Answers #1-7: Midland Election 2018

- ransomware cyber-security preparedness security Information Technology offloading due diligence

Answers #1-7

The Question

How do intend to respond to the consequences of the ransomware attack and/or applicable staff’s preparedness (or lack thereof) to such attack, and how do you intend to ensure staff ensure this does not happen again, and do you consider it adequate and/or desirable to offload IT and/or network to the County, and why?

Carole McGinn (Nicols) – Wednesday, September 19th 2018

I am not an IT tech or security specialist. I must admit that. It should never have happened even in the process of having an insurance company in actively doing an audit. We not you but WE all should never have been put at risk like this. There were and always have been other, safer solutions. This was a preventable and hard lesson learned. I don’t think any of us have all the information yet. At this point I don’t know exactly how much ransom was paid. If it was or was not suggested be paid. What stage the insurance company was at and if they covered any losses. It did highlight that we need to back up data more effectively and stay current. I don’t know enough about the county in regards to its security and the practice of offloading to them. I never thought after Wasaga that we would suffer the same situation and after knowing we had a problem or risk to fix. How to move forward? More clear and honest information be shared with the public. Future, have the best security possible in place at all times. Back up regularly. It may seem like I am simplifying my answer, I don’t mean to appear unconcerned or “simple” ; I simply am not well versed in this area. If anyone person or portion of staffing is responsible for not having the safety measures in place and knowingly put everyone at risk then they need to be held accountable and possibly released from employment. If it was an unreasonable delay from council then they need to take ownership and be held accountable. Simply put, it should not have happened.

Jonathan Reid – Friday, September 21st 2018

It is a fact that this happens all the time, there is nothing you can do that is 100%. People live and learn and I believe the town of Midland and us a as residents have learned a lot about this attack. If someone has their mind set on something and they have the knowledge skills and want to do it is my experience it will more than likely happen. I believe in taking reasonable steps to ensure the safety of our information, but to what end, seriously, I have worked with the town and am sure they are doing what they feel is adequate to protect our information and will make any necessary reasonable changes so this hopefully doesn’t happen again.

Bill Gordon – Saturday, September 22nd 2018

I have been rather outspoken on this issue since I know it was preventable and that the Town had clear warning from both myself and the chief of police long before the attack. They had the hardware to prevent it and two years of foreknowledge that their IT systems were weak and vulnerable. My position is well documented on CTV and on Simcoe.com and I will push for full disclosure of what went wrong and what steps we have taken to protect the town’s data systems moving forward. My expertise includes network and data security and I will work with administration to ensure that adequate and effective policy and oversight is in place to avoid a repeat of this kind of data breach.

Answered on Bill Gordon’s Website: Q & A Time With Voters – Volume 2.

Cher Cunningham – Monday, September 24 2018

That the town was behind in their IT implementation (and other glaring concerns) has been obvious since the Service Delivery Review and was also addressed in the Midland Forward strategy of John Skorobohacz. The timing was unfortunate as a month from now, the IT security would have been installed and may have blocked the attack. Cloud computing is very secure and working with the county, provided it does not limit our IT options, makes a great deal of sense provided local staff are involved and responsible for this service. We have a co-operative relationship with County on many services some of which work better than others.

Stewart Strathearn – Monday, September 24 2018

Requested that due to time constraints that I point to his website: Elect Stewart Strathearn for Mayor — and noted that he asks constituents use a contact method listed on that site, or on the Town website, or otherwise public, to ask him the questions they have in person, if the website proves insufficient — after helping me with a council matter, and having a wide-ranging discussion.

Jonathan Main – Tuesday, September 25 2018

Once this has been fully resolved, there should be a full report outlining what happened and next steps.

Elliot Sheaves – Tuesday, September 25 2018

Prefers to answer questions in person due to the ways in which written answers can be taken the wrong way. He met with me in person and we had a very long and informative discussion. He also said he welcomes one-on-one with any constituent who would like to know what he thinks on any issue. He has also launched Vote Elliot Sheaves.

Candidates who have not (yet) responded

Notes on the Answers

Answers in ‘normal text’ are the candidate’s written response and are taken verbatim. I use italics for my words such as summaries of verbal responses and/or pointing to websites at the request of the candidate.