CLEARFIELD – In January Clearfield County Government was hit by a cyberattack, and continues to add layers of protection from outside threats.
During Tuesday’s board meeting, the commissioners unanimously voted to approve the purchase of three, separate software packages.
They approved Duo Access for all county computers/users and Nessus Professional software for the county network pending final review.
The commissioners also approved the purchase of NinjaRMM software for all county computers.
According to IT Director Adam Curry, the county recently had a cyber penetration test done on its computer network.
Because it was hit by a cyberattack back in January, the test scanned the county network for any possible vulnerabilities.
“Overall, our score was pretty good,” Curry said, noting some ideas were still given to further protect its computer network from outside threats.
Duo Access
Curry said Duo Access is a two-factor authentication software application that will be enacted on all county users/computers.
He said it’s an extra layer of security that ensures that the people trying to login are who they say they are.
He said Duo Access will require anyone accessing the county network, e-mail, etc., to also enter a code sent via text/e-mail or by phone.
The cost for Duo Access is $5.67 per user per month, so the overall annual cost to the county is roughly $17,000 for 250 users.
NinjaRMM
Curry said NinjaRMM is a remote managing and monitoring application that will be installed on every county device and the network.
He said it will generate status reports for every computer, and if there are any software patches, especially for applications with known vulnerabilities.
“In other words, it’s another IT staff,” Curry said, “and it will manage our computers and notify us if we have any computers out of date.”
For example, he said, computers can be updated or forced to reboot remotely. “Remote management is our eyes for 280 devices.
“… It’s a one-stop shop for us. We can update them all at one time, instead of having to go to each one.”
The cost for NinjaRMM is $2.20 per device per month, and so the overall annual cost to the county is $7,392.
Nessus Professional
Curry said Nessus Professional will conduct cyber penetration tests and scan the county’s entire computer network for deep vulnerabilities.
He said the NinjaRMM an Nessus will work hand-in-hand, as Ninja RMM is for software vulnerabilities and Nessus is for hardware vulnerabilities.
With Nessus, he said, anytime a scan detects a vulnerability, it provides steps to troubleshoot and resolve the issue.
The cost for Nessus – including technical support – is $3,390 annually, and there’s no limit on the number of devices.
“… We got hit in January and what’s been learned is defense in depth,” Commissioner Dave Glass said.
“No one thing can ever adequately protect the system. Nothing is fool proof in cybersecurity.
“However, by having these layers, we’re going to try our best to keep them out of our system.
“If they get in our system, we’re going to try our best to isolate them, but if they defeat that, we got software to detect them much quicker.
“We can’t sit here and say there won’t be another breach … but we’re much, much safer and more aware of what we’re up against than we were.”