The Lorain County Board of Commissioners voted Dec. 19 to adopt a countywide cybersecurity plan and to appoint Todd Sharkey, the county IT director, as the county’s Chief Information Security Officer (CISO).

Commissioners said the plan is a response to recent state legislation and insurance requirements that make county officials responsible for coordinated cybersecurity oversight. The plan — described as roughly 150 pages by staff — was approved with the intent to centralize protection and reduce fragmentation across departments.

"Cybersecurity stuff is protected and is not public record," Todd Sharkey told the board, warning that publishing detailed information about internal systems could provide threat actors with actionable intelligence. Sharkey thanked internal teams and the county’s consultant, Converseent, for work during a prior breach that he said helped contain risk.

Board members praised the cross‑agency response during the year’s breach and said consolidating standards will help the county secure insurance coverage and meet new state expectations. Commissioners also noted that the county would not attempt to run other elected offices’ day‑to‑day IT operations but would provide standards and support.

The board recorded the appointment and adoption through routine motions; commissioners said the plan will be posted in limited form on the county website with sensitive portions withheld from public release in accordance with security best practices.

Officials said the new structure will allow the county to pursue uniform controls, incident response coordination and vendor management while keeping system‑level details confidential.