The Akron Budget & Finance Committee introduced an ordinance to adopt the city’s cybersecurity program and policy and to authorize the chief technology manager to take action during cybersecurity or ransomware incidents, but members voted to take time and resume consideration next week.

City staff presented the ordinance as required under House Bill 96 and ORC 9.64. “When the state passed House Bill 96 ... it created ORC 9.64 in terms of cybersecurity requirements for local agencies,” Wheeler said, outlining three requirements: adopt a cybersecurity program, report incidents to the Ohio Cyber Intelligence Center and the auditor, and pass an ordinance to formalize the program.

Wheeler identified the staff designee as the chief technology manager, named in the transcript as Darren Ruzinick, and said that once the ordinance is in effect future events would be delegated to that position. Councilwoman Linda Mobian asked for confirmation of the staff assignment: “You’ve identified a staff person who’ll be responsible for doing this?” Wheeler confirmed the chief technology manager would be the primary duty holder during an event.

Operational questions included whether staff already have authority to act now and routine device practices. Wheeler said some provisions (training and parts of the timeline) are already in place and that the state required the city to adopt a program by Sept. 30; he said the city has conducted citywide training. On daily device practices, Wheeler said the city requests devices on the network be shut down daily (logged out or restarted) but that phones are excluded.

Councilman Jeff Fusco asked for more time to review enforcement protocols and moved to refer the item for additional study, expressing concern that the community and council need clarity on enforcement and reporting before final passage. His motion for time was seconded and approved by voice vote.

What’s next: The committee will reconvene next week to continue consideration of the cybersecurity ordinance; staff emphasized the ordinance is drafted to comply with ORC 9.64 and to delegate incident response to the chief technology manager once adopted.