In partnership with
Jackson and German Townships and the Village of Farmersville are making final plans to comply with a new Ohio cybersecurity law that requires programs in place by July 1. Like all cities and counties, the City of Germantown was required to have its plan in place as of January 1 this year.
Ohio Cybersecurity Requirements
The state law, which went into effect in September, 2025, requires all "political subdivisions," meaning a county, township, municipal corporation, or other body responsible for governmental activities, to create a cybersecurity program. The program needs to meet state-approved technical frameworks.
The law includes three main elements:
1. Each political subdivision shall implement a basic cybersecurity program.
2. Political subdivisions must report cyber incidents to the Ohio Cyber Integration Center and the Auditor of State.
3. Political subdivisions must pass an authorizing resolution before paying a ransomware demand.
In case of Attack
The OhioCyber website says that upon discovering a cybersecurity incident or ransomware incident, the legislative authority of a political subdivision shall notify both:
The Executive Director of Ohio Homeland Security within the Ohio Department of Public Safety shall notify the Ohio Department of Public Safety as soon as possible, but not later than 7 days after discovering the incident.
The Ohio Auditor of State as soon as possible but not later than 30 days after discovering the incident.
According to the OhioCyber website, A political subdivision experiencing a ransomware incident shall not pay or otherwise comply with a ransom demand unless the political subdivision’s legislative authority formally approves the payment or compliance with the ransom demand in a resolution or ordinance that specifically states why the payment or compliance with the ransom demand is in the best interest of the political subdivision.
This means that Farmersville, Germantown, or the Townships would need a public meeting to authorize paying a ransomware demand.
Cybersecurity Program
The CyberOhio site says the program shall be consistent with generally accepted best practices for cybersecurity, such as the NIST Cybersecurity Framework and the CIS Controls. A cyber program may include, but is not limited to, the following components:
Identify and address the critical functions and cybersecurity risks of the political subdivision.
Identify the potential impacts of a cybersecurity breach.
Specify mechanisms to detect potential threats and cybersecurity events.
Specify procedures for the political subdivision to establish communication channels, analyze incidents, and take actions to contain cybersecurity incidents.
Establish procedures for the repair of infrastructure impacted by a cybersecurity incident and the maintenance of security after the incident.
Establish cybersecurity training requirements for all employees. The frequency, duration, and detail of which shall correspond to the duties of each employee.
Local Compliance
To ensure compliance with both the training and technical aspects needed for this law, local governments are looking at vendors to provide a complete solution.
NOTE: Due to the public records exemption for information around the cybersecurity plans and services for procurement, TWIN CREEK TIMES is not publishing the name of the vendor selected to preserve security. The name of this vendor was spoken during the public meetings and may show up in the meeting minutes.
Jackson Township - At its February meeting, Jackson Township Trustees voted to hire [Vendor X] to provide services that will comply with the cybersecurity law.
Fiscal officer Lisa Kozarec said in the meeting, “They're very impressive. They've been in business since 2013. He does a lot of local governments, including Springboro and Franklin. They're going to come in at $60 a computer, per month.”
“They basically put their protection on your computer, and then they monitor it 24/7. The service covers all of House Bill 96,” she added.
Village of Farmersville - The Village of Farmersville also voted to use [Vendor X] at its February meeting.
Fiscal officer Kelly Marascio provided an update to the Council, “So I reached out to Germantown, asked them what they did, and they referred me to [Vendor X]. It is $300 a month for five computers, because it means the plan will need to be monitored continuously.”
German Township - At its February meeting, German Township also discussed using [Vendor X], citing Germantown’s use and Jackson Township’s plans. Trustee Jake Stubbs said he wanted to first research the Ohio Cyber Range Institute, which offers free training.
The website says the organization, which is based at the University of Cincinnati, offers an educational program that guides Ohio local government entities through three cybersecurity preparedness levels. While the Ohio Cyber Range Institute offers extensive training, it appears to provide info for in-house IT teams to execute, and doesn’t offer the same out-of-the-box support that the other entities are hiring [Vendor X] to handle.
The Trustees tabled the issue, saying they may hold a special meeting to review vendors.
German Township also passed an ordinance to contract with Shoemaker Technology Group to upgrade its website to meet Department of Justice disability accessibility requirements.
Trustees mentioned in the meeting moving to a .gov domain, which is a security step the FBI and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency have been recommending since 2024 due to the tighter restrictions on receiving those domains.
For more information on Ohio cybersecurity requirements, visit the OhioCyber site.
© 2026 Twin Creek Times
Men, Say Goodbye to Eyebags, Dark Spots & Wrinkles
Reduce eyebags, dark spots and wrinkles with the first of its kind anti-aging solution for men.
Based on advanced dermatological research, Particle Face Cream helps keep your skin healthy and youthful, ensuring you look and feel your best every day.
Get 20% off and free shipping now with the exclusive promo code BH20!