Money allocated to test cyber defenses
GREENWICH — The Board of Estimate and Taxation has authorized spending $23,000 to strengthen town cyber defenses in what is expected to be the first step in an ongoing effort.
The allocation, to come from funds already budgeted to the Finance Department, will focus on identifying potential weaknesses in the networks used by the libraries and Board of Education. An allocation of $150,000 will be available July 1 for additional security work, part of the 2019-20 budget approved Monday night by the Representative Town Meeting.
The work will be done by Cyber Defenses, which works with the town’s Information Technology Department on cyber security. Part of the examination will involve penetration testing in which an authorized, simulated cyber attack is performed to evaluate the strength of existing security systems.
The money for a beefed-up cyber defense comes after a reported breach of the Greenwich Public Schools’ system. No details have been released but officials have said it was a potentially extensive violation. The Greenwich Police Department is investigating the incident.
“This is a permanent initiative,” said Tom Klein, head of the town’s IT Department. “I don’t see this as a situation where we say, ‘Oh we did this and now we’re done.’ This is the beginning and it will continue.”
Klein is part of a task force looking at the town’s cyber security, led by town Director of Risk Management Megan Damato. It is expected to issue recommendations for improvement as part of the work with Cyber Defenses.
The initial testing is expected to be wrapped up by June 30 with more starting July 1 at the start of the new fiscal year. Given the small window of six weeks, Klein said they wanted to keep focused on specific priority areas before going broader in July for “a more thorough review” in which network’s including the Police Department’s will be looked at.
Damato said the process will start with questionnaires going out to the Board of Education and libraries so Cyber Defenses can gather background information.
“This will allow them to better target what they need to do penetration testing for,” Damato said.
There will also be some work performed at Nathaniel Witherell during the six weeks. While Witherell’s computer system is on the town network, it’s Wi-Fi is contracted through a separate provider.
“I’m not concerned with their network, I am concerned with their Wi-Fi,” Klein said. “We just put the Wi-Fi in there.”
BET member Jeff Ramer questioned why the library is being looked at as opposed to an entity such as the town Finance Department.
“I don’t think of the library having a lot of sensitive data,” Ramer said. “Whereas something like finance or the police or parks and recreation would have a lot of chance for mischief.”
Klein said that systems like finance and parks and recreations are “under the umbrella” of Town Hall, which is what his department covers. He said they have already been working with Cyber Defenses and department heads on those areas, particularly the Parks and Recreation Department.
“We have locked that down significantly,” Klein said.