By Andrew Merkle
Ingham County Chronicle Staff Reporter
According to the Ingham County Innovation and Technology Department (IT), applications that the county website (ingham.org) uses lack security.
Vince Foess, interim IT director, recently presented this information to the County Services Committee.
When asked by Chairperson Deb Nolan about the urgency of the issue, Foess told the committee that the issue is extremely urgent, adding that there are a dangerous amount of security risks facing the county’s website.
“There is zero security on the back end,” Foess said. “Personal information and Social Security numbers are exposed to anyone in the world. These applications are web-based and are not coded with security.”
To make matters more urgent, IT does not have anyone on staff who can do the work necessary to solve the security risks, and an outside consultant will have to be used.
However, Commissioner Victor Celentino thinks it’d be best to have another pair of eyes assess the situation.
“If a new director of IT is hired soon, that individual can look at the issue and refer their assessment to the committee,” Celentino said.
While IT does not have anyone on its staff who can fix the problems, Becky Bennett, Board Coordinator, has done web development in the past.
“(Purchasing Assistant) Julie (Buckmaster) and I put the ethics policy on the website,” Bennett said.
This work would not be enough to rule out going to an outside source to complete the work that is now required.
After Bennett asked if the issues were through the ingham.org webpage, Foess clarified to the committee that there is no problem with the webpage itself, rather the problems are originating from applications built and used by the webpage, such as the PARSAR system.
The PARSAR system, according to Foess, tracks employee action on the website. These actions include the hiring of new employees and getting new hires network access. These are things that could lead to the exposure of valuable personal information.
The lack of security is not a new problem for the department.
“This has been a problem since I was hired in August 2014,” Foess said.
In fact, in November 2014, a resolution to authorize local vendor Dewpoint to propose a statement of work to the Board of Commissioners was introduced and subsequently approved by the board.
Dewpoint offered to do the work at a rate of $100 per hour for up to 300 hours of service and the total cost of the service would not exceed $30,000. The money to pay for the service would be taken from the Innovation and Technology Department’s Network Maintenance Consultants Fund.