Following a rippling cyberattack on Suffolk County in September, the East Hampton Town Board announced Tuesday that it is fast-tracking upgrades to its own computer systems.
Heath Liebman, network and systems administrator with the town’s Department of Information Technology, described to the board a complex plan to strengthen security. His department, he said, will deploy “managed detection, managed risk, and managed security” systems, and also implement “hybrid” backup for town data, both on-site and in the cloud.
This will “strengthen our disaster-recovery plan,” said Mr. Liebman, while allowing any lost data to be restored quickly, minimizing computer downtime, and providing round-the-clock protections against a would-be hacker. “We will have full backup, onsite and also offsite,” he promised.
The upgrades, he said, will also reduce the operational burden on IT staff, who can instead “leverage the expertise and resources of a solution-provider, who will have the experience and familiarity of protecting government-sector resources.” Better yet, he told the board, premiums for the town’s cybersecurity insurance coverage will decrease.
Mr. Liebman stressed that until the data is moved off-site, the town will never be truly protected from cyberattacks. “Storing backup data on a server in a physical location renders it vulnerable to fire, flooding, or similar disasters,” he said in written material submitted with his presentation.
A successful hack could have “devastating consequences,” he warned. Lost data would mean lost revenue and lost productivity, not to mention the loss of public trust. Storing data in the cloud “means that when a cyberattack occurs or disaster strikes, we can restore our data quickly and keep the town running.”
“Data protection is not a one-time event,” Mr. Liebman noted in his accompanying memo. “It’s an ongoing system of interconnected processes. Cloud solutions ensure that these processes run smoothly, which minimizes the risks and costs to downtime.”
As for in-house staffing, he argued that “the IT staff can be a major source of competitive advantage,” but said the advantage is blunted when personnel are burdened with creating manual backups. “Traditional methods of data
backup are time-consuming and tedious,” he wrote. Cloud-based solutions, in contrast, “shift the burden to your provider.” Most such services are available on a subscription basis, he said, with “round-the-clock support and regular reporting.”
Utilizing the services of a cloud backup provider also provides access to the latest technology and infrastructure, said Mr. Liebman. And, the provider can “take care of any regulatory requirements that govern your data to ensure compliance and privacy.”
“Cloud solutions, when running smoothly, are incredibly efficient,” Mr. Liebman concluded. “These solutions will give us an advantage in our cybersecurity posture at this time.”
Town Supervisor Peter Van Scoyoc, in speaking to his colleagues on the board, stressed the critical need to protect the town’s data with all due haste in light of the cyberattack on the county’s computers. That incursion, he said, had “trickled back down to us,” and said it was urgent to “fund these efforts now, rather than wait for the completion of our regular capital plan.” When the county systems went down, for example, payments to local nonprofits that rely on county funding were delayed.
Mr. Liebman spelled out the robust cybersecurity enhancements ahead — now funded, via a resolution passed by the board on Tuesday — after earlier telling the board his department was moving forward to improve the town’s website, so that East Hampton residents will be able to, for example, provide documentation, pay fees, and submit forms “without the need to come into town offices.”
His staff considered five proposals, he said, and has settled on a company called OpenGov, whose product he described as “extremely user-friendly,” given the “simplicity of the interface.” He said several community members had been brought in for a test run and were “greatly impressed.”
The town board then resolved to contract with OpenGov, and also to spend $865,000 on computer software and hardware for the cybersecurity upgrades, to be financed through a bond authorization.
The town’s 2022 capital plan, passed in March, earmarked $515,000 for a web portal online system, and set aside other money for the new user-friendly portal mentioned by Mr. Liebman. The capital plan did not include funding for enhanced cybersecurity, but that was before the attack on the county computers, which put municipalities across the region on high alert..