City of Groveland Minutes City Council Workshop Monday, June 02, 2025 The Groveland City Council held a workshop on Monday, June 02, 2025 in the E.L. Puryear Building located at 243 S. Lake Avenue, Groveland, FL 34736. Mayor Keith Keogh called the meeting to order at 6:15 p.m. with the following members present: Vice Mayor Barbara Gaines, Council Members Amy Jo Carroll, Judith Fike and Mike Radzik. City officials present were City Manager Mike Hein, City Clerk Virginia Wright, Sergeant-At-Arms Lt. Christine Boodhoo and City Attorney Anita Geraci-Carver. As an alternate option, the public was provided the opportunity to attend the June 2, 2025 City Council Workshop virtually in listen/watch mode only. A public notice with instructions to participate was posted to the City's website under "public notices" at www.aroveland-.gov. and in the display board at City Hall. 1. Innovation & Technology Department Overview & Budget IT Department Director James Foran provided a presentation as outlined below and attached to these minutes as Attachment 1. Budget Analyst April Allman provided an overview of the IT Department budget. Innovation & Technology Budget FY26 changes.ighlights FY202502925 Capital Requests Where We Are Now - Summary of October 2023 to Present FY23-24 Network Assessment Network Infrastructure Timeline 2024 - Critical IT Vulnerabilities Exposed 2025 = Infrastructure Recovery & Cyber Resilience Despite significant achievements, several critical components remain incomplete or transitional: Domain & Access Control = in progress, Office 356 Mitigation = planned, Network Monitoring = pilot phase, Logging Infrastructure - incomplete, Fiber Network Expansion = partially utilized, Virtualization Strategy = transition ongoing. Cyber Security National Threats, Local Risks FBI Cybercrime Trend (2022-2024) FBI Releases Annual Internet Crime Report The most targeted governmental facilities by ransomware attacks in recent years include: State & Local Government Agencies Federal Law Enforcement Agencies Educational Institutions Why This Matters for Groveland: National Threats Meet Local Vulnerabilities 1 JUNE 2, 2025 CITY COUNCIL WORKSHOP MINUTES Why Preparedness and Resilience Matter How We Are Responding Infrastructure Modernization Security & Compliance Staff Resources Justification for funding: Disaster Recovery Site Why Its Urgent What It Will Achieve How It Will Work Investment & Impact First-Year Investment Potential Cost Avoidance Recommendation: Approve Capital Funding in FY2025-2026 State of the Department o 4 Staff Members and 2 Leaders responsible for: 4.5 FTE covering 19 locations Supporting 1,600+ devices and 187 users Maintaining compliance with CJIS, PCI-DDS, HIPAA Handling helpdesk tickets, public safety systems, A/V for meetings, and public records Attempting to advance projects amid continuous service calls Minimal staff redundancy and limited succession planning Technology Above the Waterline Technology Below the Waterline O Campus Edge Security ) Cyber-security Network Infrastructure Present Organizational Chart - 4.5 FTE o Director of IT Deputy Director Technical Service Administrator ) Help Desk FTE Help Desk FTE Help Desk FTE The Cost of Inaction ) Reevaluating IT Leadership Resource Allocation Executive Summary IT Director - Role Overview Primary Responsibilities Not Designed For: Current Misalignment Impact: Strategic Opportunity Costs Financial Inefficiency 2 JUNE 2, 2025 CITY COUNCIL WORKSHOP MINUTES Operational Risks Team Development Concerns Proposed Path Forward Recommendation Proposed Organizational Chart Director IT Deputy IT Director Technical Services Administrator Technical Services Supervisor ) Network & Systems Analyst Help Desk FTE Help Desk FTE Help Desk FTE Value from Investment Looking Ahead: Vision & Value Our 24-Month Vision Our Promise Council Member Carroll referenced slide two (2) of the presentation. She asked for clarification on the end-of-life replacement for police mobile computers. Mr. Foran reported there was currently no end-of-life cycle refresh. All of the computers were running on Windows 10, which was no longer supported. Council Member Carroll inquired as to what is the typical computer life cycle. Mr. Foran stated he would like to refresh computers every four (4) to five (5) years. However, the reality is typically five (5) to six (6) years. Council Member Radzik provided a real-life example of risks that were faced with his previous organization. The company was forced to shut down for approximately a month, wipe everything clean, and completely start over. Council Member Radzik asked what are the choices for manageable and affordable disaster recovery. Mr. Foran stated the plan he was currently moving forward with would be the most economical. It consists of approximately six hundred and ninety- five thousand dollars ($695,000) in hardware to duplicate what was being utilized locally for the next five (5) years. Council Member Radzik stated he felt IT was the backbone of the City. He acknowledged the request for two (2) new FTES to free up Mr. Foran's time. Council Member Radzik asked City Manager Hein how many new positions Council had been made aware of through the budget process. City Manager Hein reported moving the part time lien search position from Code Enforcement to the Clerk's Office. As well as adding a code enforcement officer and police positions. Council Member Radzik stated if adding the positions is feasible, then it should be done. Council Member Fike inquired as to where Clermont and Mascotte held their disaster recovery sites and what their IT department staff looked like. Mr. Foran reported he had not had the time to meet with the cities directly and was unsure of their disaster recovery plan. He noted it would not be surprising if the cities did not have a recovery plan. 3 JUNE 2, 2025 CITY COUNCIL WORKSHOP MINUTES Vice Mayor Gaines felt the IT department was an unsung hero of the City and thanked Mr. Foran for his in-depth presentation. Mayor Keogh referenced slide two (2) of the presentation. He noted there were no grants received this year and asked if there was a reason why. Mr. Foran reported the City was a recipient of the Cyber Security Grant through Florida Digital Services, two (2) years in a row. However, as of today there is no year three (3) available. Mr. Foran noted some of the budget increase was due to making up for the loss of grant funds. This included a decision to cut one of the programs. Mayor Keogh asked if Mr. Foran was comfortable with the City's disaster recovery being in Tallahassee, Florida, with possible hurricanes. Mr. Foran stated there was a typical rule of thumb for the disaster recovery center to be at least one hundred and twenty-five (125) miles away. However, he stated he would need to do further research to provide a definitive answer. Mayor Keogh asked Mr. Foran to investigate what the return on investment would be if the IT Department was given all the technological tools needed to be more efficient, such as Artificial Intelligence (AI). Mr. Foran reported that the department was currently examining the current systems and operations of other departments to ensure efficiency. Mayor Keogh inquired how much it takes for the City to secure the 911 facility; is it a large dollar amount. Mr. Foran stated no, as it is currently under the same footprint as the City has for the police department. There are a lot of additional man hours involved; Lake County for example, is responsible for 911. However, basically when there is an issue, the County contacts the IT and IT handles the issue. Mr. Foran reported there is additional service IT does the City's firewalls, a lot of connectivity. We pay several circuits to connect to Lake County which are a bit expensive, such as radio control system and things of this nature. Mr. Foran noted as far as the firewalls, etc. this is under the IT Department's umbrella of current security. ADJOURNMENT Mayor Keogh adjourned the workshop at 7:02 p.m. Groveland RIDA Ciryih Nne nmich Kéith Keogh, Mayor 0/ CIAA Attest: Virginia/Wright, City Clerk 4 Innovation Groveland and FLORIDA Technology City with Natural Charm James Foran, Director Innovation & Technology Budget 2024-2025 2022-2023 2023-2024 2024-2025 YTD Activity 2025-2026 Budget Budget Total Activity Total Activity Current Budget Thru April Proposed Budget Change $ Change % Personnel Services $ 356,660 $ 349,863 $ 443,900 $ 231,949 $ 446,500 $ 2,600 0.59% Operating Expenses $ 830,208 $ 626,391 $ 1,223,543 $ 682,750 $ 1,526,100 $ 302,557 24.73% Capital Outlay $ 262,404 $ 904,706 $ 578,957 $ 119,673 $ 1,113,200 $ 534,243 92.28% Debt Service $ $ $ $ $ $ N/A Grants & Aids $ 32,131 $ 96,392 $ $ $ $ N/A Innovation & Technology Total: $ 1,481,403 $ 1,977,353 $ 2,246,400 $ 1,034,371 $ 3,085,800 $ 839,400 117.59% FY 26 Changes/Highlights FY 26 Changes/Highlights 2.6k increase in personnel services reflects 534.243k increase in capital outlay is baseline salaries with no change in staffing attributed to a rise in capital requests. level, no increase in workers' compensation and a 10% estimated increase in benefits. 302.557k increase in operating expenses is attributed to IT supplies and subscription- based software. 2 Innovation & Technology Budget FY 2025-2026 Capital Requests Laptop Refresh for End-of-Life Equipment - $18,000 Workstation Refresh for End-of-Life Equipment - $32,000 Replacement Equipment & Parts - $64,500 City-Wide CCTV - $65,000 Replace End-of-Life Fire Department Mobile Data Units - $35,000 New Fire Department Station - $57,400 Police In Car Printer Replacement - $5,500 Police Docking Stations - $7,800 Antennas for Police Vehicles - $18,500 Remaining Road Patrol Laptops - $30,000 Replace End-of-Life Police Mobile Computers - $85,200 Disaster Recovery Site for Police and City Networks - $694,300 - 3 Where We Are Now Summary of October 2023 to Present. FY23-24 Network Assessment On March 7th, 9 2024, I - Completed a Network Assessment which thoroughly evaluated the city's IT environment, highlighting critical vulnerabilities and offering strategic ecommendations to modernize and secure infrastructure. The assessment covered hardware, software, security protocols, networking components, and physical security across various city facilities. In total, 29 distinct deficiencies were identified, spanning cybersecurity compliance, nardware/software misconfigurations, licensing lapses, physical security oversights, and operational inefficiencies. These issues collectively represent serious risks to the City's digital assets, legal compliance, and service continuity. 2024 - Critical IT 2025 - Infrastructure Vulnerabilities Exposed Recovery & Cyber Resilience Outdated and unmanaged security devices Enforced security policies with CJIS,NIST, Insecure, disorganized server rooms and Florida DMSalignment Network and network closets Migrated mail domainto GOV 0365 Tenant No monitoring of network devices or logs with MFA and device control Infrastructure Missing network documentation and Deployed centralized monitoring and asset tracking asset managementtools Timeline Patch management inconsistencies Upgraded firewalis, switches, and Active Directory mismanagement endpoint protection le-g. co-mingled domains, obsolete accoun Standardizedi help desk, training, and No MFA, endpoint protection fragmented documentation Limited coverage of new CVEs left unremeg Planned Disaster Recovery Site to protect critical services Intatedjoundationloverhaulfystens, policies, and compliance practices Rebullding trust andcyber/ellence across all City systems Despite significant achievements, several critical components remain incomplete or transitional: Area Status Strategic Priority Domain & Access Control In Progress High Office 365 Migration Planned High Network Monitoring Pilot Phase High Logging Infrastructure Incomplete High Fiber Network Expansion Partially Utilized Medium Virtualization Strategy Transition Ongoing Medium : FAOS CYBER SECURITY PRA G) 25w9 EE 8 o EE CARLAN 6 D0-0 Application Information Network Operational Encryption Access control End-usere education Disaster recovery Application Information Network Ops Encryption Access Control Palo Alto Xpanse CJIS NGFW City Cluster Data MFA Compliance Palo Alto Virtualization Encrypted at ClearPass rest a PANORAMA PCII 802.1x PD Cluster Palo Alto 802.1x switching Virtualization 'always on" Authentication VPN Certificate Authorities Cortex XDR Information 802.1x7 TAA Unified Latest Secured Sharing and compliant monitoring and Encryption Network Automated Wi-Fi protection Ciphers Cabinets Threat updates National Threats, Local Risks FBI Internet Crime Report 2024 FBI Cybercrime Trend (2022-2024) Total Reported Ransomware Ransomware Losses Year Total Complaints Losses (USD) Complaints (USD) 2022 800,944 10.3 Billion 2,385 34.3 Billion 2023 880,418 12.5 Billion 2,800 60 Billion 2024 859,532 16.6 Billion 3,052 FBI Releases Annual Internet Crime Report The top three cyber crimes, by number of complaints reported by victims in 2024, were phishing/spoofing, extortion, and personal data breaches. Victims of investment fraud, specifically those involving cryptocurrency, reported the most losses-totaling over $6.5 billion. According to the 2024 report, the most complaints were received from California, Texas, and Florida. As a group, people over the age of 60 suffered the most losses at nearly $5 billion and submitted the greatest number of complaints. The most targeted government facilities by ransomware attacks in recent years include: State and Local Government Agencies: These entities are frequently targeted due to their often-limited cybersecurity resources and the critical nature of their services. FederalLaw Enforcement Agencies: Agencies suchas the U.S. Marshals Service have experienced ransomware attacks, compromising sensitive data and disrupting operations. Educational Institutions: Public schools and universities, which often fall under government oversight, have been victims ofransomware attacks, leading to significant data breaches and peratonalchallenges. These attacks underscore the importance of robust cybersecurity measures across alllevels of government to protect sensitive information and maintain essential services. Why This Matters for Groveland: National Threats Meet Local Vulnerabilities National Trends: The Escalating Threat As highlighted in recent FBI Internet Crime Reports, ransomware continues to be the most prevalent and damaging form of cyberattack against U.S. government entities. In 2024 alone: Ransomware incidents targeting government and public safety infrastructure rose by 9%. Attacks exploited end-of-life systems, weak endpoint protection, poor patching practices, and a lack of multi-factor authentication (MFA). Common vunerabiuties include unmonitored devices, inconsistent domain management, and inadequate disaster recovery, all of which are present in Groveland's environment Why Preparedness and Resilience Matter Cyberattacks are not speculative risks-they are inevitable and escalating. The operational and reputational costs of an attack are significant: Disruption to public safety communications and 911 response Exposure of criminal justice information (CJIS) or personal data Downtime of mission-critical services across City departments Risk of non-compliance with state and federal mandates, including FIPS- 140-2, CJIS, HIPAA, and PCI-DSS HOW WERE RESPONDING NFRASTRUCIURE SECURITY & STAFF MODERNIZATION COMPLIANCE RESOURCES . Upgraded firewalls Enforced security policies Expanded support team and switches Began migration to GOV 0385 from 4.5 FTE to 6.5 FTE Server networkrefresh Deployed asset management . Providing resources for Planned Disaster tools 19 City locations Recovery Site Created separate secure domains Standardized help desk and training e M L - 8 SaNess CYBER SECURITY RREN a o 3@ 8 : E O o EE 0-0H0 Application Information Network Operational Encryption Access contrl End-user education Disasterr recovery e R 1 FY26 CYBER SECURITY PRAPRANF a o & CaPlial 6 A o E 6 000 Application Information Network Operational Encryption Access control End-user education Disaster recovery Justification for funding: Disaster Recovery Site Why It's Urgent Groveland's digital infrastructure faces growing risks from: Natural Disasters: hurricanes, floods, fires Cyber Threats: ransomware, breaches, data loss Infrastructure Failures: power outages, HVAC failures, aging data center hardware ! No DR site currently exists, leaving the city vulnerable to prolonged service outages, legal exposure, and compuance violations What It Will Achieve Ensure continuity of essential services Meet CJIS, FEMA, NIST, and Florida DMS compliance standards Reduce data loss (RPO S 4 hrs) and downtime (RTO 5 24 hrs) Bolster public confidence in Groveland's digital resiuence How It Will Work Hybrid DR Architecture V Combines regional colocation and cloud redundancy V Protects citywide systems, including Police infrastructure Justification for funding: Disaster Recovery Site Investment & Impact First-Year Investment: Component City Police Servers, Firewalls, SAN, Virtualization $335,630 $358,670 Total First-Year Investment $694,300 Annual Recurring $44K-$49K Potential Cost Avoidance: Recommendation $15K-$25K/day in operational loss Approve capital funding in FY2025-2026 $150K-$250K+ per cyberattack event This project ensures Groveland's IT environment is secure, Priceless public trust and legal shielding compliant, and ready for the future- delivering long-term savings and citywide continuity. State of the Department (4) staff members and (2) leaders responsible for: 4.5 FTE covering 19 locations Supporting 1,600+ devices and 187 users Maintaining compliance with CJIS, PCI-DSS, HIPAA Handling helpdesk tickets, public safety systems, A/V for meetings, and public records Attempting to advance projects amid continuous service calls Minimal staff redundancy and limited succession planning Above the Waterline Technology NFOGRAP HIC Technology PC's/ Phones I Cellular - So much more than meets the eye Emall VOIP I Documents Printers Cameras /WIFI - Security Intemet of Things Bel low the Waterline Technology Servers Campus Edge Active Directory Security File Sharing Services DNS DCHP Next Gen Firewalls V Backup Site to Site VPN MFA Anti Virus SPAM End Point Protection Cyber-security Zero-Day exploits Network Infrastructure External Attacks Insider Threats Routers Malware Switches Corp Account Fiber Optics Takeover NAS / SANS Spam & Phishing Present Director Innovation & Technology Organizational Chart 4.5FTE y Deputy Director Innovation & Technology V Technical Services Help Desk FTE Help Desk FTE Desk PTE Administrator Help Total present cost for employees-Wages/FICA/Retirement + Benefits: $443,900 The Cost of Inaction Reevaluating IT Leadership Resource Allocation Executive Summary The IT Director Is currently performing duties of: Network Administrator Level 3 Technical . Support This practice reduces organizational efficiency and strategic output. A reallocation of responsibilities is critical for long-term success. IT Director = Role Overview The director's time is dominated by tacticaloperations. Primary Responsibilties: Strategic technology planning Governance and policy enforcement Budgeting and resource allocation Cybersecurity oversight Vendor and stakeholder management Not Designed For: Routine support tickets Hardware troubleshooting System patching and configuration Current Misalignment Task Type Current Owner Ideal Owner Switch Configuration IT Director Network Admin Email Escalation Issues IT Director Level 2/3 Support Backup Monitoring IT Director Infrastructure Lead Vendor Research IT Director ProcurementAnalyst Impact: Strategic Opportunity Cost Lost Opportunities: Long-term project planning Security posture assessment Innovation and modernization Proactive risk management Result: The organization remains reactive, not proactive. Financial Inefficiency Role Average Salary Task Type IT Director $130,000+ Strategic Network Admin $75,000 Technical Support Technician $60,000 Operational We are effectively paying twice as much for work that can be done at a lower cost. Operational Risks Single Point of Failure: Too much institutional knowledge is isolated in one person. Burnout & Attrition: Constant multitasking at multiple levels is unsustainable. Audit & Compliance Gaps: Separation of duties is weakened. Team Development Concerns Junior staff lack growth due to over-reliance on the director. Low engagement if high-skill tasks are never delegated. No succession planning or knowledge transfer. Proposed Path Forward Recommendation Adopt proposed reorganization to 6.5 FTE Promote two of ourteam to new roles of "Technical Support Supervisor" and "Network & Systems analyst" Hire two replacement FTE for Technical Support role. Let the IT Director & Deputy focus on leadership, innovation, and risk mitigation "Great leaders don't do all the work; they build systems and teams that do." Director Innovation & Proposed Technology Organizational Chart 6.5FTE Deputy Director Innovation & Technology * Technical Services Technicnal Support Network & Systems Administrator Supervisor Analyst Promoting From Within Strengthens The Team and Recognizes Employee's Commitment to Growth Help Desk FTE Help Desk FTE Help Desk PTE Total proposed cost for employees-WagesFFICA/Retirement + Benefits: $623,570 Value from Investment Adds key roles to relieve tactical burden Promotes from within to strengthen culture Establishes leadership bandwidth for innovation, compliance, and resilience Long-term cost avoidance cyDerattacks, outages, fines, and lost public trust Looking Ahead: Vision & Value Our 24-Month Vision Strategic leadership focused on modernization Fully staffed and skilled technical support Documented, resilient IT infrastructure Disaster recovery ready, audit-ready, future-ready Confident, secure, and supported user community Our Promise Uptime - AlL systems are monitored 24x7 to ensure stability, A unplanned downtime is minimized, planned downtime is coordinated with the business in advance OPERATE Capital Projects - AlL capital projects are planned, managed, and implemented according to best practice, done on time, and under budget AND in that order! Premier Support - Help end users with any break fix issues, moves, adds, and changes, knowledge transfer (how-to) while ensuring the technology team documents and communicates all processes within ensuring stability, continuity and efficiency both within the technology team and throughout the employee community. Network Standards - Backup, DR, Risk Control, Security, and Compliance - AlL systems are backed up, restores are tested, there IS a rehearsed disaster recovery plan, IT security best practices, CJIS and PCI compliance. Awareness Training - Ensure employees and IT Staff have the training they need to use our systems securely