Greater Harrisburg's Community Magazine

Report: Harrisburg’s IT system riddled with risks.

As cyber security experts put it, becoming the target of a cybercrime or data disaster isn’t a question of “if,” but “when.”

That was one of the messages for Harrisburg city officials in a new Harrisburg University report, which assessed the city government’s aging IT infrastructure and its ability to respond to cyber attacks, natural disasters and even simple records requests.

Researchers said that, while Harrisburg has taken important steps to modernize its IT resources in the past several years, there remain many risks and shortcomings in the city’s current systems.

“The current course is untenable,” researchers wrote. “It’s only a matter of time until some event causes a major impact to the city’s IT services.”

Without safeguards, that event could bring serious costs for the city and its taxpayers.

Most of Harrisburg’s applications run on an aging mainframe connected to an independent internet network. Any disruption could obstruct the city’s access to its insurance claims system, police field reports, billing systems for real estate taxes, and the software it uses to issue codes licenses, permits and health inspection records.

Harrisburg expects to modernize its mainframe in 2020—a project that could carry a $2 million price tag, according to 2017 budget documents.

But right now, scads of data are stored on a mainframe server at city hall. That leaves the city at huge risk in the event of a disaster, researchers said, since there’s no off-site backup.

“It’s no exaggeration to say that, without IT, lines of business across the city would grind to a halt,” the report reads. “Unfortunately, this potentially disastrous situation is a real risk.”

The report pointed out that the city’s mainframe server is located in a flood plain and connected to a 31-year-old power supply. Also, the onsite generator for the city government building isn’t tested on a regular basis.

Those factors alone could jeopardize the integrity of city applications and data in the event of a natural disaster. But since the city hasn’t adopted a disaster recovery plan, employees have no clear course of action in the aftermath of an emergency.

Harrisburg is also at risk for cyber attacks, which researchers say are affecting municipal governments with increasing frequency. TheBurg reported in April that Harrisburg does not have a formal cyber-security policy or a written strategy to recover from breaches.

Following publication of the HU report in November, Mayor Eric Papenfuse has proposed allocating $700,000 in the city’s 2019 capital improvement plan to fund IT upgrades—double the amount forecast in long-term projections included in last year’s budget.

That budget includes a $235,000 allocation for a data redundancy system, along with $15,000 to store a duplicate data system at a secure, off-site location.

Papenfuse is also following a recommendation to hire a new GIS administrator. Departments across city government, including public works, crime analysis and engineering and planning, rely on GIS programs to build maps and visualizations. None of these systems are integrated, and their data is stored in multiple locations.

Researchers implored the city to simplify its mapping technology by transitioning to a single software platform and a central repository database.

The IT bureau will also use its 2019 budget to evaluate records management systems.

HU researchers recommended that Harrisburg centralize its records, which are currently scattered across many electronic and physical filing systems.

Not all of the city’s records are indexed or properly categorized, making their retrieval a tedious chore.

“Staff need to go from building to building, closet to closet, and box to box searching for information which already may have been discarded,” the report reads. “[This] has resulted in staff spending hours tracking down records when they could be allocating their time more appropriately to serve the citizens of Harrisburg.”

The lack of a centralized records system is particularly problematic for the city’s law bureau, which administers the Right to Know law. City Solicitor Neil Grover told researchers that his staff spends valuable time tracking down non-indexed records.

Since state laws govern the retention of municipal records, failure to procure one for an audit or records request could subject Harrisburg to fines and legal penalties.

The 44-page IT assessment report was jointly sponsored by Harrisburg University and the Commonwealth of Pennsylvania, Papenfuse said. It was compiled by IT professionals enrolled in an HU professional certificate program, including Harrisburg’s deputy director of IT, Eric Collins.

Papenfuse said that the city has commissioned other IT assessments in the past, which often recommended improving staff capacity. Since the city hired a deputy director last year, it’s now able to bolster its infrastructure with forward-thinking initiatives, he said.

City Council will hold public hearings on the 2019 proposed budget Dec. 11 and 12 at 5:30 p.m. in city hall.

Continue Reading