By Mike Kruzman / news@whmi.com


Livingston County officials are on the path to changing providers for cyber security enhancements.

The county has been using software from SolarWinds, a third party vendor that managed the servers of multiple federal agencies including the Department of Homeland Security that were hacked last year. The decision to use SolarWinds recently came under the scrutiny of the county’s former Chief Information Officer Rich Malewicz and the Livingston County Democratic Party. County Administrator Nathan Burd and current CIO Kristopher Tobbe have maintained that County data has remained secure, to their best knowledge. That being said, at the County General Government Committee meeting, Tuesday, Tobbe recommended changing to cyber security experts Palo Alto for expanded protection. Tobbe said this change was not the result of recent headlines, and have been on the books since the 2017 planning year and a focus of his efforts since taking over the office 9 months ago.

Tobbe made a recommendation to go with Palo Alto for services, saying they will up the County’s cyber defenses in an exponential way. Palo Alto will give them significantly more throughput and allow them to inspect traffic inside the network, including the ability to see what is going on through connected computers. He said Palo Alto constantly updates their codes and signatures to be up to date with zero-day threats and other anomalies, with the ability to push that adjusted code to County firewalls and end points for protection. Tobbe added that Palo Alto’s teams are constantly evaluating and threat hunting through the internet and dark web to stay ahead of cyber criminals that are trying to gain infiltration to company’s networks. He said that while you can’t possibly catch it all, this is what Palo Alto specializes in.

Not being able to “catch it all” gave Committee Chair Mitchell Zajak cause for concern, wondering who is on the hook for that and what is acceptable versus what is not. Palo Alto District Manager Allan Sumerfield said there can’t be absolute assurance that a system won’t be intruded on, but the adoption of their system greatly enhances the position the county is currently in. Tobbe said he is very confident in their ability to fight off cyber attacks.

The final price should the county enter the agreement would be $442,800, with the recommendation to spread it out over 3 years. A memo to committee members in their agenda packet shows that this negotiated this price is 47% off of the standard corporate rate and 35% of the governmental contract pricing.

Gaining unanimous approval from the General Government Committee, the recommendation will now go to the Finance Committee and then full Board for potential final approval.