A 48-page outside assessment recommending improvements in Luzerne County’s Information Technology Department was presented to county council Monday.
County Acting Manager Romilda Crocamo had requested the review by the County Commissioners Association of Pennsylvania (CCAP) Technology Services Office in November after prior county IT director Mauro DiMauro told council the county was “on the brink of disaster” if it did not supply funding and resources. DiMauro later resigned.
In an email forwarding the completed assessment Monday, Crocamo said the administration is meeting to come up with a plan to implement the recommendations and will keep council updated.
“The administration wants to work with council to make sure that the county Information Technology Department provides the best services and protects this county asset.”
Related VideoThe association’s report highlighted several recommendations that “stand out as the most important to take action on as soon as possible.”
According to the assessment, these include recommendations for the IT department to:
• Develop and maintain a multi-year strategic plan for the county with an accompanying roadmap documenting all existing technology and when and how it must be replaced.
“The county doesn’t currently have an IT strategic plan, only short term annual strategic planning as part of the budgeting process,” it said.
IT has a lifecycle document through 2028, but it is maintained separately from the budget, planning and strategic planning processes, it said.
• Encrypt hard drives of all county work stations and laptops.
• Prepare an incident response plan detailing all steps that will be taken when a cyber incident occurs.
• Work to fully implement a technology security awareness program for workers that includes online training, posters, signs and emails.
• Review and update IT and cybersecurity policies and treat them as directives.
• Conduct regular external and internal penetration tests to “identify vulnerabilities and attack vectors that can be used to exploit enterprise systems successfully,” possibly working with the Pennsylvania National Guard to obtain an outside penetration test.
• Perform regular full backups of critical infrastructure and data, with encrypted copies kept locally and offsite.
• Create a banner reminder of county IT security policies that pops up when users log onto any county device.
Crocamo said these and other recommendations in the assessment provide “a road map of the much-needed improvements for the IT Department.”
“The county’s reliance on technology has reached new heights,” Crocamo said. “What is abundantly clear is that the county IT Department needs a long-term, strategic plan.”
As part of the assessment, CCAP Chief Information Officer Michael Sage visited the county Dec. 6 and 7 and met with DiMauro and other county IT staffers to perform a “general overview of the technology posture of the county.”
In the November presentation that sparked the outside assessment request, DiMauro had asked council for $3.1 million from the county’s $113 million American Rescue Plan earmark.
His requests included a $970,000 virtualization infrastructure upgrade. He said only one more $40,000 maintenance extension is possible through October 2022, and this system “runs the entire county.” It will take nine months to purchase and switch to a new system, and failure to act would force the county to return to “manual processing on paper,” he had said.
Another request was $425,000 for cybersecurity enhancements that DiMauro said were necessary to comply with liability insurance requirements, including stepped-up identity requirements for employees accessing email.
Council is set to vote Tuesday on an American Rescue earmark of up to $2.463 million for IT hardware, software and services, including $425,000 for cybersecurity and the $970,000 virtualization infrastructure upgrade, the agenda said.
Crocamo is still reviewing options to replace DiMauro, who resigned effective Dec. 16 after citing a lack of staff and resources. A council majority agreed to fund three additional IT department positions this year, which means the department is now approved for 12 positions.