Nye County systems to undergo cyber vulnerability testing

The subject of cybersecurity had Nye County commissioners at odds with one another during the most recent commission meeting, with three voting in favor of approving free cyber vulnerability assessments and the remaining two set against the move, citing concerns that the action could possibly result in future expenses.

The cyber vulnerability testing is offered by the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. The item was brought forward by the Nye County Clerk’s Office and Nye County Clerk Sam Merlino explained the reasoning behind the request to order the cyber assessments.

“This is a first and you are all aware of the election security issues that everyone is worried about. This is basically a testing through the Department of Homeland Security,” Merlino detailed, remarking that many Nevada counties had already started the process themselves. “So we are one of the last to get this signed if we go forward and what it is, is to just test our vulnerabilities as far as our IT and cybersecurity, the whole thing. There is no cost and it’s just something they are offering to this state, to every county.”

Nye County Commission Chairman John Koenig added his take on the matter, noting that at a previous meeting of the Nevada Association of Counties there had been some discussion about cybersecurity.

“Sitting there listening to it, it was kind of scary,” Koenig said. “These guys can hack into your car and make it go faster or not stop at all, they can tap into your system, they can do ransomware so that all of a sudden, Nye County can’t get anything anymore unless they pay $20,000 or $30,000 or $100,000.”

Koenig said the recommendation was for all counties have some sort of assessment done, whether by a private company or through the federal government.

Nye County Commissioner Leo Blundo expressed some confusion about the item, stating, “I thought we had already approved, previously, organizations to do that through IT and the clerk’s office.”

Merlino explained that the state had indeed purchased the county an Albert Sensor, which notifies the county if someone is trying to attack its systems. The service on offer by the U.S. Department of Homeland Security, on the other hand, was geared toward finding any potential vulnerabilities in the system, before the 2020 election begins.

“To me, it’s in our best interest to have this done,” Merlino stated. “I don’t want to, after the fact, have someone accuse us of having been attacked.”

Still, Blundo was reticent, remarking that he was concerned about possible unfunded mandates that could result. Blundo added that it is easy to offer a “freebie” but it was always wise to be wary of the fine print that could be attached.

Nye County Commissioner Donna Cox appeared to agree wholeheartedly with Blundo’s thought process, asserting, “Nothing in this world is free and this could just be the beginning of something that is going to cost us a fortune.”

Merlino reiterated that a majority of the other counties in Nevada have already approved the service and no costs had arisen from that, also emphasizing that she would prefer to have any problems determined prior to the election.

Not moved, Cox said she was afraid that if the testing were done, that could open the door to a forced requirement to purchase a new system or program to deal with the vulnerabilities identified. “Is there any guarantee, though, that this is going to prevent anything? Or are they just going to tell us we are vulnerable and now we have to put in a system that is going to cost a couple million dollars?” Cox asserted.

When the motion to approve came to a vote, it passed 3-2 with commissioners Lorinda Wichman, Debra Strickland and Koenig in favor and Blundo and Cox against.

As described in the agenda item information, the service will provide cyber hygiene vulnerability scanning, risk and vulnerability assessment, remote penetration testing and phishing campaign assessment. Approval by the commission authorizes performance of continuous scans of public-facing networks and systems.

Contact reporter Robin Hebrock at rhebrock@pvtimes.com