In the latest issue of The Wright Toolbox:
- Baltimore County Year 2020 Comprehensive Zoning Process (CZMP) – read now
- Government Contractor Suspended After Data Breach – Insufficient Cyber Security Could Be The End Of Your Business – read now
Baltimore County Year 2020 Comprehensive Zoning Process (CZMP)
Every four years in Baltimore County property owners are eligible to request a change in zoning whether it is classified as residential, commercial, manufacturing or industrial. This is an important time for property or business owners who are looking to enhance the value of their property by changing its zoning to permit other acceptable uses. Property owners who believe that their property would have greater market value if it were zoned for other uses now have the chance to capitalize on that opportunity. Owners who want to convert residential property to permit business uses, to create greater density for development or who want to convert older unused buildings to permit manufacturing uses now have a limited window to pursue these possibilities. Importantly, even the County often uses this opportunity to attempt to “down zone” properties to allow a more restricted commercial use or a fewer number of houses to be developed.
By the same token, impacted property owners where a zoning change is sought should be aware of the process and their ability to obtain information and express their opinion in favor of or against changes which may impact them.
The process is basically as follows:
First, there is a public pre-filing online period (8/19-8/30/2019) for the general public to file zoning change requests. This allows public applicants to get an early start on the application process and early access to scheduling an appointment to map the issue from September 3 through October 15, 2019. From October 1 to October 30, 2019, the Baltimore County Planning Board and the Baltimore County Department of Planning can file an application for a zoning change. Finally, from November 1, 2019 to November 29, 2019, members of the Baltimore County Council can file an application. All filings for zoning changes must be completed by November 29, 2019.
Second, the Baltimore County Department of Planning reviews all filed zoning issues and each property owner impacted or adjacent to a zoning request is notified by mail and a sign is posted on the property. Preliminary recommendations by the County Planning office are published in a “log of issues” on the Baltimore County website.
Third, public hearings are scheduled and held before the Planning Board in March, 2020. The Planning Board holds work sessions in April open to the public, usually in local high schools, then votes and makes recommendations to the County Council. At these hearings, any interested citizen may speak on any of the zoning issues.
Fourth, public hearings are held beginning in June, 2020 before the Baltimore County Council. The final vote is held by the Baltimore County Council no later than September 16, 2020.
Now is the time to monitor and consider taking action. Baltimore County Planning Staff and County Council members are often willing to meet with individual property owners and community associations to discuss any re-zoning issues. It is important for your views and the views of your community to be made known to the Planning Office, Planning Board and County Council. It is recommended that you begin any inquiries regarding your property early in the process.
WCS can assist you with either filing a zoning change application, opposing or monitoring a zoning change application filed by others. Contact J. Neil Lanzi – firstname.lastname@example.org.
Government Contractor Suspended After Data Breach – Insufficient Cyber Security Could Be The End Of Your Business
It seems like every day we hear about another cyberattack or data breach. Of course, here in Baltimore we have all watched the whole Baltimore City ransomware attack drama play out. Cyberattacks are difficult for the company that is the subject of the attack from the perspective of repairing any damage to their systems, damage to their reputation, notifying appropriate parties, and improving security and implementing more stringent security measures. Such attacks are also difficult for parties whose information has been stolen and who now must deal with the impact of having their data exposed. But, what if you were a government contracting company and one of the results of a cyberattack included suspension or debarment of your ability to do business with the government? That could very well be the end of your business. Well, that scenario just recently played out against a long-time government contracting company that suffered a data breach while working for the U.S. Customs and Border Protection.
On July 2, 2019, Customs announced that it had suspended a contractor from doing business with the federal government as a result of a cyberattack that resulted in a large amount of sensitive information and data being posted on the internet. In its announcement of the suspension, Customs referred to “evidence of conduct indicating a lack of business honesty or integrity.” Customs also noted that the company’s transfer of data to its own network was in violation of Customs’ policies and was without Customs’ knowledge or approval. Customs further alleged that the contractor had failed to follow mandatory security procedures set forth in its contract with Customs.
According to the Washington Post (Drew Harwell – July 2, 2019) the attack was credited to a cybercriminal group that says it specializes in corporate hacks and extortion. A hacker with the group told the Washington Post that the group gained access to the contractor’s computer systems for four months and had demanded a ransom payment, but that the contractor “broke their side of the bargain.” The hackers posted internal company data including surveillance equipment schematics, sensitive contracting documents on contracts worth hundreds of millions of dollars, and details on the surveillance systems and procedures used at major ports of entry between the United States and Mexico.
Even though the contractor had worked with Customs for almost 30 years on border security and also had contracts with other government agencies including the DEA and the Department of Defense and even though Customs stated that none of its systems were compromised in the attack, the contractor now faces administrative proceedings to determine whether it should be debarred for an extended period from working for the federal government. It is also possible that a government contractor who suffers a data breach could be exposed to a False Claims Act suit if the contractor has falsely certified compliance with applicable cyber security requirements.
Federal and state governments are getting increasingly more serious about cyber security and protecting the government’s data with new laws and regulations being passed and amended seemingly every few months. Now more than ever it is critical that government contractors review their cybersecurity systems for compliance with all of the various laws, rules, regulations and agency procedures and protocols, including the terms and conditions of their own government contracts. Not just the prime contract with the government, but the terms and conditions that are required to be flowed down to lower tier subcontractors and vendors. When a data breach occurs, the government will more than likely investigate to see if the breached company was in compliance and what efforts were made regarding subcontractors’ security practices.
Keep in mind that cyber security doesn’t just mean security on computer systems, it also means actual physical security, locked doors, physically controlled access to servers and communication equipment, multi-factor identification access to systems, etc. All businesses must address the biggest threat to cyber security in the company—their own staff. Essential to fighting the battle against cyber-attacks are carefully crafted policies and practices required of all employees. The human element, which may intentionally access a system or negligently leave a door open to unwanted eyes, represents one of the biggest holes in a company’s preventive system.
All staff should be aware that the company does not own the data it possesses, be conscious of the privacy rights of the customers it serves and data it owns and be held accountable for ensuring protections are maintained. These simple concepts should be found in employee handbooks, employment agreements and in training provided by employers. Staff should also be aware of simple protections necessary to protect data such as complex passwords which are changed regularly and across multiple platforms and access points, the hazards of opening certain email or visiting various internet sites, and the dangers posed by disgruntled current and former employees. Most importantly, there needs to be an understanding by all staff of why access to the company’s network should be limited and why there needs to be clear limits to access the company’s systems using external hard drives and other personal devices.
Finally, a critical element to any cyber defense is making sure that the development of your cyber policy and its enforcement crosses multiple desks of responsibility in an organization and includes IT, human resources, compliance, records management, risk analysis, insurance and legal. Internal policies need to touch on the need for protection, obtain buy-in and compliance throughout the organization, and make sure that audits and tests of the security are regularly conducted and demonstrated.
As the recent suspension of a long-time government contractor has demonstrated, cyber security for government contractors is no longer an item on a long to-do list, it must be a central focus of your business, because the very continued existence of your business may be at risk. Contact the WCS government contract team for help with your cyber security compliance.
To browse past issues, visit The Wright Toolbox page.