have expressed their commitment to robust cybersecurity, stating, "Our current program aligns with state standards and will evolve with further guidance."

  • City of Kettering: Preparation is in place with existing comprehensive cybersecurity frameworks needing only formal documentation updates.

  • Clark County: Administrator Jennifer Hutchinson noted, "This legislation merely codifies our ongoing practices," indicating long-standing preparedness.

  • City of Springfield: Communications Director Karen Graves outlined that they have proactively implemented multiple provisions of the new regulations to combat escalating ransomware threats.

Enhanced Protections Against Public Disclosure

Another layer of protection included in the new legislation is the exemption of various cybersecurity records from public disclosure mandates. This measure aims to deter cyber threat actors from reconnoitering potential targets, making it harder for them to plan attacks.

Conclusion: An Ongoing Commitment to Cybersecurity

As cyber threats continue to grow, the ramifications for local governance are undeniable. Ohio’s new regulations aim to fortify defenses while promoting transparency and accountability. The feedback from local governments indicates a concerted effort to adapt swiftly to these requirements, demonstrating a collective commitment to safeguard sensitive data and maintain the functionality of essential services.

Local authorities are keen to embrace these changes in a bid to bolster protections for public services and resident information, reflecting a proactive stance toward meeting the challenges of a digitally dependent era.

Stay Informed

For ongoing updates and breaking news related to this topic, consider downloading the Free WHIO-TV News app for instant alerts.

Related articles

Recent articles

New Products

Latest Updates

Popular

© Fullcirclecyber .com