Controlling Board approves ODJFS cybersecurity assessment; members press for fiscal restraint
Get AI-powered insights, summaries, and transcripts
Subscribe
Summary
The Department of Job and Family Services won approval for $750,000 to conduct a cybersecurity risk analysis and recommendations, and authorization of up to $2.5 million in the following fiscal year to implement findings; senators sought clearer caps and commit to follow‑up reporting.
The State Controlling Board approved a two‑phase request from the Ohio Department of Job and Family Services to study and potentially upgrade cybersecurity protections for large agency programs.
Rachel Johansen, speaking for ODJFS, said the first phase is a $750,000 initial risk‑analysis assessment "and initial recommendations as well." She described the follow‑on amount in fiscal year 2027 as "up to $2,500,000," explaining that that figure is an estimate because the extent of needed work will depend on what the assessment finds. Johansen said the vendor selected has public‑ and private‑sector experience with risk analysis and mitigation.
Senators pressed the department on fiscal oversight and asked why the board should approve the ceiling before the assessment is complete. Senator Kahler registered concern that approving "up to $2.5 million" effectively provides a large open authorization without first seeing findings; Senator Kaler and others asked for interim reporting after phase one. Johansen responded that the department would provide updates after the assessment and that the $750,000 study is intended to produce a concrete game plan.
The board approved the item with a recorded objection from Senator Kahler.
Next steps: ODJFS will conduct the 6–8 week assessment, report findings to the board and, if needed, return to seek specific authority for implementation work beyond the initial assessment.