Madison Village government leaders will be creating a new cybersecurity policy to comply with a statewide mandate.
Village Fiscal Officer Kristie Crockett said she recently learned about that requirement while attending a local government officials conference in Columbus. She brought up the subject during Village Council’s regular meeting on March 23.
Crockett said local government entities such as townships and villages in Ohio must adopt and implement cybersecurity programs by July 1. Counties and cities had until Jan. 1 to accomplish that same goal.
Those deadlines were specified in Ohio House Bill 96, which was signed into law by Gov. Mike DeWine on June 30 of last year.
That law declares that legislative bodies such as village councils and township trustees must adopt cybersecurity programs that safeguard each community government’s “data, information technology, and information technology resources to ensure availability, confidentiality and integrity. ”
Crockett said she had gathered some samples of cybersecurity policies, and planned to work with Village Solicitor Joseph Szeman, Administrator Jason Chapman and Police Chief Troy McIntosh in putting together a specific plan for Madison.
The state law notes that each community government’s policy to prevent and respond to cyber attacks should cover topics such as:
• Identification of critical functions and risks
• Specifying mechanisms to detect potential threats and cybersecurity events
• Incident response procedures
• Measures for recovery and ongoing security
• Cybersecurity training requirements for all employees based on job duties.
In regards to incident reporting requirements, the state law lists these mandates:
• The Ohio Department of Public Safety must be notified no later than seven days after the incident is discovered
• The Ohio Auditor’s Office must be notified no later than 30 days after the incident is discovered.
The state law also requires that the legislative body of a community government must pass an authorizing resolution before paying a ransomware demand.
