Welcome to Viewpoint, the pages where residents get to give their views on what is good, bad or indifferent about Clearview Townships governace. Have something to say? Send us an email and we can meet to discuss how to best publish it.
To start off this section of the site, I'm providing my viewpoint of the potential for Clearview to withstand an attack on their digital information and records infrastructure. An overview of what is needed to withstand an attack based on my personal experiences with ransomware was sent to council some months ago, but AS USUAL there has been no response or VISIBLE action towards addressing this issue from council nor staff.
You can download that file using the Acrobat button above and you can download the questions that I'm not allowed to ask by clicking on the ? also above.
How ready is Clearview Township for any form of data attack?
The recent issues with ransomware in Wasaga Beach have apparently cost taxpayers there over $250,000 to remediate, MOST OF WHICH was in the form of overtime payments to staff who are the same people already being paid to ensure the data protection of the township, the amount paid to the "blackmailers" seems to be about 12-15% of the total costs.
If that same scenario repeated itself in Clearview each residence could be paying approx $42.00 in additional taxes!
In addition the PERSONAL information of residents is at risk, the ability of the municipality to meet the record keeping requirements of the Municipal Act are at risk as is the ability of the township to respond to situations that are reliant upon registered information such as the fire department knowing the registered details of the disabled in our community in case they need rescuing.
As one who has been involved with computers and data transmission since before MS-Dos and Windows were created, I've been part of the evolution from analog to digital systems and as late as two years ago I was directly involved in a ransomware attack on a local Creemore based business.
Because of a well informed management team with a high level of understanding of the potential dangers to their business, and some basic planning to minimise the impacts of malware and ransomware they were able to ward off an attack and be back to normal in less than 24 hours WITHOUT PAYING 1 CENT OF RANSOM, no overtime to staff and without losing any data.
With the two existing examples of the HACK of the clearviewclerk.ca website and the refusal of the CAO to do anything about the well known BROWSE ALOUD bug on the clearview.ca web site because I used more than 20 words to describe it to him, It is clear that at the CAO level there is neither an appreciation of the danger nor any understanding of the impacts on operations or the costs to taxpayers.
So with regard to the aspects of "Well informed management team" and "high level of understanding of the potential dangers to their business, I give a big NOT READY and I do not see, based on the responses of CAO Sage as listed above that this "attitudinal" process to dealing with data issues will change in the near future.
Why should residents care if the Township is "ready and able" to ward off a data attack?
The soon to be forthcoming experiences from Wasaga should be a good base for evaluating the impacts of ransomware on a municipality. On August 16, there is supposed to be a report identifying how their virus arrived and the path it took to bringing Wasaga "to its knees". Once that report comes out we will be very interested to see if the aspects of concern in our letter to council picked out any of the data infrastructure failures in Wasaga.
The highest risk factor for a virus or ransomware getting INTO a municipal system comes not from its use for municipal business but from allowing that infrastructure to be used for receiving PERSONAL emails, posting social media and accessing web sites.
There is a lot of technology (for example the registering of access to networks using a devices Mac address which only allows approved devices such a specific mobile phone or tablet to link into a network) that can be used to determine WHO gets to access and use the municipal infrastructure. Inside the building, computers/terminals that access the corporate network should be hard-wired and the use of wireless networks should be extremely limited and then only by Mac addressed approval.
Plain common sense determines that business networks should not used for access to personal emails, social media or web sites.
From the frequency and time of posts to a number of "personal social media sites" in use by some of the staff at Clearview, it's pretty obvious that a lot of personal posting and reading is taking place during business hours using the Township systems and ON THE TAXPAYER DIME!
If a staff member wants to access their personal data sources it should be from their own phone or tablet using a data plan which they pay for, and which has NO CONNECTION to the municipal infrastructure being paid for with OUR tax dollars AND ON THEIR OWN TIME.
Some basic virus and malware checking software can put a hold on, or stop, simpler forms of threats but when it comes down to ransomware, there is much more needed to ensure that IF an attack takes place and data is damaged, that the municipality has put in place a comprehensive and timely backup system that is impervious to the threat (i.e. Off line and air gapped from the network).
Only time will tell if Clearview gets attacked, how they respond and what any successful attack and mediation will cost taxpayers. The Acrobat accessible documents that were provided to council list more concerns and "solutions", just click on the Acrobat button in the header of this page to download your copy.
Personally, since council has been made aware of the realities of a ransomware attack through my submission to them, if they have not used that information to ensure that all of my individual suggestions towards minimizing access and damage have been implemented by staff then both staff and each individual councillors should be held PERSONALLY LIABLE for the total costs of any remediation!