AUBURN — The city’s technology infrastructure will be under some scrutiny as it has been 10 years since any cybersecurity assessment has been completed.
Cary Dodenhoff, information systems director for the City of Auburn, came to the Auburn Board of Works and Public Safety Thursday asking for approval to have a cybersecurity assessment completed.
He said the standard practice on assessments varies, but it is something that should be done every three to five years.
“Our last one was 10 years ago,” he told the board to his best knowledge. “I find it alarming that it has been 10 years. If we were a financial institution, this wouldn’t have happened.”
Dodenhoff presented two quotes, one from a cybersecurity company and one from Purdue University, who would perform the service for free, with help from a National Security Agency grant.
Before making a motion to accept the free service from Purdue University, Board member Herb Horrom said, “Personally, I am alarmed at how long it has been since this has been done.”
With that motion, the board unanimously moved to accept the assistance from Purdue University.
The assessment will look at the city’s entire computer network and systems over the next couple of months and present their findings toward the end of the year.
Dodenhoff said Purdue University is somewhat new at doing these assessments, but he believed this would be a starting point. He went on to say that the city could look at having a commercial company come in and do a smaller assessment in a year or so.
With the issues tied up, Dodenhoff addressed other security issues.
In reviewing the city’s network policy, which is distributed to all employees, he found the last revision to the document was 2006.
In reviewing it, he said there was one policy that needed to be changed immediately to stay in compliance with the State Board of Accounts. The current policy is that all passwords for the city’s networks must be six characters.
He said that is no longer the case and passwords today must be stronger.
In discussing this issue, Board member Danny McAfee asked Dodenhoff if he would look at making other revisions to the document.
Dodenhoff said he has begun the process of going through the document.
The request to strengthen the city’s passwords was approved.
With that, the board also approved $1,500 for 15 additional software licenses which will help collect passwords for those city employees who have access to multiple networks, which require the longer passwords.
Gloss