No critical issues found in county’s cyber security

Craig Oliver, county IT director, and Laura Warnix, election administrator, go over the cyber security report issued to the county. Both told commissioners on Sept. 23, that the county had only minor problems that needed fixing.

BEEVILLE – The score may sound low, but the results of an extensive test of the county’s election and cyber security are generally good.

“We had received an overall score of a 0.86 when they did our survey,” said Laura Warnix, elections administrator. “They’re saying our goal should be around a 2.0. 

“But the great news was we rated above all the averages of the other counties that already had there’s done.”

Many of the issues are what most would consider minor — such as not having a cyber security committee or written policy.

One of the biggest – and one Warnix said she plans to fix quickly – is the addition of a keypad on the door to the ballot machine storage room.

“They are secured behind a locked door now,” she said. “But I want to put a coded locking system on that door that is an electronic record of how long people are in there. It will also have a camera that comes on when someone enters the room.”

The county no longer uses paper ballots, having switched to an all digital system.

This system, though, does not utilize the internet. All voting is retained with the standalone units.

But, the election office does utilize the county’s servers for other information which is why these systems are being tested.

The penetration test of the county’s security was done at the request of Warnix to the Secretary State, something that is now required for election security.

“It is because we use the county’s servers,” she said. 

Craig Oliver who heads the county’s IT department, said that the test took about a week “to evaluate the security of our network. 

“We passed, but there were specific items that they wanted to address or to improve.”

The overall: the county is secure.

“We scored higher than all the other counties who had been through the testing,” she said. “We didn’t have any issues that were critical.

“We had no phishing and no malware on our website.”

The newly formed cyber security committee will evaluate and make its recommendations to commissioners on what changes need to be implemented.

Access to this report, though, will remain out of public view, Warnix said, as it is deemed confidential information.

“Anything that’s in a security policy is not public information,” she said.

Jason Collins is the editor at the Bee-Picayune and can be reached at 343-5221, or at