In the event of a cyber attack, Ohio officials want to be able to call on highly trained IT experts who can step in to help.
State lawmakers are now considering a bill that would require Ohio Secretary of State Frank LaRose to appoint a chief for information security, mandate county Boards of Elections conduct audits of election results, and require the governor create a civilian cyber security reserve force.
The Ohio Cyber Reserve would operate similar to the Ohio National Guard, available for activation in times of attack or crisis involving an election or other government functions. Trained experts would be available to help prevent cyber attacks too, LaRose said.
“These county boards of elections vary in their levels of sophistication. Some have full-time IT departments others are two or three people that work in the courthouse basement. So, it runs the gamut,” said LaRose, who supports Senate Bill 52.
Voting security is a top priority, especially after evidence emerged that cyber hackers linked to the Russian government tried to infiltrate American election infrastructure in 2016.
The bill calls for the reservists to be unpaid volunteers during training but paid when put into active duty — generally the same rates paid to officers and enlisted personnel in the Armed Forces.
Cyber reservists would be under the Ohio Adjutant General as a civilian force, not subject to deployment into military service by the federal government.
Reservists would be called into action in the event of an attack but also asked to work with local governments on best practices for cyber defense, LaRose said in testimony supporting the bill.
The bill is also backed by Major General John C. Harris, the Ohio Adjutant General. The guard has “cyber warriors” who bring expertise from their civilian jobs to their military service but “Ohio’s cyber experts are over missioned and understaffed,” Harris said in written testimony.
In January, the Ohio National Guard helped the city of Akron respond to a ransomeware attack.
“We under constant assault from cyber criminals. And Ohio is not immune,” Harris said.
He noted the Michigan and Wisconsin each established cyber reserves but with mixed results. Ohio’s plan would address those shortfalls, he said.
Harris estimated it would cost $3,000 a day to deploy a cyber response team, which is far less than the $4-million average cost of a data breach at a business.
Thank you for reading the Dayton Daily News and for supporting local journalism. Subscribers: log in for access to your daily ePaper and premium newsletters.
Thank you for supporting in-depth local journalism with your subscription to the Dayton Daily News. Get more news when you want it with email newsletters just for subscribers. Sign up here.