A Mount Vernon resident raised concerns during the city council meeting on September 22 regarding a proposed cybersecurity ordinance. The ordinance, presented by Knox County Chief Information Officer Kyle Webb, was criticized for having significant gaps, particularly in light of the city's handling of a ransomware attack in 2022.
According to a video of the meeting, Joshua Morrison expressed that the city's response to the ransomware attack was slow. He described the proposed ordinance as vague and lacking measurable deadlines and time frames for risk assessments and incident responses. Morrison also noted that there are no consequences outlined for non-compliance with the ordinance. "My last thought is, strengthen this ordinance, take the necessary time to get it right, not perfect, but right. Privacy, security, and trust are worth more than a weak policy," Morrison said.
Webb responded by stating that the proposed cybersecurity ordinance meets state law requirements and serves as a solid framework for policy development. He mentioned that specifics could be added later. A key requirement from the state mandates that any decision to pay ransom for data must be legislated by the city council. Mount Vernon currently contracts with Knox County for IT services.
Safety-Service Director Tanner Salyers noted that the city has established a Municipal Tech Board that meets monthly to address IT issues in collaboration with the county. The city has already implemented best practices such as multi-factor authentication (MFA), monitoring, logging, and risk assessment. Insurance companies are also demanding additional actions for coverage.
Webb further explained that while an incident response plan can be very detailed, it is only referenced in the proposed ordinance. He emphasized that contact information should include who to call first during an incident and subsequent contacts if needed. Webb suggested it's beneficial not to include these details in the overall ordinance to avoid reliance on potentially outdated information.
