all right the meeting to order call please here here notice this meeting was provided to the bville news and Courier News filed with the municipal clerk and posted on the municipal bulletin board on December 14th 2020 please stand for flag of the United statesis Justice for All welcome to the March 2024 meeting of the burville burrow Council this meeting is being conducted in person in the council chambers in burrow Hall and it is being broadcast Live on YouTube and on Zoom to make it as convenient as possible for residents to attend the meeting members of the public who are here in person and those attending remotely on Zoom will be given the opportunity to comment at appropriate times during the meeting in accordance with the following guidelines members of the public will be allowed to speak during during the open sessions and during formal public hearings on the agenda including public hearings on ordinances comments will be limited to three minutes per speaker which will be monitored and enforced by the B clerk comments containing offensive profane or indecent language or language constituting hate speech will not be permitted remote participants will be muted unless they are unmuted by the clerk and remote participants will not be able to unmute themselves the clerk will mute remote speakers at the expiration of the 3 minutes of a lot of time or if they make any inappropriate or offensive coms all speakers whether in person or on Zoom shall State their names and addresses before making their comments speakers on Zoom shall activate their cameras so that they can be seen by members of the governing body and the audience failure of the governing body to provide a live broadcast of this meeting or techn iCal problems encountered during the course of the meeting that affect her note viewing Andor participation will not invalidate this meeting or any action taken including but not limited to the adoption of in ordinance resolution or motion all right um first thing I have for presentations um I have a proclamation declaring this Casa month which is court appointed special Advocates if you're not familiar with them these are volunteers who get children who have been removed from their homes either because of A Dysfunctional Family an addiction problem and so they really support these children helping them transition into a foster home until whatever is going on is settled um they're amazing volunteers that give a lot of time and uh they just had a big fundraiser up at St John in the mountain uh it's a organization so I'm happy to acknowledge them for the month of April all right our second presentation I saw Greg come in there you are uh Somerset Hills baseball club netting project come on you just need to stand on the there wonderful can I pass along materials to council to it's okay okay well I just want to say thank you to Mayor the burough president and the rest of the council for the opportunity to uh discuss this initiative my name is Greg priz and I'm the president of Somerset Hills ball club uh been a board member uh for Somerset Hills ball Club formerly Somerset Hills L Le for the last 6 years a resident of Bernardsville uh for the last 11 years I live at for Hill Road um so this is something that U Somerset Hills ball Club has been contemplating uh as a 2024 priority um I think of in my mind what kind of prompted this and I remember distinctly a Saturday morning at kuas last year um a power hitting seventh grader on the major field hit a towering home run which sailed well be on the fence uh landed um in the miners Outfield and uh yeah obviously very exciting play um but uh it it it landed harmlessly in the grass um on the grounds of Kanas there were you know dozens of maybe even a 100 Spectators that were watching games of the snack check over on the tball field um but but that's just kind of one example of of of what I see is kind of in in you know a very unique and a special place that guanas is but how the fields are with home plate on one side home plate on on the other and then kind of coming into each other um with perhaps some some safety issues that that couldn't see as a result of that uh suers HS ball Club has uh taken on the initiative to to look at uh safety netting over the Outfield fence The Outfield fence is 200 ft on the Kanas Major Field uh in in distance from home plate and it's 4 feet high um over the left field fence and you can see it here in exhibit two uh is The quana Snack Shack and over the right field fence you can see an exhibit four is the t-ball field in right field and then the batting cages uh in in right center field so you get the picture you know kind of how the how the setup is um what we're looking to do is to to uh expand nettings um in total 16 ft from the ground so 12T above the 4ft fence uh along the perimeter of the Outfield from foul Pole to foul pole which would be 350 ft uh to solve this issue you know we have seventh graders we have 13y olds that are playing in the league now uh which is actually new as of as of a few years ago it's stopped at 12 um but uh I think you know there there's definitely the opportunity to hit one out but uh there's also unsuspecting you know Spectators that are there uh that that could unfortunately it hasn't happen and knock onun would but uh lead to something where a baseball would hit and and they're not seeing it so and even potentially even worse you know we have um 15 to 20 t-ball players in in right field uh right over the fence where that that could cause some issues so uh we're looking to address that and then also we lose many foul balls along the first base line and many foul balls out of Kanas along the third Bas line because the fences that go out of of Kus entirely are not far from the field apply those fences are 15 fet on each side in height and we're looking to expand netting an additional 15 ft so 30 ft in total on both sides 50 ft long um we uh reached out to and got and got quotes uh from from a few different vendors or top three that we looked at uh came back to us with kind of apples to apples uh quotes at the end of the day and the one that was most appealing to our board was solano's fence out of barefield and their total cost on it was $27,600 to remediate everything so so the entire Outfield in additional 12 ft and then first base and third base in additional 50 ft in length and 15 ft uh up um the other quotes that came back by comparison to that 27,200 uh were from a company York fence uh for $4,975 and Nets of America for $45,881 uh with uh with that being in play for uh for games uh moving forward great just one question yeah the uh we're about to um how easy is it to remove and like if you other improvements of the fields I know it only takes a few weeks to put off according to this but is it easy to sort of take down we have to do other improvements in the area like if we had if we had to take it like we had to do something larger in scale where yeah that doesn't necessarily affect that kind how permanent the structure not worry but just kind of um I don't I don't know about we haven't really inquired about the taking down aspect of it but it would I know I know that it would be up all year round I know that's been asked okay we wouldn't we wouldn't look to take it down in the winter it would stay up has a shelf life like of at least 10 years you know projected 10 to 10 to 12 years before potentially we need to replace the Ning um but if if need be we can you know we can certainly ask the uh you know contract we're looking at yeah not that I'm anticipating anything directly but like separately we're doing all this work on apoll grounds and we're going have structures going up and down and so I was just sort of wondering how how adaptable was sure okay all right any other questions comments one question sure is there a rule in your league as far as what kind of BS they can use there is yes uh we allow um we we do allow specific bats for certain divisions and in the major division which is using that field mostly um it's it's typically a USA baseball bat but we also allow for a certain BB core bat to get kind of technical so that that does have a little bit more pop to it uh and some of the kids will use that yes are we okay with this we okay on the funding so the timing the timing GRE and I were exchanging emails and they want it installed by April 13th the difficulty open yeah difficulty like I said email that they don't have Public Works registration certification so in order to do this right so Jack said it's fairly easy to get okay I just don't know how the timing is going to work and then the other thing is that Greg was saying he wanted Sommer Hill to be able to give a 50% deposit um to them we're not allowed to get deposits so I I'm not sure how we work that out that becomes yeah yeah the purchasing laws for New Jersey or they for Grand on the burrow okay there you brainstorm donations so I think that like I'm a little concerned about the April 13th I think that the first thing is that that you can see if they can obtain the public work I sent you the link yeah yeah it shows on there how to how to get so if they can get that um you know that's the first step okay and that could potentially be if they if they were to do it right away that could still take a little bit to be recognized that I don't um the other thing is I think bre is under impression we were doing resolution tonight but we don't we don't have the vend yeah I mean I supp you do resoltion but we have to get the money on the open space trust fund which requires an ordinance um so well it's the um why does it the ordance I was curious um told me the process here is open space open [Music] space that's I think that's acquisition yes even just for the um we we've done resolutions for smaller and even if you need I don't think it's a problem to do the resolution first but but the I mean I don't know that we we were prepared prepared to do today um yeah I think 20 so 27,200 is the total so 13 13 600 be 50% of that so then the you know on condition that they're able to get their certification and then I guess that how do you get around the deposit do they for their half and then we pay ours later sure that's fine we could go yeah so was saying she prefer the give money to us but is it okay to have them give the money directly to the vendor yeah because we're on we're yeah okay so as as they can go okay all right great yeah yeah let's their preferen we starting deposit so we need okay thank and just so everyone knows ni to mention but opening day is April 13 and we'll I'll be sure to remind you again but love everyone to come out and enjoy that Saturday all right thanks we have minutes to approv on February 20th and February 26th you have a motion I move I'll second all in favor all right uh we now have our first open session um before I open that I would like to just say that we are aware of the allegations that have been made concerning our administrator and you'll see later on the agenda that we are appointing an outside attorney to do uh an investigation so we will be having an investigation of the the claim um during the Open Session please we do not want to hear any more unfounded allegations because it's going to all be part of an ongoing investigation so any input that you have would go through the attorney um please remember that our open session is not time for debate or Q&A it's a time for you to make your comments to the Council on any subject you would like so um with anyone in on Zoom or in the public with wish to make a comment and if you're here you can uh step on the on the uh Chris on the Silver Cross thank you for your statement if it seems like I'm making any confounded allegations please tell me and I'll move on to the next points but I do have a response that follows on from my last appearance on Monday and I'll be quick our clock's running I'm Chris Amato of 21 Bodner street I'm a resident for 18 years and I've been the Bernardsville the bur IT specialist for 10 years I'm here tonight in response to a second rice notice and once again I want any complaint against me to be made in public not in a secret meeting I am proud of my performance and I have nothing to fear from a fair hearing I also have no reluctance to leave this position for another if I must and I renew my guarantee to provide for an orderly transition to my successor in any event I am here to resist what I have described as the same workplace pressure that has caused 11 or more respected co-workers in fine public servants to leave and take their talents elsewhere what's happened to me most recently is the following stop me at any point a favorable cyber security report was misinterpreted to justify a third- party report not shared with me that report was presented to you to justify a closed door meeting at which my continued employment was to be placed iny when I asked for that to be made public on last Monday on Tuesday I received a hair-raisingly inappropriate demand to immediately and insecurely transfer complete control of all burrow and police systems to the burrow administrator personally my attempt to seek guidance from the council and to do my job responsibly was then used to portray me apparently as an unreliable Road and to justify more harassment theater on my front porch which is how I character it uh where a dramatized and misguided but utterly ordinary request was delivered to me on my front porch by a police officer um that letter accused me of both refusing to yield highly sensitive credentials and of broadcasting these highly sensitive credentials to an inappropriate audience um and I was called on the carpet to Grant the burrow access to its own systems I quote the next day um despite having turned over these credentials the day before and despite still holding my normal responsibilities and fulfilling the best of my ability now I am in now I am in receipt of the cease and desist order and I've been issued another rice notice to show up tonight I don't know how this is reasonable behavior for competent management acting in good faith forgive me I have not received a single reprimand or negative performance review for nine years I was entrusted to set strategic goals manage major projects protect highly sensitive systems and make responsible choices every day if burough leadership really believed I was a risk to security at any point the only responsible thing to do would have been to engage a highly qualified and highly expensive consulting firm of forensic and Recovery experts they have wellestablished procedures to deal with such situations I did not speak up last week to preserved my employment I spoke up to preserve my self-respect I can get another job readily enough but I cannot get another Hometown right away and I will stop there if I am required to do how much more did you have a paragraph thank you um in the last few days I've been very grateful to be reminded how many friends I have in our town and how many friends are yet to be made when I start conversations like this one I believe that time energy and Goodwill rightly belonging to all of us have been squandered and spoiled that the Burrow's human talent pool has been drained and then poisoned that the most Junior and vulnerable of our public servants have suffered the most and then been blamed for their own pain and loss please set these distractions aside for now burough systems are safe and we know how to make them safer instead please renew your commitment to honest and transparent service in the interests of your fellow residents thank you for your com um Chris you give to cop for the comment I have other comments I will leave available I'm happy to address any questions you might have in my official capacity or as a private individual otherwise I will sit down right thank you thank you would anyone else in the public like to be heard just need to stand on the silver x on the floor see hi my name is and I'm from 27 Sterling my name is CH I'm the finance department and I've been here eight years I also um work here I'm the part-time taxor the assist to taxor uh this is Tiana aren she's also 27 Country Lane Sterling and she was a former employee here and these are one Hill employees did you want all of their names then only if they're gon to speak if they want to speak then yeah this is Don H Don Yuber the Fire official in the township of lville it's HB R Mark Andress o n d r i I am currently the code enforcement officer in Longville Township Deborah Co I'm the zoning officer and planning and zoning coordinator in Long Hill Township Marx so we are here just to support Nancy uh not only a boss in Long Hill but a couple of us here she was I was her confidential um assistant in Long Hill and we worked closely for several years when she left Long Hill we were devastated and we were the she's the only I think the first and only administrator ever out I think Mr can attest that um so we just wanted to say that Nancy Works structured above board and is always Pro she does the best to accommodate everyone and always she always has the employees best interest even if it's not popular yeah she's a good Advocate um and you may not see it on the outside she has a a solid structure but on the inside definitely employing marshmallow um K she was in employ here for a a month just a month yeah she did not leave because of Nancy um no I yeah Nancy actually so kindly did offer me um another position the different one than one I was doing but I on my own will step down just due to complications with another employee that think he's C yeah have anything not one not at all not at all reason something I've been here for eight years almost eight years and this place was in total turmoil when before she came everybody did their own thing nobody would listen to anything because the administrator just didn't care before an ancy so people would make their own hours they came whenever they felt like it left whenever they felt like they worked from home nobody ever answered the phones from home and it was just chaos and then us people who had to actually be at our station it wasn't fair to us but when Nancy came she put a stop to all of that and these people just didn't like happen to adhere to any kind of uh you know yeah so they decided that they were going to find a job where they could do what they wanted and they apparently did so they left but it was wasn't because of Nancy it was because she made sure everybody did their thing and I think it's just like a Hile situation at the moment and I think lastly I would just like to say that I work U like I said confidentially with Nancy for years in the other Town having done so one of our main things is cyber security to work for the gy to get all that Nancy always had secure logins and she had everything I had and the um Our IT person had she's the administrator it's important she needs to keep on top of that keep make sure we have read at the TP tier of our structure and make sure everyone is secure um so that to me is not that normal and I think that the charge words being used to describe her I think that is a strong um in my department that I worked in when I was here it was the zoning construction code enforcement department and everything um before Nancy took over as administrator I think I had heard that the previous administrator as you said back you said kind of let them do whatever they wanted and I heard that in that department that I had joined they had all shut down for one hour of lunch you can't get you couldn't get into anything at all for that one hour they decided to go to lunch they Clos off the whole thing locked it turn the livs off and that was one of the things that Nancy had said like okay we're not doing that anymore because we got to be at our desks and I guess just cuz it wasn't like a freefor all anymore that was oh yes I did I worked before berville as well so I had already know how like a well Machine looks like with her and I would like to see that you know anyone else that's not sry another three minutes that's not going to by three minutes right 3 minutes not a long time but I'll be quick thank you your honor I did make a copy of what I wrote and I'd like to provide to with permission and I will try to be brief I know I have three minutes so let me just Begin by saying thank you for the opportunity to come here tonight to speak on behalf with Nancy you know that's why we're here um I'm not a good cheerleader some people say I don't have the legs or the air for it but Nancy is the person in my view was worth cheering about uh little background and this is really why I wanted to speak um people wonder what makes me think I'm an expert and I'm not but I consider myself somewhat of an authority I've worked with Nancy for over 30 years we first worked together when she was a legislative Aid and executive assistant for New Jersey state assemblyman Alan augus of the 22nd legislative district in with Scotch Plains mountains side bwood Westfield uh we lost him too early he was a great guy and he ran a great office uh Nancy was his primary uh legis ative in fact his only one but she was tremendous she and I worked together on fire service legislation at the time I was a career fire chief I was also a legislative agent euphemism for lobbyist for the career Chiefs Association Nancy helped us put together very meaningful legislation that helped the public this is this is this the soul Nancy Mo serving people and I know this because I've worked with her in a number of capacities first in that capacity we eventually moved on Nancy went to law school raising a family two daughters her husband Paul and Scotch Plains got involved in politics in Scotch Plains we moved around a lot but our hearts have always been in local government we didn't always agree we don't have the same opinions on everything but I I I know that in her heart she cares more about public safety and serving the public as much as anything other than God and her family so so I eventually went to the division of fire safety I was uh very fortunate to be given the honor to serve there as the deputy director and chief of staff I moved over to the division of local government in Community Affairs as a fiscal monitor one day Nancy arrives as the Director of shared services did a phenomenal job with shared services so much so that they in short time made her the deputy director of the entire division she she served with honor and I will tell you all of these times that we worked together there were difficult decisions that she had to make in in the role that she had she always showed empathy she always thought things through she tried to do what was best for people but she also recognized she had an oath of office and an obligation to the public and she always upheld it in my view uh you might think that'd be the end of the story uh but not so much we went on to working in other local governments she eventually went to Long Hill the day came when their Fire official went to his hometown got a job at his hometown that's great I get it she needed a Fire official she happened to know I was certified asked me if I'd be willing to serve temporarily that was in uh 2019 and I'm still there uh I'm I'm actually very sorry that we lost her our loss in my opinion with all due respect was your your you're great game uh I'll just leave you with this thought and I know you know this when you're in a position like Nancy Mo sometimes you have to make tough choices you don't want to hurt people I think I made my point thank you for your time and uh I appreciate it very much have a good evening hi my name is Mark Andress and as I said I'm the code enforcement officer of Longville Township was actually hired byan prior to that I had 28 years in law enforcement experience I've worked with hundreds of lawyers around the state and having worked with Nancy I found her to be one of the most forthright and professional attorneys that I've ever met uh as you've heard before she backs her employees to the hills one time I was in early on in my career there I had given a summons to someone he confronted me in the hallway he was very you not unreasonable but rude and little insulting out of nowhere Nancy came flying down the hallway don't you talk to one of my employees that way uh and I felt great that I had that kind of backing so she is someone who not only professional not only fourth right but whose backs are people to the hills and I and I join with Don and say I think the of Bernville is very very fortunate to have somek um good evening thank you for having us all here tonight we're happy to be here to support Nancy M as you know um Deborah Kum the zoning officer and planning and zoning coordinator Nancy hired me in the winter of 2017 and I've been there ever since I was formerly in Livingston New Jersey so I've been doing this for a over 15 years I've worked with numerous administrators uh to which in my professional opinion Nancy has been the best as far as advocating for her employees uh supporting the residents of the township supporting the initiatives of the governing body and as I completely agree with everything that my co-workers have said Bernville is very lucky to have her thank you hi my name is maryan I'm the on the tax ctor in B Hill Township prior to uh Nancy hired me in 2020 prior to that I was the tax collector in Island Park and also the B of Wong and um I just want to I'm sound like a broken record here but I just want to repeat everything and reinforce everything that my colleagues have said um she truly is um a gem as as a administrator for her employees and people that work in local government get experiences with different administrators and you you get a feel for for the how she feels about her employees and you know she has your back and you can count on her and she will tell you the truth and she tell tells you like it is and she respects her opinion and that's very fortunate to and I'm miss you we all thank you for your time please thank you for coming um any else anyse you see anybody up on the oh I didn't see even 51 Drive uh the municipal property at 251 Claremont Road was purchased in 2019 by bur tax parage for $950,000 the purchase was promoted by the Bureau of worth investment because provided access to the beautiful preserved W trail behind the property and also because the property the building on the property could be utilized for recreation purposes surely before the purpose American was quoted as saying that it was the burs intent to maintain the house which was in very good condition and could be used to provide bathroom classroom storage or other activities of Recreations shortly thereafter the bur hired a professional consultant prepare a Parks and Recreation master plan for the bur part of the process was to conduct a burough wide Community survey to identify unmet Recreation needs and taxpayer priorities for recreation investment the experts plan explicitly calls for the preservation and renovation of the House of T clont to address unmet Recreation needs for indor programming space this Council unanimously approved the proposed plan and referred to the planning going for consideration and adoption for a master plan where it's currently P one week ago however this Council for the first time announced its intention to demolish the existing house uh to F in fact the council apparently seems in such a rush to demolish the house that agenda has it listed simply as a resolution or a consent agenda with no public hearing I would strongly advise against such a rush process and decision I that any decision to destroy an asset in which the taxpayers have invested hundreds of thousands of dollars should only be made after considerable public deliberation Community engagement and solicitation of input from interested stakeholders I'm a uh den leader in pack 150 of the Cub Scouts I uh mentioned this uh to my cup Master Mr Phillips and he's here tonight to talk a little bit about um unmet uh Recreation needs among the scatter Community for indoor programming space uh I hope and expect that cooler head will prevail and that this Council will take a considered deliberative approach to this significant decision um but before I I hand over I wanted to make uh one point about a topic raised at the last meeting concerning access to the property um this building in no way inhibits access to the park and trails at 21 CL as was indicated by council at the time the property was purchased there is more than adequate room for parking already on site to the intended use of part which is passive Recreation and limited Recreation programming there's no benefit to destroying a valuable Recreation asset to replace it with a large parking lot that is not needed for the property's use I do not believe that the neighbors or this Council want to create an event space on this property with 40 or more cars worth of people need to be present at any one time the building on the property is not an access issue if the council is truly concerned about access to the property it should be asking what can be done to widen and improve the driveway for safe simultaneous entrance and eress on thank you for your time thank you good evening my name is Andy Phillips at 94 pill Hill Road here in Bernville um I'm here tonight as a representative of cup scouting in pack 150 as just mentioned and I first wanted to start off by just expressing my goals now ations for The Scouting program here in Bernville I want to support and grow the program that gave me a solid foundation that I still use in in my everyday in my personal and professional life I have two boys both seven and nine and as they have become of age for scouting I want to make sure that that program exists for them uh so that they can learn grow and benefit from that right scouting is designed as a program to instill leadership active citizenship and a sense of service uh it is a program that is also spe specifically designed to for exposure to a variety of topics uh for the uh for the agent Scout the current situation with scouting and burn is that we have no home base right no sense of home or or area that we operate from we use different properties around the the municipality not only is this a loss of sense of community but it also presents a lot of logistical challenges that negatively impact our ability to offer the program to our youth um much of the The Scouting year occurs during the winter months where indoor space would be hugely helpful and finally our storage of our materials are scattered uh around my own home as well as other Den leaders uh and other places around the town so what we're really looking for is a discussion to as an opportunity to engage about the possible use of 251 Claremont as a space for uh not only scouting not only Cub Scouts uh troop 150 and also have reached out to some of the girl scouting programs and all of many of them expressed interest in the possible use for their own program you know the space as well as Peter track nearby offers uh opportunity for quick hikes potential camping location things like our pinewood derby small work woodworking projects maybe a garden all of those things are part of the curriculums of scouting within town so again we'd love an opportunity to discuss the potential of usage of that to benefit The Scouting program in Burnsville thank you very much thank you hello good evening can can you all hear me okay um so just just here supporting Chris I just want everyone to know I think Chris is a a great asset to burner still and always has been from the time that I was there to witness um I was uh in Code Enforcement I was the housing inspector I was the tree conservation officer I was the zoning officer so I've had a lot of experience with different positions in the buau that I very very much was tremendously grateful for um I met and worked with some astonishing people and Chris was one of them and I will say that once the leadership had changed um just last I guess it was April um you know a lot of things had changed in the in the fact that the morale was down um some of those that you just heard from uh lied to you uh the construction and zoning office was not a free-for-all by any means um I have a lot of respect for every single individual that worked in that department part-time or full-time um even in the recck department they were right there with us at the library location it was a beautiful location I was very fortunate to work there I really was I I admired every aspect of that move and and really utilizing underutilized space in in Bernardsville was very smart um moving the burrow was an idea the moment that the new administrator came uh that was her main focus and her priority was to move us to uh 150 morst toown Road um obviously that was just not a good idea and it wasn't also a good priority when you only four months in and you haven't even gotten to know anyone of your employees um like you said that you would so I'm just speaking because I love Bernardsville I loved everything about there um I watched that Community you know I went to some some houses that were very unsafe that I could firmly say are not in that predicament anymore um and I think that's due to how conscience we were of work working together administratively making sure that all of you know forms and people were noticed and landlords and tenants you know were notified of the you know there compliance that they had to meet I mean I could go on and on about the things that we did in our department alone but I will tell you that every single person that left that burrow was because of the new leadership we were bullied we were harassed and you know people will say what they want to say and that's okay I know you want to cut me off but it was okay for someone else to put words in our mouth so you know at the end of the day no I purposely said please no more unfounded allegations so and the time was up do we have anyone else don't see anybody else hand all right then I will close the open session and we're moving on to ordinances um um one do that oh wait I have to open a public hearing uh so I'll open the public hearing on ordinance 2024 1993 calendar year 2024 ordinance to exceed the municipal budget appropriation limits and to establish the cap bank would any like to be heard on this see done close the public hearing okay now you I move to pass ordinance 224-1 1993 on Final reading and adop published second roll call please yes yes yes Mr yes Mr Mayor yes all right I will open the public hearing on ordinance 20124 1994 an ordinance abolishing housing Property Maintenance zoning compliance advisory committee in amending chapter 2 of the B code entitled Administration do anyone like to be heard on this none I will close the public hearing I move to pass ordinance 2024 1994 on Final reading adop is public second call please Mr yes Mr Ruth yes Mr yes Mr yes line yes I will open the public hearing on ordinance 2024 1995 and ordinance concerning payments to Municipal professionals under the municipal land use law would anyone like to be heard on that seeing none I will close the public hearing uh Christine I move to pass ordinance 20241 1995 on Final reading and adop is published second roll call m r yes M yes Mr yes Mr yes M yes want to move the next oneu um I move 2024 1996 appropr $100,000 from the sewer Capital Improvement fund for upgrade design of Morrison Avenue Pump Station being title passed on first reading published according to law and that a public hearing be scheduled for meeting beginning at 7 p.m. Monday April 22nd second all in favor opposed I move that ordinance 20241 1997 supplementing and amending Chapter 3 of the burrow code entitled police regulations by adding a new section 3-27 titled resident protection be introduced by title pass on first reading published according to law and that a public hearing be schedule for a meeting beginning at 700m on Monday April 22nd 2024 second all in favor post can I say something about that one yes um I think people should really read that one anyone who's watching or um in the AUD audience it talks about something that is pretty prevalent where someone will come and try to steal your car just check to see if it's open and that's what we're that's one of the main things in that that we're trying to address like making that y yeah so even if they don't steal your car they're trying the fact that they're trying is punish done that but if it's something that happens now if it's in your driveway yeah it's not punishable now and that's a big problem yeah and this is a u an ordinance that all the somerset towns are doing as a joint effort to uh try and cut back on car thefts and breakings that we've been having lately and uh I believe actually Ernest Township has almost all of its cameras in and yeah so we're making [Music] progress 1998 right I move that ordinance 2024 1998 amending the storm order Control Ordinance and supplementing and amending chapter 12 with the B land code be introduced by title pass the first reading publish public hearing be scheduled for a meeting beginning at 7M Monday April 22nd 2024 second all in favor opposed all right moving on to resolutions I think we discussed these all at last week's meeting and we're adding the one for the I guess be87 assist the Su Hill big installation netting of the guas major field where the total cost of The netting it's 27 ,200 and whereas Hill Baseball Club paying for half the cost now therefore be resolv $15,600 nearby appropriated open SP trust fund and the contract here by awarded to Sal wow we got it go okay so that was 2487 yes can we discuss 84 yeah [Music] the septic incl well 21 yeah sorry all three separate projects um so just so that you I don't know if this is helpful very discussion but the fact is that um we've not been able to find the well and we believe that the well is probably under the house um in order you would apply for a AC grant for this and I can't I honestly cannot remember the amount but it's significant and um we cannot get that money until we have proven that we decomission the wealth um if we were going to use that property like for a house we have to put a new well in um and then we have to close the septic tank as well so we can't find the well um until the house is taken down uh or not entirely taken down but it needs to partially be destroyed in order to get un well um the other the other issue that I mean I don't have to tell you about because it started before is that we had difficulty any property store which was to be used for the parking um on this property so um we did get the input from the Recreation Commission who supported the demolition of the house to replace it with a pavilion or good Zeo or something like that so that is just I talk about it now and and the need that it needed to be ADA Compliant on top which well the house needed a lot of it absolutely need a lot of work there I don't think there were enough VES but they weren't ADA Compliant for sure so there a lot of money need to be put into the house um but I think the primary reason that we had difficulty was it is the well you know the D requirements for greenat for us to be able to get that money back um but I think really the biggest issue is that we won't have the parking use that par um you know any kind of public recreational area so without placement store you know the lot of store there's no parking so um it makes it difficult is there a reason that uh that the decision needs to be made like it's there's some kind of speak because of the money so we found out today that um so this is a I think yeah New Jersey land conserv handled it um we found out things still have to be done it originally gave us a deadline of March 30th and theyve extended that half June 28 at risk of losing the reimbursement neighbors so we have work done by June we have to provide them with about I think it's like five things um a lot of paperwork but they also need to have the um a report that the well has been he commissioned a report from the health department setic tank [Music] um how long does it take to turn around those reports I don't know um we we actually got a quote already for the engineer told me today I can't remember it's SE or the well um I think the well will be like a little bit more difficult because we don't really know it is for sure um so we're getting we were in the process of getting votes for the actual demolition itself there's a lot of steps that have to be taken before you demolish a building Health Department input there's got to be an exterminator in this case there's got to be Somers County Soil um they're also requiring a topographic uh survey which we're hoping that they'll wait um because that's another expense have to get that and so all of those things need to happen um we we have to get letters from the gas company and the um electric company that they have been disconnected um that is probably pretty that's one of the easier things to do so uh and then there's some things at the building department a couple things plumbing and other things you have to fill out so it's a process and we only have now till the end of June we have three months we have three months um it's a it's a lot to get done quickly but we've been working on it since the last meeting when you said to start getting close um I'm hoping that we can't get done on time but if you delay beond tonight you know we don't meet again till April I think it be done but if we leave the house we don't get the grant money is that if you leave the house we still have the decommission the well which means we have to find it so that means doing damage to the house in some respect and then we have to put a new well in so we'll never get that done by the and that's Green Acres requirement yes his preservation appr and just remind me again jack I'm sorry if you said it I just didn't Frack so we are on a timeline from 2 2017 for this like in other words is there another opportunity for another round of grants in 2025 or it wouldn't we couldn't get money for this property because it was already purchased okay one of the GRE rules generally is you can't get money for property you even have contract yeah I guess I was just gonna say and I understand like the the desire to have a meeting place and I mean I don't know but clar Fieldhouse you know they have classes there I don't big enough for meeting place um you know there might be other opportunity that we could assist with the other properties that we have right I guess what I'm trying to solve for is you two Scout leaders come tonight right to uh Express just the desire really to have further conversation on it um is there an opportunity for them to go to the recreation committee have a discussion over the course of the next three weeks start moving things forward with a final approval before we start on in April another words give them the opportunity to both provide their input in case the recommendation changes or if there is a a solid plan to create a structure at some point on this property maybe they'll be able to hear and provide input into what that structure looks like that might accommodate The Scouting and it could be similar to what we're doing at the poam right could be you know a small Pavilion with a meding room and bathrooms rather than this kind of layer but Ian I suggest just further discussion with Bob but I I don't see that keeping 251 in its current statement in form is going to be an option at all um okay and and we've spent how much money on maintaining that property do we know I mean I heard it was like some ridiculous amount and we can't keep doing we can't do anything with it and we can't continue we can't use it so it's really giving us zero benefit so maybe what the continued conversation with the scouts is where else what else can you do is there some other way you can accommodate meeting Space Storage and things I mean with the Pavilion coming The Pavilion will have storage so there's options that could be discussed but I think be best done the recm and we also talked about keeping at 251 the area that's outside but covered the carport maybe not that exact structure but something similar to that like a picnic area so like a campground type of the issue that they were trying to solve for is the winter right most of the meetings are the winter yeah I know when my sons were in scanning they always met in the school in the cafeteria you still do that pay for that we do some um there is requirements now with BSA that for each location you need to fill out a a COI for each time and each location so that's part of the administrative burden that when we we pick up and we move um I'm spending you know time myself uh filling out all these cois with PSA so more permanently location would alleviate that not only for ourselves as a pack which is K5 but also the dens if they were to try to as they program um each each uh we can and then there's other winter months is one thing that be brought up the other is um for example p with Derby it's a big car racing the cars um as long as we could like set up the track and then you know leave it here for a couple of days uh that would be viable this space is big enough you know the chairs all move you know so there's there's some things like that that would be beneficial to have a semi more uh permanent space right you know I mean like supposed like the library we would want leave P track up for a couple days what month is that we typically do Prime dirty in January January yeah we've done it in in well in the cafeteria um what the challenge we have with that is that it's usually a Friday night if there's any snow they dis they dismiss after school activities we have I mean I'm the rec committee leison so I'm happy if you want to email me or whatever and then we can I can talk with Ted Dolan who's the chair it's a public meeting so you can come and then we can at least start those conversations and then get some ideas going because I mean you guys are as much a you know an activity and part of our community as any sports team and club and we should be just as close from a w perspective so um I definitely say we I think we meet on the second Tuesday of every month but I can check all the schedules and and you know yeah and I want I don't I don't know we haven't really talked about it since I got here but there is that one property down the street um 271 like our side building I I mean I know I don't think there are bathrooms in it yet but I mean I the little house there yeah there are but I think the septic has been I mean the the well is gone the septics gone something's not do you can't use the bathrooms but we'd have to put in in new septic and then there's the historic house I don't know what the situation is with them well right now it's the barn that they didn't work not the house but yeah that's so I mean might the opportun to expand right now yeah that's true one thing I forgot to mention in my my three minutes earlier if ongoing maintenance is a concern I know there's definitely maintenance issues that are beyond beyond my knowledge base um but you know something I failed to mention earlier is that I see it as a source of potential Eagle Scout projects that you know are ongoing there are many recently there was one where member of our truth U helped refurbish the 100e old scout in feack um that we're trying to work with the town to see if we could try to make use that space it's not working out so well um but in terms of ongoing meetings I again did do a quick poll of scout leaders and multiple both Girl Scouts Boy Scouts and Scout leaders all said you know we would be interested engaging our community to help support and maintain you know any any place we find as place just one I not to um summarize quickly your comments Aaron but like I think the other part of this the conversation is just that there was plans to improve a house of 251 and now um for a variety of reasons we're talking about demolishing it I just want to double check the house structure as is is not usable right from your understanding that's what I understand yes yeah because we have no will we have no subject and you have no ADA Compliant access right so like the thought being though that which we didn't know at the time Community being told one thing and then obviously now there's we have to demolish it I mean could there be a conversation I guess we're talking about in wreck and maybe Public Works potentially to talk about what type of structure might be useful on that property going forward since that's the opposite case we can't use the structure there now so maybe there's an opportunity for them to provide inut in that to now that we talking about at okay or if there's a way to keep part of it whole I think the difficulty there is finding the we yeah um I Heard it might be under the carport um might be under the house you know unfortunately John didn't have somebody up there with a metal detector you know and they they couldn't find it so the um interesting thing we'll be getting the this um demolition permit because we have to close the ball before we get the permit the commission law so it's almost like a catch um so I don't I don't know how that's going to end up they reach out to well they're like the only well guy in town he want know where I think he's the one who went um because I guess he's a guy yeah yeah John said that he gone out there you know as a favor to help him try and find him couldn't he couldn't find so um I don't know how you say part house I don't know what structurally that would do to the rest of it you put down part of it I you know you need like an architect or something I I would know where to begin yeah I was an advocating part of the house I was saying that well that um event like providing input and what could eventually what I'm yeah yeah we should reach out when we want to make plans to all the groups that might use it and is the Claremont Clubhouse something that they could use right um I know that re uses it for yeah um I don't know that you could leave stuff there I don't think it's but it's a conversation we could have with Bob yeah it's not that big but it definitely could be meeting spaces for different yeah I mean that's where they do the the food distribution which pretty big inside and there's a bathroom but I don't know if there's any storage room yeah and I know they put a lot of time into cleaning it out and fixing it up be a good use for that yeah meetings it's definitely not big enough for the P of Derby but meetings could be meetings invate yeah so then do we have to go ahead to I think we got to have I'm okay yeah okay so so you want so we need to add to the resolution that you're commissioning the well and closing the septic um but like Jack said for purchasing uh from a purchasing standpoint there are three different projects because they're combined if they were to exceed the bid threshold Decks that they I looked at as individual projects which makes sense to me as well but can we do it all in one resolution yes oh okay so we'll just add that to 2484 that include 2487 yeah and 2487 yeah and your Nancy also word contracts quotes in word contracts three yeah even they're over all right um Jay you want to move the resolutions I move to pass resolutions 2471 to 2487 I move that resolutions 2471 to 2487 be adopted second roll call please Mr yes Mr R yes Mr yes Mr yes Mr yes all right yes nous updates okay um we had on March 6 the um Joy from Main Street National here for the day a lot of good input we went through all the survey results and she spent a lot of time with Olivia so um talking about the transitional plans so a lot going on there uh I attended the um lead's lunch and learn was on the Oprah portal housing and the transportation Trust fund proposed legislation since then Oprah got thrown out affordable housing got passed and I think the transportation trust fund is on the governor's desk so um yeah there's uh Jack I'm sure you'll be filling Us in on all the affordable housing stuff at some point yes in fact I just signed up for continuing legal education April 25th which one of the presenters is Judge bu who was our special Master last time discuss the new legis question after that I'll yeah that went through really quickly um I attended the somerson County Business Partnerships International women's day breakfast um keynote was wonda hope of Johnson and Johnson and then I had a panel discussion there were probably 300 Somerset women there it was really a real a good event uh I attended and presented the proclamation at the equal court of honor for Max boac and I heard now April 16th I believe I've got four more Eagle Scouts coming up I think that makes 10 this year that's a record we've never had that many Eagle Scouts at once it says a lot about DRP 150 under the leadership there I attended the coffee and conversation at community in crisis um those are very useful because they invite other social service agencies from around the county to present what their resources are so they had safe and sound Somerset uh the early intervention support Services New Jersey harm reduction Coalition and the New Jersey Department of Health overdose task force um we are very lucky to have Community crisis in our town I think they they do a great job um we had a meeting of the mayor's Wellness Campaign Committee we once again have qualified as a healthy town to watch we didn't make a healthy town yet but we didn't lose our standing so I'm proud of that um we met with uh MV regarding the train station and those plans are still on the T on goinging the negotiations but we are waiting for New Jersey Transit to get back to us about the roof replacement at the train station that is their responsibility um and they did assure me that the work order has gone in yeah and I also attended the suers county governing officials Association monthly dinner in Warren we had a hazard mitigation planning committee meeting that is I'm glad the county hired somebody to do that because I know Tim was there that looks like a lot of stuff a lot of work you have to put together um it's basically to reduce uh risk through proactive planning to increase resilience and reduce future disaster losses so a lot of work to go into that but it'll be a countywide plan uh officiate at my 16th wedding last Saturday and yesterday I was participated in the Shamrock Shuffle which is the big fundraiser for St Elizabeth's it was there a really good turnout it was supposed to be Saturday the rain tled it so they did it yesterday at 2 o'clock um but they did a really good job was a great turnout and kudos to the police who kept uh everybody safe and had the rout very well organized and marked we only had two people get lost right the mountain somewhere two kids that were wandering water bottle assist not runn oh that is that who it was you could have find your way back so that's my report question did we get out of Banner for mayor's Wellness yes yeah we'll get another plaque and another Banner actually the Banner's not up at go to so we will get a banner a plaque yeah and we're going to work on it for next year to try and get help in town it came up from we were in bronze now we're in silver bronze and we want gold or a bronze silver gold yeah so administrator Bo Bob marck actually just told me that the cottage at M all we're talking about would be fine um for the scouts it's a very nice space that we currently got any plan for um the bathroom was taken out but we give portter potties there and the water does work so um work on that that's it's I mean it's a pretty big room it has a kitchen and then there's a bedroom in the back so there's another big not big but a room in the back I've been in there um I I mean we' have to put septic in if you wanted to use the well I mean for the time being PES until figure that out yeah I don't know if is there heat electric find yeah but it is a nice siiz room and I think it even has a little fireplace or a ledge there 271 yeah yeah a little tour bur one afternoon yeah take a ride you've been in there oh yeah was there a fireplace uh yeah what's nice is there's a little kitchen so if there's water you know you can have snacks and put a refrigerator where are we on where is status of correct the entrance to 271 where thead no had plan done yeah we had a plan done to correct the entrance to 271 they did they did DPW did that well that was the turn it was the turn yeah I think they were going to talk about clearing out that island and allowing it to no I think we were widen the side it was widen side I think that I Doug was working on that right I see call him saying that that that um do wouldn't allow it on I know he was in contact with do I don't know what the result fix the turn so used to have to take two tries to make the turn I remember maybe look into that yeah yeah I I'll I'll try and find out thise people start using it more that I remember proing the the entrance and then the flow through 271 right because you can't make a left it's very hard to see when out there yeah all I'll um I only had two things one of them is I I got an email about an opportunity um I think it would be good for us uh well two opportunities one of them is congressionally directed funding has begun it is a really quick turnaround we just got the emails but I would like to um apply through senator CER office um for money to scan um all of our documents it's a huge job I mean it is something that is so needed um I think I mentioned to all of you when we had that tornado last year while this is a very secure building the roof is not and I was really concerned because on the fourth floor has thousands of documents so um it protects the documents it makes them easier for employees to find and it helps for op requests like tremendously if they were scanned an index but it's it it's a very expensive um project so if we could get you know a million dollars for that would it cost that much really yeah I only I can only go buy the code that we got when I was in Long Hill and it was five I believe $500,000 and they don't have anywhere near that we we have here so um I think a million probably would cover but it would be it would be a big thing so well the worst I can say is no right yeah so if you're me applying for that um and then the second I got an email from Millennium strategies which is a grant writing company um I think this offers we're we're taking it's called Flex Consulting service and so every month they would apply a grant memo summarizing the Grant um opportunities applicable to fville um and would have access to the portal I've used them before their portal is great they have recreation grants and fire grants like every kind of Grant there is out there that applies to municipalities and nonprofits um and then unlimited consultations to discuss the viability of the grants so whether or not they think that we'd be able to get them or not um and then it would be up to us if we wanted to apply for the grant or they could they would help us for an additional fee but for the access and for the unlimited consultations um they would be charging um $400 a month so say $5,000 a year under the quot threshold um they are currently in 120 municipalities um I would like to attend a zoom with them where was invited to find out more and then it's up to you whether you want to give me the go ahead or you want to come back at the next meeting and tell you about it yeah I think um tell us about it yeah yeah go to the zoom and let us know what you think okay um and then the last thing I have is the last time we met we talked about the polar grounds and the lights and how long the lights would be be on and we all you all decided that 8 hours was too much for those lights to be on um and everybody asked if we could do six four not enough um Tony and I met with the Suburban Engineers um the other day and they said yes they could do a six hour timer um they would like to we're trying to find out the cost they would like to eventually put in a control box so that when if you do additional lights they're all on the same like not the field lights but the parking lot lights would all be on a timer that could change with when daily Savings Time came right but for now they're able to be on six hour a six hour timeline um I am waiting to you're back from the contractor to do the balloon test in the next week or two and then today I think you are supposed to get back leave with your decision about the kitchen appliances somebody was going to talk to the coaches see what we want to do with that no that was me yeah there's a beautiful six burner range and oven with a hood professional Hood in building take that why not to Mark Stevens so the question is I guess is the bigger right the other things we talked about going to be commercial kitchen we going to have health licenses and who's gonna clean up and's all all of that so um you're you're GNA find that out I mean I don't know that they're going to have so much input on this I know that I know lacrosse wants to use it and I know that football wants to use it for concessions so I would say I mean what we agreed to put the hood in at a minimum yeah and then have them upgraded and then they want to add anything else refrigerator theid leave the room for them to upgrade if they want if there's but the cabin is concern out that is I don't think asking them to pay for cabinets right but just the equipment oh no why we pay for them get them there well yeah nobody has to pay for yeah that's great um so I'll just talk with them and let them know that the fryer and the stove or whatever other things it'll be outfitted for what else the fryer and the stove and that's it fire the fire where you leave the fire then they want buy it I mean the point is we're putting the hood to use a fr the hood the hood it' be difficult to RIT later so the question is will they buy the prior um and then you need to decide about the oven I mean if we take this oven I don't know I tend to think that the engineer is going to say oh they have to meet certain compliance maybe they do maybe they're you maybe they're not considered commercial I will find out but if we can use those we might as well put it over there and you know then right right and um and then they would have to about prior and then come up with a plan for how how everything's being M I think how to operationalize it which they'll probably need a couple board meetings on their to figure it out and have some meetings between the presidents of the as well and I think what I think re needs to figure out as well from an operational perspective who else are they going to let use it have is it for residents is it for other clubs what if you know Boy Scout say since they're here we can pick on them what if they want to use it for a gathering and they want to you know use it the stove and the fryer and whatever else so it's like how do we how do that how do you organize that right exactly yeah um so I will find out I'll talk to the architect tomorrow and find it we could use what we have I mean that's a fantastic idea if we can repurpose St instead of you know putting in the garage yeah okay I okaying on to items of business we accept the monthly report oh the yes somebody make a motion month reference all in favor I uh use of the burners High School parking lot for the electronic recycling I believe that's April 20th yeah so I think we agreed this was fine you want to move it I move to confirm the use of Bron high school parking lot to Stage electronic recycling E-Waste collection event all in favor right uh this is for um sha tree uh did not have a chance to reach out to uh Greg D gr Creek because he was also trying to see if someone would be the chair but at least we've got a committee again so that's a good thing um yep I move to confirm mayor's appointments of the shry commit second all in favor oppos okay uh next on discussion is cyber security and infrastructure this one um actually the reason that we had a a rice notice for Mr de yeah for Chris um our J joint Insurance Fund had asked that um since we had not checked all the boxes that we have a study done which I believe we used one of their recommended people to do that study and that study then said we probably should do an infrastructure one so we had another company do the infrastructure one so those are the two reports that we wanted to discuss umh yeah good evening everybody oh there you are hi can everybody hear me okay yes yeah can hear you um if you can't give me a high sign sometimes the microphone on this laptop is a little sensitive um so Josh is another third party this is our third um Tech consultant consultant who has looked at those two reports and you're going to kind of give us without giving away secrets to our systems yeah absolutely so um I I'll if if uh if it's okay take a moment and int introduce myself um just kind of a little bit about me U my name is Joshua schmookler I am the uh owner and president of uh Aon Computing I am we are a uh services provider I'm an IT consultant um have been in the state of New Jersey for over 25 years um I have been um employed uh professionally uh doing it uh now for 23 years um I've been working for Aton for 17 years uh started as a technician uh way back in the uh dark ages of 2007 um and I loved it so much that uh I bought the company when the previous owner retired or wanted to retire um Aon Computing does specialize in state and local government um it is 80 to 90% of our business is local government in New Jersey Law Enforcement um we work with a large number of towns police departments counties and state agencies throughout the state um I personally have held a number of um certifications um including uh Cisco CCNA ccnp certification I am V have been VMware certified I've been uh Red Hat certified uh Microsoft certified you name it um and you accumulate these things over a 23-year career um probably most pertinent certification to this particular discussion is I have been cgci certified uh through the University of North Carolina for uh about seven years um specifically specializing in um it as it relates to uh local government operations um of course um you know do want to State um you know I am not here to of course speak as far as any personal opinion of either Nancy or Chris um I'm just here to talk factually about these uh two reports that were generated um and go through kind of some of the findings um the first uh report uh that was generated uh was from a gentleman named L Romero um which was provided by uh the Mel and the GIF um that was done um as a result of the uh shortcomings as far as the uh compliance uh related to the GIF uh cyber security Insurance um I want to go on record um the the GIF um gifs throughout the state of New Jersey and the Mel have been very aggressive um as far as pursuing towns achieving Advanced tier uh certification under these guidelines um the reason for that um as um all of you may be aware and I do want to state for for the public who may be in attendance um is that um the higher tiers that you reach uh both basic intermediate and advanced um the higher tier that you are able to obtain uh that lowers your deductible uh for cyber Insurance um and that deductible uh is substantially lower um I believe uh depending on the GIF you're in um with no uh compliance uh that deductible is somewhere in the six figures uh this year um I believe it's it's over $100,000 uh the basic tier reduces that deductible to $50,000 uh the Advanced tier reduces that deductible further to $25,000 I'm sorry the intermediate tier further reduces that deductible to $25,000 and the advanced tier uh again further reduces that deductible to actually zero um I I I don't think I can overstate um the importance of lowering that deductible um especially at the advanced tier level um having at various points in my career um having had the truly displeasure of being involved uh with uh municipalities that have had cyber incidents um the last thing uh the burough of Bernardsville or any burough needs um when you are facing a potentially major uh breach or major ransomware attack is trying to find $110,000 to pay your deductible um you know that that is a substantial burden to the town and and having that burden taken off of the Town Shoulders by being Advanced here compliant um obviously represents a significant benefit to the burrow um so uh for that reason like you said the GIF has been very aggressive in pursuing towns to to obtain these certifications and um I've had the pleasure of assisting many towns both Aon customers uh for Professional Services and otherwise um we have consulted with many towns to help them document and obtain that certification um so l O's report um I'm just going to kind of briefly talk about that um he he did a fairly good job of identifying um you know kind of the shortcomings and it it was a fairly basic report as to just what in terms of the compliance was not met um and and there were a number of items uh some of them are substantial um some of them are less so um there are admittedly a lot of procedural items um which are easy for people in my industry specifically to gloss over um it people as a whole we tend to be very pragmatic um and we tend to focus on the technology items um and I find a lot of times um when we're brought into consult on these projects um things like policies and procedures um are often um kind of uh Fallen by the wayside um so this is an area of course where where uh that was identified in um the original uh report from Lou Romero uh as uh kind of a shortcoming of the burough um these are fairly easy things to resolve things like a password policy how long does your password need to be um how often does it need to be changed so on and so forth and um things like um how uh personally identifiable information is to be handled and protected uh things like a cyber incident response plan um addressing these shortcomings um is fairly easy with the stroke of the pen um the GIF and the Mel um are very Cooperative um especially as far as a cyber incident response plan goes and that was one that was specifically called out as um not present for the burough of Bernardsville um the Mel does provide a template um incident response plan uh to to to use um and as a matter of fact my recommendation is to uh simply adopt that incident response that template incident response plan without change um the reason I recommend that is that should the town's instent response in the case of a breach not comply with what the GIF um and their Underwriters expect of a town they will decline coverage um and as a matter of fact I have had had um and heard of towns who have responded to incidents um of their own accord and not in accordance with the template incident response plan um and they have had incidents that they thought were minor turn out to be very major and have actually had their insurance declined to cover the incident as a result of not complying and not following the incident response plan um obviously you know I think everybody here is is is obviously looking for the best uh for the burough of Bernardsville and I don't think it needs to be explained as to why uh that is uh certainly subpar um so that all being said um I want to talk more about the second report um there was a a security posture review uh which was provided uh to myself for review um conducted by AF Scott was the name of the company um and that that is um very interesting report um I want to speak firstly I I reviewed this report um and I recognize that um as with all things in it as I mentioned we tend to be very focused on the Practical and not so much focused on the uh pretty and the whizbang um as it were um AF Scott prepared what is in my professional experience and in my estimation a very excellent report um I I believe they did a very thorough job um it it is not the most uh pretty report to look at um however um in terms of the competency of that report and the items addressed um I think they did a phenomenal job um and they identified several areas of need um and several shortcomings um so going through just very briefly um they applied um as far as uh compliance Frameworks they did apply the FBI cure security policy um that is a policy that police departments are uh required to comply with uh for the processing and storage of Criminal Justice information um criminal justice information is defined um within that policy as information um about um the criminal history of a person that is provided by um both the FBI and the New Jersey State Police um and also information that may be created by officers of uh the Bureau of Bernardsville in the course of their Duty so whenever there's a traffic stop for instance and you run a license um the state police will return uh the status of that person's license identity points history all that kind of stuff all of that is criminal justice information um information about the stop um information um about what that person was stopped for what was discussed between that person and the officer and so on and so forth is also criminal justice information um information that is not criminal justice information um for instance um email emails between officers discussing scheduling right that U even though it does pertain to law enforcement that is not criminal justice information and not covered by that particular framework um I do want to state that just because there is that is often a misconception um and it's often easier uh to Simply clarify anything as pertaining to law enforcement as criminal justice information and that's not necessarily the case um they applied also Frameworks of as far as complying with Oprah um and Frameworks from the NJ kick um most important of course as I mentioned before um would be compliance with the GIF um and their uh minimum standards um and then obviously compliance with sieges um failure to comply with the FBI sies security policy is potentially a severe risk uh to the burrow um if that is if a failure to comply would be were to be discovered by the New Jersey State Police um or the FBI in the course of an audit or in the course of the operations of the buau the state police will suspend access to those cji systems until that shortcoming is mitigated and remediated um obviously access to that information is critical uh for the officers in the bureau to perform their duties and so uh failure to comply their representative substantial risk um and I have SE I have seen that happen before and I have assisted with towns and remedia um compliance failures as far as cus uh many times in the past um I'm not going to specifically speak um on these items in more detail um but rather just kind of get to the findings um and kind of get to the point as it were uh to save everybody's time um analysis point1 um that AF Scott um identified was uh they they did a survey of backup into Disaster Recovery um as far as it pertains to the town systems um they found that U there is substantial um shortcoming um in terms of backup and Recovery um that uh represents a risk to the town's data um both in terms of off-site uh backup um and and recommended a a sub a modernization of uh backup and Disaster Recovery uh procedures for the the town um speaking as to the importance of this there there is obviously um you know it's obviously important to protect your data for operational purposes you know God forbid let's say a tornado came through uh T downtown Hall um you know hope that never happens but you know were that to happen um having an off-net backup and a recent offet backup um is uh critical towards um continuation of operations and continu government continuation of governance rather I'm sorry um so um as far as that particular point of analysis U again there there were substantial shortcomings um and you know my professional recommendation would be uh to look to modernize um in that area um moving on analysis point2 uh configuration management these are things that we talk about um such as automated provisioning of devices um automated password management um automated identification of um policy compliance and so on and so forth um AF Scott did find um that there were substantial manual process involved and they they recommend moving away from a manual process um into a more modern um configuration management and deployment process um professionally and as somebody who specializes in this particularly with local government um their recommendation here is sound um I will say that it is not of critical importance uh by any stretch of the imagination um and that as long as there is competent IT staff who periodically reviews these processes and procedures uh to ensure that they're up toate um these are fine um but I do want to stress again the emplo the importance of um ongoing review of practices and workflows uh to ensure that the that they're in compliance and that they're uh you know providing a good experience and providing the the security and the uh applications that that burough employees need to do their jobs um analysis point3 um they spoke about uh manage threat response uh this was specifically important um as one of the failings noted in compliance with the GIF was that the the buau did not have a um EDR solution which is an endpoint detection and response um it appears uh through these reports uh that currently the burrow is using the um Windows Defender antivirus which is built into Windows um and is free um while the free version of Windows Defender does provide um basic security um and I would certainly uh clarify it as adequate for the home user um and for the the average person uh using a PC in their free time um in the Enterprise space and in the government space um you know we really want to move we need more features than that uh there is a paid version of Windows Defender um that paid version introduces addition features such as anti-ransomware protection um it also introduces centralized logging and management and deployment and enables it staff to monitor uh the status of these things centrally and and get a clear picture of what's going on um as far as protecting the endpoints of the network that would be servers desktops laptops uh so on and so forth um when it comes to uh security particularly um understanding what's going on with our devices uh is critical that that is a critical bit of knowledge uh for IT staff to have um as you know getting these alerts enables us to understand that hey you know we have a user who's perhaps downloaded a file that that uh they should not have or they're using a PC in an improper way or um it alerts us to uh go look at a PC and kind of ascertain what's going on as there may be something malicious um the free Windows defend doesn't provide that um it provides a very basic level of security but without that alerting it is very difficult for IT staff to know quickly uh whether something is going on and to um investigate and remediate quickly and rather we're relying on users to report to us uh when something is has gone wrong um unfortunately uh we all I'm not here to malign any particular government employee um and obviously everybody tries to do a good job um when it comes to reporting uh cyber security complaints unfortunately um it does tend to be slow um you know we're talking best case scenario it may take hours in some cases days weeks in some cases it may never be reported um we've had I've had employees in my professional career who have been afraid to report um cyber security concerns afraid to report um issues with their device uh for many reasons including a fear of being disciplined or a fear of losing their job um and whenever I conduct training and I I conduct many trainings a year on the behalf of many towns I always tell Municipal Employees right if you see something say something something's wrong tell us immediately um nobody's trying to take away your pension nobody's trying to take away your job we're just trying to protect the burrow and protect the town um you know and but you know obviously if we can get that reported automatically we are in a much better position to a to be able to respond quickly um so it is of course the highest recommendation um that the town supplement um their current uh EDR with a paid solution that provides these features be that um Windows Defender be that the the particular product choice is you know left to the people that are making that purchase the decision makers uh there are many on the market um including some provided by the NJ KCK um and provided by the state at a subsidized cost to the town um moving on uh to analysis point4 uh core Network management um and state again they um somewhat found that uh configuration management uh was lacking uh for Network Hardware um absence of standardized firmware update procedures and timelines they found outdated Network equipment um and absent service contracts uh for critical it infrastructure um configuration management as far as core Network equipment these would be things such as firewalls routers switches so on and so forth um keeping in the in the very least right keeping organized backup copies of the configuration of these devices is critical um devices do fail um many of these core network devices are very very reliable and they don't fail often uh but they do fail and having backup configurations obviously makes um I think all would understand that that that would make uh restoration of service in the case of a equipment failure be it malicious or otherwise uh much faster um and I've had many times where again I'm called to respond to an equipment failure um you know nobody has maintained a copy of that configuration and now I have a dead piece of equipment and no visibility into how it was configured which obviously is not the best uh scenario to be in and that can often lead and extend downtimes um analysis Point number five um they found a substantial use of um open source unconventional software um these would be things such as a Linux operating system on servers rather than uh Windows Server U or or a supported um version of Linux um Linux is of course open source and there are many different versions of it um using that in an environment such as the Bureau of Bernardsville is in and of itself not problematic um however um whenever we're using uh server software server infrastructure we want to make sure that it's supported um and we want to make sure that we have service contracts associated with that software um so that we are getting the latest security updates and so that it staff has a point of escalation should there be you know an issue and and so on and so forth um unconventional software these would be more things um you know like um perhaps somebody created um and this is not specific to the buau of Bernardsville to be clear um perhaps somebody created an animal control or an animal licensing module um in Microsoft in an access database um I've actually seen that um in towns before um these may meet a need for the burrow and they may do it very cost effectively however um software Solutions like that often again they don't have support they're not updated um and so in our practice and in my practice as an IT professional um I always recommend um avoiding things like unconventional software and and purchasing commercial off-the-shelf software um even in local government you know there are many commercial Solutions um that yes they do cost money um but there are commercial solutions for everything from Finance payroll um Animal Control licensing code enforcement uh you name it um and you know moving towards again and standardizing on Commercial off-the-shelf supported softare Ware with service contracts to support that software um puts the town in a much better position as again we're making sure that that code is updated we're making sure that that code is secure and it gives the IT professional a point of escalation should there be any problems with that software um so moving to uh analysis point six with um one of the uh shortcomings they found was that there was an absent formal policy for managing security updates uh with software this is of course um important I would I would not classify the the a missing policy as critical um however you know in government we kind of specialize in policies and and red tape as it were at times um and though those things may seem to be a pain in the neck um they often um help us to understand where we may be drifting from our goals in terms of compliance and so um you know drafting a policy for security updates for instance is something that's can be resolved with the stroke of a pen and that seems minor but again the we're providing ourselves um a measurable goal um that we can use to to make sure that we're complying with what you know what the burough feels is the ideal as far as these things are concerned um in addition I do want to mention um that there were several and many different out-of-date softwares um that were identified um in the process of these uh reviews including um in the police department I was informed that uh there are there are uh machines still running Windows 7 which of course uh was end of life uh many years ago as of this point um and that is does represent a a sieges security violation as something that needs to be remediated ASAP um so the recommendation here of drafting a security update policy and then performing a analysis and Survey of the various software and Hardware in use of the town and ensuring that the updates provided on those machines comply with the drafted policy is a substantial protection into the town and and that can't over can't overstress the importance of that uh analysis number seven was a phys was uh physical environment risks um these are things like unlabeled cables these are things like perhaps uh they found that door security could be better or there could be a sign and sheet at the it office um physical management is important certainly not critical um I I wouldn't take the town to task um especially um over the the physical environment um from what I've seen thus far um there's some that are better there's some that are substantially worse um but messy cabling in and of itself doesn't necessarily represent a risk to the town and I so I do feel in that regard while again it's important to keep things neat and tidy um I find that AF Scott's recommendation there is is perhaps a little bit overzealous um analysis point8 they spoke of again as I mentioned before Endo life hardware and software um specifically Windows 7 um and many others uh this is of critical importance um when Hardware reaches end of life uh end of service life it is important that it be replaced um you know I have often in my career especially when it comes to things like desktops um I have received substantial push back um on replacing desktops that is an expense and it is in some cases a significant expense um however there have been many studies done on the fact um uh that have determined and shown that the number of support calls and support requests for relating to a desktop go up substantially when it's used Beyond year three um not that that not that they have to be replaced by year three but um keeping a schedule as far as replacement of desktops and making sure that they are reasonably uh modern can represent a substantial Improvement to employee performance um obviously employees aren't performing their best when they're fighting with an old desktop or they're fighting with a slow desktop or they can't get Outlook to open and so right these problems are do they represent a major risk to the town perhaps not um however we can enable these employees to do their job much more effectively um by keeping these systems modern uh software being end to life is more critical in my professional opinion um when a software is end of support life and no longer receiving updates um my highest recommendation would obviously go towards uh ceasing the use of that software as soon as possible um often times in the modern era uh and especially over the last 5 to 10 years um when security vulnerabilities are found within software um we are seeing those V vulnerabilities exploited for malicious use um it used to be months now it's days um if we go back um about a year or two ago there was a Microsoft Exchange vulnerability um that was identified as a zero day meaning you know they just kind of discovered it um that went from a published vulnerability to being used in the wild and exploited to attack agencies in less than 24 hours um and as a matter of fact when that came out um among aon's own customers uh this came out on a Friday um I actually sent an email out to all Aton employees advising them that it was you know that we would be working through the weekend and we actually patched every single customer's server um within 48 Hours um unfortunately that kind of response is necessary in the modern era um these malicious actors are um you know they are very sophisticated technically um they are looking for these vulnerabilities and when they find them they will use them um so end of life software is subject to not getting patches for these full abilities at all in many cases um in some cases they're not getting patched as quickly um and so obviously again uh to protect the town um and to protect Town resources keeping out of date and end of life software off the network is of critical importance um and as I mentioned there were uh several shortcomings found in that regard um the most glaring to me um as someone who does specialize in uh particularly in law enforcement um would be the use of Windows 7 in the police department uh that that needs to be fixed uh ASAP um so they further in their report uh provided um again a number of lists of areas specifically related to sieges um addressing the polic addressing the shortcomings that I've already spoke to will as a matter of course also address CED just compliance um and will as a matter of course also address many of the shortcomings found as far as uh the GIF uh compliance uh certification as well um so in conclusion um you know report was done um there are some some risks um I was I asked um and and was told that there is not a full Hardware inventory available at this time um so were I to be asked what my recommendation right where does the town go from here uh conduct the full Hardware software inventory um and then uh create a uh strategic plan and a tactical plan for uh bringing new systems up to date um for modernizing um outdated software and Hardware um and getting into compliance um as far as GIF and siis you know ASAP as those do represent uh substantial risks to the town and that's all I have to say about that I have questions for Josh Jos on a relative basis how would you assess the um performance that you saw here based upon your review versus other towns that in your in your opinion have gone through similar studies how did you know it's a mixed bag um so as backup for instance um being lacking is a substantial concern um and I find um respectfully u a lot of talents have kind of addressed that o over recent years um particularly dating back to 2017 2018 2019 there was a a substantial rash of ransomware attacks in New Jersey um and so it was a point of reference and a point of order for the GIF um to really make that a minimum standard so um you know that's definitely something where a lot of towns are doing better respectfully um you know um there are other areas where you know I would say you know like I said not having a paid supported um Enterprise level antivirus again this is something that we see very commonly right um You you know coming in and whenever I come in somewhere and I see free Windows Defender I'm immediately like okay who's the boss and who do I talk to to get this fixed like tomorrow um you know were it to be a new customer for me I I would almost even put in a free trial of something you know if I can get us a 30-day or a 60-day or a 90day proof of concept on an Enterprise antivirus I would get that in you know as soon as tomorrow um you know these These are important things um lacking policies and you know missing policies missing um response plans and so on and so forth these are fairly common um most everywhere that that I end up um to some degree or another is lacking in these regards and it's not particularly uncommon um but as particularly as far as an uh antivirus as far as uh backup and Disaster Recovery um and as far as um ad aate software um I I I believe the burrow has some some ground to make up respectfully that's questions yeah um hey Josh thanks for your time tonight two questions for me um first of all when I was looking through the report um we seem to be more compliant on a relative basis with intermediate and advanced security than basic security we were like um how could that be that you would not need meet intermediate more significantly but not necessarily Advanced that was my first question my second question as you spent a lot of time at the beginning part of your comments on um compliance with uh cjis checklist and the FBI um how how often is that reviewed in other words what I'm trying to get at is how significant is that exposure where May risk uh the Burrow's compliance with those enti or is that sort of done a yearly basis that's looked at you know just me the the New Jersey State Police conducts uh the sieges audits um it's not yearly um it's kind of every so off at every couple of years um also uh compliance with seis is reviewed uh in the course of accreditation uh with the police department so when they get accredited or when they're reapplying for accreditation those things are surveyed um also were there to be a reportable incident so say there were to be a data breach and that were to get reported to the NJ kick um the njccic I'm sorry we we it's the NJ kick but it just to clarify that um the NJ kick is integrated with the state police so should we have an incident in the police department that gets reported to the NJ kick that will get floated up to the state police um and should there be a shortcoming that that will result result in a loss of access to sieges um until that is remediated um as far as uh your first question so um the gif's policies um originally it was a two-tier uh tier one tier 2 um and as a matter of fact um myself um and a number of people were among uh the folks who originally consulted with the Mel um to generate those minimum standards uh with tier one and tier two um one tier doesn't necessarily feed the next so um originally it was tier one tier two uh they added a tier three later and now they've called it basic intermediate and advanced um one is so tier one doesn't necess it's not a stack like a cake right it's not Foundation second floor third floor um it is more organized into uh these are the basic things to address these are the intermediate difficulty things to address and these are the advanced difficulty things to address so one's not necessarily dependent on the other um in some cases they are but certainly not guaranteed to be um and so often whenever we do these uh compliance checks um we find again we come in and find much like you where there's gaps across all three tiers that need to be addressed um and that that that is very common and very normal um because like I said they're not necessarily designed to layer on top of each other they're more designed in terms of difficulty to address thank youy if you see I could respond in have five minutes with some major points which might help your understanding I thank Josh for his very considerate analysis and I believe he knows what he's talking about he a good source for your understand um no we're going to finish our questions um doc can I ask um I mean these percentages here if with this audit and the results would we would we have passed the jip requirements for these tiers or or not you mean would you have pass if if what if everything was fixed no no no just as it is now do we pass oh you do not negative on any of the ti correct on not not on any of them okay um and then there was um things about service providers mentioned and like third party risk assessments you didn't really go into that too much um um yeah so I didn't go into that too much uh that's actually relatively new to the policy um what the intention there is and and I I the reason I didn't address that is I was more focused on the report um from AF Scott and Lou Romero than the actual than the DF compliance um the intention there is that when Contracting with third parties um and other service providers and so so such like myself right let's hypothetically um let's say the burough of Burnsville were to go out and hire you know micro support LLC to provide their it support um the recommendation there is to to conduct a Security review of that third party um and have make sure that that third party is compliant with um the standards um enforced at the Town um and any additional standards and there is in fact a third-party um service provider checklist uh that the provides that um support providers such as myself and other um Contracting agents uh can use to ensure our own compliance uh the reason for that and the reason that becomes important is that ultimately the responsibility for the security of the Burrow's data uh resides with the burrow um there is at the end of the day no way to offload that burden uh to to somebody else it's it's your information it's your system and you're responsible for providing that security um and in fact um Mr feifer who was Consulting for the M um and myself and several other it directors in the state brought this up to him um about two years ago uh as we had found that there were several Ser service providers um and man service providers providing it support that were not compliant with basic security needs um and the reality of the situation is should you contract with a managed service provider and that managed service provider were to be hacked um and that hack were to result in a data loss at the burrow um ultimately that is still the bureau's data um and it is still the bureau's responsibility to ensure that security and so that does represent a risk to the burrow um so we wanted to you know they wanted to put that in there um to ensure that the people you're bringing in to provide outside support services are not exposing you to a risk okay thank you um and if I can just go back to my first question just for clarity for me you said we would not have passed on any of the three tiers is a pass from a program compliance perspective they would all need to be 100% there's not like if you meet 80% or 75 correct yeah it is it is strictly a pass fail um there's there's not a a grade level associated with this um and uh unfortunately well fortunately or in terms of professional uh professionalism fortunately um in in terms of the Burrow's compliance unfortunately um the GIF and the Mel kind of have a take no prisoners approach to this um if you miss on one you miss on the entire tier um there's not um any sort of allowance for um failing to comply in some way um some of these things it was mentioned um you know that that even Lou Romero stated that some may or may not be applicable um I do want to address that comment um they are all applicable period um however the GIF is not particularly prescriptive in terms of how the buau chooses to comply right so for instance the GIF may tell you um and I believe it I forget which tier it's in um but they tell you that you have to um that is the responsibility of the buau to um protect um personally identifiable information from being put on removable media um they don't tell you how to do that right they just tell you how they just tell you that it needs to be done um password management is another one um where they don't tell you how to do it um they just tell you that it needs to be done and there are many different ways to address these things um some are more expensive than others some are more complex than others and it is really up to the town um to conduct assessments to figure out okay you know what's the right solution for us so that we can comply with this you know in a way that meets our needs in a way that meets our budget and and so on and so forth okay great thank you um Josh um J at the deductible so right now we since we don't mean any of the tiers we're at the maximum deductible you you are at the highest the highest deductible at this time what that specific number is um your business administrator would know better than I um but you are at the highest deductible at this time okay and then each tier like you do make one tier down on the next tier and if you did all three it's zero yeah are you familiar with Google cloud or ucation yes I am and would you say that you've seen towns using that to provide the security that we need to meet the requirements um so Google Cloud authentication can be used um as a source for multiactor authentication um so one of the requirements um is to provide multiactor or Advanced authentication um for remote access um I also do recommend that multia highly recommend as a matter of fact this is not on the compliance but I highly recommend that multiactor authentication be enforced uh for all email access and the reason for that is that uh frankly uh 90% or more of of breaches at this point involve email to some degree or another um so but in any event um so Google class authentication would be one method of providing that uh multiactor authentication um additionally if you were in an Office 365 or Microsoft ecosystem uh Microsoft uh entra ID can be used to provide that advanced authentication um some remote some remote access Solutions have built in uh so for instance let's say if you use log me in uh to access a desktop remotely log me in has its own multiactor that's built in um there are o many thirdparty solutions such as Duo OCTA and so on and so forth um that can be used to provide um multiactor authentication to third-party services such as you know web servers and so on and so forth so yeah so to answer your question yes that could absolutely be used um as part of meeting that requirement okay anybody else thank you Josh very welcome and thank you everybody for your time uh do apologize that I could not be there in person uh but uh thank you for your time and uh wish everybody the best I would like to very briefly address the this is not a public hearing right now I am presenting myself not as a member of the public but as your employed cyber Security Act in house I do not I will not insist on speaking there'll be an opportunity uh shortly for another Open Session right now this is when we you got a rice notice and you asked for it to be in public that meant that it's in public and you can listen but it's not a hearing I'm volunteering if you're interested I apologize for any disruption okay so what do we do next any reactions comments well from the administrator how we're going to address this report um unless others have other thoughts I just feel like SP a long I actually um since you called on me so from my perspective um I not i' like to read them to you because this is how this how we are where we're today so um June 1st of last year um Anthony had notified me that he been asking Chris to respond to this D cyber security compliance checklist from at least August of 20122 when we were not complaining at that time the only time in the gy to be not complaining Anthony then emailed Chris again in February of 2023 before I got here to follow up on the email request because he did not received a response to the first one from August Anthony informed Chris that we still had not completed any of the three tiers that that were required and had come out in March of 2021 ask how Chris you'd like to get this resolved once again Chris theil on that day June 1st I emailed Chris and asked why he had not responded to Anon repeated emails and why not completed any of the three tier request that began as I said at least in March of 2021 I informed Chris that I do this as a mandatory and fundamental requirement and that we cannot get a reduced insurance deductible until these are complete first respon resped in an inordinately long email apologizing for not completing the checklist saying it is his fault he has no excuses and he will do better he said that employees have not received training that the gy requires but instead he has done some one-on-one security counseling with the staff he says he will do the J security training and he has picked out a course for training but he hasn't scheduled it yet this is in June of last year he never set it up and the only reason we have started training with the2 Securities now is because I signed us up with the J for their compliance um effort that they're making throughout the state n I'm s to interrupt you but I do want to get to why how we're going to address this report rather than a history of how we got here I think she thinks it's important I think this is important okay but um um at that point Chris says he will be up updating the GIF submission following week and to turn all the incompletes into approved this didn't happen and as of today with my conversation with the J has still not happened CH claims that regardless of the checklist we are not insecure and claims we're more protected than what the J required he said the JF checklist is a great tool to help nonexperts but it's not good enough to judge the performance of the IT staff you get gone from multiple paragraphs of explanation justification that I didn't understand I don't have an IT background he goes on to list 12 things he's working on and I know for a fact many of them have still not been done most importantly he says he's working on a comprehensive Disaster Recovery plan based on the fact that nothing was in place last week I I suggest that had not been done so I respond both in an email and an inperson conversation that if Chris believes that what we have in place is sufficient to cover what is on the J check he should submit submit that to the jet to see if they agree on June 8th he said he'd submit a partially completed checklist to the J on July 13th we had what Chris has titled a cyber intrusion into one of our computers and one of our police cars Chris informed me that he fixed it so that it wouldn't happen again said there was no further damage and said the attacker was clumsy and amateur he did say that there were ways to prevent it that had not been implemented after this in July August he started finally started using two Factor authentication on the police cars and eventually in burrow Hall on September 14th a gif executive confirmed that the worksheet was completed on August 31st and she'd get back to me after review I hadn't heard from her and so I spoke with her at the October 12th j meeting because we hadn't completed the tier still we were not approved by the underwriter and because the police intrusion I asked if we could speed up their plan to assess our security they're planning on doing it throughout the state that is when L came in and did the Gap analysis the day the report came in Chris summarized the report by saying all the things he thinks we need to do but he I don't believe he covered anywhere near all of them and then when Lou met with met with us in person in February Lou expressed disappointment to me that Chris had not implemented anything yet and highlighted like what Jos said about Windows 7 which is has put us unbelievably at risk in our Police Department dispatch computers um I after the report uh and the Cyber assessment did not cover our equipment we hired the second um company AF Scott that Josh talked about um I do not claim to have an IT background I don't claim to have a lot of knowledge of um reading any of these reports um so I gave you copies I told you please read them I told you that we would discuss them at an outcoming meeting that meeting was supposed to be on Monday last Monday Chris got a rice notice because we have an IT department of one his name was bound to come up the requirement is that if an employees name is going to come up in executive session they have to get a r noce nowhere anywhere did I discussed with any of you or with Chris that he was going to be disciplined or ter it was a meeting to discuss the outcomes of those reports I made it clear to Chris in an email which is overall that this is what we're going to discuss we're going to discuss the reports Jack informed me we can not discuss those reports in public because they would be a risk to our security obviously Josh knows how to talk about them without bringing up things that would risk our security I don't know how to do that I wasn't about to analyze the report I was going to get your input on where we go from there um because Jack said we couldn't discuss them in open I informed Chris that my recommendation to all of you was going to be that we form a subcommittee of council people interview both authors of the reports and then interview Chris and that subcommittee make a recommendation of where the governing body to the governing body of where we go from there clearly that didn't happen based on what happened in Monday's meeting meeting so now we're here because Josh is involved because we could not get any input our labor Council suggested on Tuesday morning that I be given access to the system it was not my request I wouldn't even know what to do with it the labor Council wanted to ensure as did the council this Council that somebody else had access in case Chris walked away never came back in case he harmed the system whatever the reasons are somebody else need to have access to the system again it wasn't going to be me who was going to use it but if Chris never came back then a company like Aon would come in and we would be able to give them pass as you know Chris was in subordinate all week long did not give me anything until he was forced to on Friday when Jack asked him to come in and told him told him he had come in and give it to the per company we hired um where did we go from here uh I'll be honest when I spoke with Josh uh this afternoon to make sure that he would be ready for the meeting tonight he was not as kind in his evaluation um and Josh I'm sorry I'm going to quote you he said it was Apparent from those reports said we had 10 years of mismanagement In Our IT department um where you want to go from here I don't know um I know that I will say this that Chris clearly has no respect for the authority of my position he's been insubordinate on more than one occasion um we're here because he overreacted and said he was going to be terminated even though there was no indication of that anywhere um he dug his feet into the ground if he had done the J checklist which by the way I'm not the first administrator ask him to do it and not have him done I'm the third so had he done it we'd never be here today because I never would have hired the people to look into all of these other things we're here today unveiling all of the inadequacies in our system because he refused to comply with three administrators requests to save the burrow $110,000 should we ever get hit with ransomware which I understand we were hit with in 20 19 so where do we go from here you want my recommendation I think we need an IT company to come in instead of an individual person whether it's Chris whether whoever it may be I don't think that a bur is properly served with a single person it Department I think that companies have um the education the continuing education on the latest um Innovations or or or problems in the IT world I think they have a wide variety of people I think they have access I think they are more economically reasonable um that's my recommendation I will say this you can stop um uh the allegations against me I I'm categorically deny um however no connection has been made between the alleged abuse and the fact that he couldn't do his job properly and even if they had been made what about the administrator before me and what about the administrator before him so my there is no connection between those two things and I don't want anybody to be fooled that there is first of all it doesn't exist in the first place and we'll fight that battle on another Arena but the lack of security that we have in our system if nothing else the lack of the J checklist that I have been harken about since June has nothing to do with alleged abuse all right on you now so yeah Nancy thank you for that because um there's always so much to be investigated when it comes to things like this that it becomes hard to talk about it in public without basically encouraging people to Cyber attack us at this present moment so the allegation there have been allegations made against you which we still have to investigate because that's our policy as a burrow so if we could um put the person who made the allegations against you on a leave and conduct an investigation I think that is part of our next steps can one second I think that you need to look at this with two prongs again one has nothing to do with the other and hasn't been hasn't been suggested that one had nothing to do the other right I think that you need to treat these as two completely separate things you've already passed resolution to hire a firm to investigate I welcome that investigation and we'll be 100% Cooperative because I know that I have done nothing that has been alleged that is a completely separate Avenue and even if you do decide to you know separate from the employee today that investigation has to go on because if I presumably remain employed here and I am abusing employees one person being gone does not absolve you of having to investigate that going forward you 100% have to do it no matter what happens here tonight and one thing has nothing to do with the other and I will say that there is another employee complaint that was issued by me which also has to be investigated no matter what happens to so those two investigations are separate and but what I was getting at is that if we put the employee on leave who's responsible for this then we need someone to take over and since he's the only person then we have to hire someone whether or not it's permanent or hourly or temporary to do I mean they can get started on the GIF checklist because experts like know how to do this and none of us have the qualification to and nobody on staff has the qualifing about a suspension so we did I said that in order to investigate we're going to suspend well no again investigation is separate right but when you do that you don't have an employee so and you need that per so you're saying in order investigate the problems with potentially any IT issues you talked about the Alle you're investigating based on the Personnel handbook whether it was somebody from any Department any person Rec Department you name it okay you just put the person out of the building somebody has to do their job can I make the recommendation yes I recommend that we hire Josh's company they have all of the passwords all of the they clearly clearly has a a grasp on what our it situation is um he said earlier that he's hired in companies to if nothing else just to form the checklist I assume that he could bring up up to feed on that but even if you didn't want to do that right now if on a temporary basis you wanted to hire his company to carry us over for whatever you choose to do for you know a month two months three months whatever C plan is to hire Josh's company on interm basis take care of the issues that your reports that is not connected to whether or not you are engaging in any disciplinary action against press or whatever you have decide is either in subordination or whatever it is and certainly shouldn't be suspending him or putting him on leave while the investigation those are two separate issues what which investigation that's what I'm trying investigation his complain shouldn't be put on leave during that investigation okay you shouldn't be leave based on the fact he made a complaints AB um no but can I um P Devil's Advocate so there's three separate issues here the first issue is the report we just heard which is our IP infrastructure is at risk the second issue is our B administrator and a senior member of our staff are in open conflict with each other publicly which we just heard and the third issue is that we've announced well the mayor gave rightly contextualize an investigation to all allegations that'll be happen right so because of that middle issue we have to address that right otherwise you create a potential hostile workplace culture with two senior members of your staff in open and public conflict with each other that may be but people need to be able to get along in the workbooks so you could set up parameters related to that because putting somebody on B with or without doesn't matter investigations ongoing they effectively punishing a person complain two different so when we met last Monday what we talked about was forming an ad hoc committee I think it was going to be myself Gina and Chad to do a to look at the uh to look at specific specifically the reports that were given by the two companies I I got to be honest I don't know that we're going to find anything different I I don't know what else I would ask other than what Jos GNA keep going with that committee so I I I don't know so so at this point with respect to the competency of the you know the what we run into specific to it I think we've got the choice on whether or not we want to continue to look at that or whether we've seen enough and we want to make a conclusion not on I don't think that committee needs to meet it all I think we just need to we've all seen it all we need to make a decision on whether or not uh we want to continue with having Chris and the burrow do the work or if we want to go to a third party and have them do the work and that's your that's the other side of this which is if you're making determination that would happen in it demonstrates either unprofessionalism incompetence um and what happened last week whether it was in subordination or whatever it is your policy only provides the administrator the authority to suspend up to five days and in beond five days go to the B Council which is up to DET termination so that you can make a decision to suspend otherwise discipline do something in the middle or take the approach that you had enough whatever you decide is appropriate you the business administrator that number one doesn't have the authority be five days and number two based upon the internal conflict probably a good idea for the business administrator to step away from that decision in any you know your policy you know directs business administrator to make that determination because she's the supervis and this this is a slightly different context obviously um so sort of Le say your point you have multiple choices but that has nothing to do with key investigation so Rick let me ask the question um based on what Nancy had said if we if the council decides um to eliminate the in-house position and Outsource to a company if that's their decision the investigation is still ey on the charges of U the harassment chares so those are that would be totally separate right separate decisions riches a place do we know the cost of Outsourcing I don't know I can tell you I well well so I will tell you from a procurement standpoint it is a very difficult thing to you can't get quotes you can't do an RFP you could bid but nobody wants the low B for IT services you do something called competitive Contracting and it is the only um the only way of procuring the only procurement that you can do competitive Contracting for without getting the state's permission um in this particular instance um I would and Jack you can weigh in I would assert that this is an emergent situation an emergency and therefore you don't have to follow regular procurement laws like not forever going forward it would be for a limited time and then we would perform the competitive Contracting um process which involves forming a a committee right and then bring bringing proposal evaluating them ranking them R system the whole right it's the whole thing so um uh I can tell you that well you know I don't know if Josh is willing to discuss this but I can tell you that I know that in Long Hill we paid um an hourly rate I believe it has not exceeded $60,000 for a year um it it provides eight hours of service per week and then it's an hourly rate after that okay so from that perspective for me if we just stick to this report and what we heard for now I think we should hire a third party to come in address these issues and get us in compliance with J tiers and standards whichever ones we want to get down to whether it's one two or three but I think we need to do this first and foremost regardless of anything else then yeah I agree so so I think the deciding factor then is because I agree with you also I don't think there's anything that's going to change my mind on doing that step in the next 30 days or 60 days or 90 days so then at that point do we make the decision that that's the direction we want to go with yeah I don't know I'm just saying for now like we need to so but but I think we got to figure out so either we're moving towards that as a permanent solution or we're moving towards that as a temp either way is possible so so to me that's what the sub committee was probably supposed to look at is have a policy like how we want to conduct this for the buau I personally like we got a lot of information tonight of course the most important thing is to secure critical infrastructure we need to take a step to do that but I personally uncomfortable uh making a rash decision on the permanency of one thing or another at all um I don't see any reason we have to rush that um you know to me it hasn't been compelling to say that we have to do it in a separate way I think we have time to have a subcommittee of council come together and provide a permanency permanent recommendation as to how we conduct that um so for me I agree we hire the consultancy or whatever it is and then we have a sub Community take a look at how we're governing this but you have to decide what you do with the employee anytime separate yeah yeah yeah hold on that's yeah I did want to talk to labor Council about it but the it issue we can we can just is everybody in agreement have an employee who's supposed to be doing that at the same time you're having someone else yes correct but again just separate topic I'm just trying to kind of weed through because there's so many they all kind of just come together so I'm just trying to separate everybody okay with hiring the third party to come in and fix what we just heard about yes yes so so what was your question is that I'm curious only okay so I what else needs to be done for that to happen anything on our side do we have to do any other approvals or have any kind of motion or resolution you have to have a resolution to retain Eon on emergency basis I would say for three months not to exceed three months not to exceed 15,000 should amount of money yes is it still there Josh I'm here I apologize I I just took one quarter long but that's not sufficient you know wasn't totally AR so what we were asking is um hours how long would it take for you to make us compliant with at least in one or two tiers or or three tiers um on average it it depends on um solutions that may need to be uh procured so there there is a procurement process with some of these things um there is some cost um besides the Consulting um on average I would say probably can certainly get you tier one compliant um within the next you know I would say 30 days and and uh you know with three tier compliant I would expect reasonably uh probably about 90 days okay and then about what would that cost uh I'm I'm not comfortable throwing a number out to to be honest I I I don't have enough information to to even speculate let's just do what Jack said then for now and we have to come back so not to exceed 15,000 not to mon not toed three months not to exceed $15,000 in order to bring the bar into compliance with ti one two and three on the checklist okay so we need a resolution B okay so then we have two other topics and involve in naming topics um the two topics that I see are one is the situation that transpired last Monday during public comment by an employee to our our B administrator or about our B administrator and then separately would be the allegations so from if I can ask labor counsil for your um expert opinion legal advice on I'm assuming you've been brought up to speed listen to the public meetings etc etc so from your perspective What policies have been violated and what recommendation and maybe I'm asking a legal person so there is no recommendation um what would you want a law answer yeah exactly so then just kind of explain what our options are maybe that's a better way to employe handbook provides the borrow administrator with the authority because in this case your borrow administrator is the supervisor bar administrator has the authority to suspend and emplo public 2 five days anything beyond that is your call and that runs the gam from zero days to couple of weeks or as far as you want to go too can I ask what policies were violated first just so that in your discipline policy there's a whole list of things that public employees should not be in spination that's a big one conduct un becoming that's another one um not accepting a request not an order but a request from your supervisor to provide information that it's necessary for the day-to-day operations of the Run Bor and in this context the request was merely as a backup to explain to you tonight the request that was made the email was can I please have this information because you're the only one who has it and somebody else needs to have it not to use it but to have it there's also a request for the combination on um the IP manager Office St that was also not only ignored but responded to in a very negative way and in my view completely ins support life along with how he responded to the request for the p codes and then it took several additional days several additional requests apparently finally request from attorney to have him come in and provide information that should otherwise be accessible to nobody else business administrator in the event that there's some emergency that she needs access to the system or needs to contact somebody like Josh in an emergency in order to take care of those issues so all those things you know in my view are insubordinate conduct on becoming a Public Employee you know inappropriate response to your supervisor not performing your um essential functions of your job um and you know I think the list goes off pretty significant stuff in this context um follow how does the um complaints filed play into both by that employee and by the administrator how does that then factor into a process is my question I don't think it does at all they're two separate issues I I mean what I mean is by our employee handbook we have that a hearing on those or how are how are they investigation that's that's for the investigation post and and I think the you know your policy on Investigation says if somebody makes a complaint you have to inv there's a whole host of legal mumbo jumbo that's related to that that's stat author that comes into play here that may or may not require certain things to happen or not thaten not really um comfortable discussing in public because I don't want to compromise the Integrity of the investigation and I those things it would compromise the Integrity notification but the the idea that somebody has the unfettered right to do what happened last week to me finds no basis in law because for the most part uh and and I get push back on this all the time but for the most part when you walk in here and you check in in the morning you check your first amendment rights at door yes there's a whole host of First Amendment rights that you have but in the workplace they're very limited you can't just sort of go off and and do what happened last week without quences that's my view and my recommendation so if we then take again this incident isolated I mean unfortunately we've dealt with insubordination conduct on becoming in the past as well and we've uh We've Come to conclusions on those circumstances um in this case hearing what I heard would think it's either similar circumstances or worse in this case so I mean I think that I mean again being in public we have to kind of be careful what we say because I don't want anybody thinking about any other um people but I mean I would say at a minimum a 4 we suspension would be required I would say in my mind at a minimum um and I think that in that time then it would give us the opportunity to figure out what next steps what other actions would take place in the meantime just yeah I mean I think the decision my my opinion the decision is we either suspend for four weeks and take that time to think about what we want the final conclusion of this to be or we make that decision tonight and I think it's just depending upon how people feel on it I I'm fine with the four weeks and and and you know letting and making another decision I I would not limit myself to just saying four weeks I think digest and see how this is going yeah you know he may have promised a lot can't do can't so and and sorry just Al was making one clarification is that with pay or without pay and that is without pay would be and we're confident that that wouldn't hinder our systems at all like for our B employees to be able to work on their workstations tomorrow everything will be okay I guess we have date too because we do have to hire somebody else well that's the emergency hire Josh so we could start tomorrow I guess if we need is that to my understanding we we have the ability to use J effective immediately he has access to the system he needs to be able to do that yeah he already has yeah that's want to confirm that with him make sure that he feels that he has what we need starting [Music] tomorrow Josh sorry the question would be um if we put a suspension into effect would you be able to uh would you have everything that you need Access wise in order to start tomorrow yeah I I I see no reason why we wouldn't be able to assist the burrow as needed um during a period of time starting effective uh whenever necessary thank you thank you um I want to not convinced on the with pay without pay Point i' like to just discuss it and maybe Jack I don't know if we have I don't know if it's Rich because it's Personnel okay we have what have we done for other employes in subordination Integrity without that's I mean I don't think it would be no no I just want to make sure it's I just want to make sure it's conr right with what we've done in the past that's my concern and um especially with you know we are investigating yeah and so okay so again I don't know what we would need to do there to just sorry no it just sounds like it's clear that we're we're looking for another solution which would be an Outsource it solution to bring us current so I mean I support that yeah I mean I that if it's congruent with what we've done in the past similar situations I don't have that knowledge say it yeah it is what in the past so we're saying a four-week suspension with no without pay pending a decision by the council in four weeks on whether or not we terminate or not or some I would even no it would be eliminating the position yeah she would Outsource so you position um and then as far as the investigations we'll have two of them ongoing yes right that does not need to be discussed in public so we can talk ex session do we need to do a motion we need to do resolution else yeah we need um Jack we need to do a resolution to hire yes St so you want to that I can my [Music] hand hir two Consultants to investigate computer systems where both of the reports portray vulnerabilities in the system where then I think to review those reports and discuss our compliance with the J TI one in three checklists and whereas Joshua schler reviewed those two reports and summarized the vulnerabilities to the Bur system and also said that we would not qualify for tier one two or three in the GIF checklist and as a result are subject to [Music] $120,000 deductible sorry now therefore we resolve that H is retained on an emergency basis for a period not to receive three months and for an amount not to exceed $155,000 which may be increased later and being further resolved that the B will start competitive Contracting process in order to obain a permanent [Music] semi-permanent outside Consulting all right that'll be resolution 2488 so moved yeah so moved second okay uh we need a roll call on that yes Mr yes yes yes yes second one need resolution for um suspension well the motion would be that somebody would move to suspend your IP manager for four weeks without pay um based on the fact that last week he was F subord engaged in employes and may other reasons for is there may be other bases for that suspension you don't have the displ language in front of you so you can't take take those things off but ination second roll call Mr May yes Mr rth yes Mr yes Mr yes yes thank you um we don't have any correspondents want any un business any new business opening oh yeah we already talked about that 13 yeah okay I think it's 9:00 8:39 yeah I move to a oh yeah all right we have a second Open session so if anyone in the public would like to be heard please make sure you give your name and address and minutes might as well say a few things thank you for your attention Chris need you need to come um this is more u in terms of my professional role here my existing professional Ro um Josh knows what he's talking about and I thank him for all the time he's put into understanding what's going on he didn't say a single thing that I thought was incorrect or wrong or not relevant um there were some misrepresentations met made about uh the way the checklist was undertaken let me just say that if you're completing a checklist properly some of the answers may be no okay the checklist result is a result of undertaking a lot of operations to protect the cyber security of barel you don't simply complete it by checking box um plans need to be made and implemented in a responsible manner um ex said Joshua is good on everything we do have an EDR system an endpoint detection and resolution tool that is ready to deploy um I've known about it since last August um last summer or spring I applied for a grant to get four years of top-notch EDR software at a steeply discounted rate through NJ kick um at the time I was criticized for submitting this grant request without getting approval ahead of time when the grant request came through and I recommended that we uh buy this endpoint detection system for four years I got a lot of push back and whether or not we should do that eventually that was resolved we have this Pro level endpoint detection resolution system ready to deploy Josh Josh should know all about it um in the meantime we've been using an alternative that is serviceable and free and provides most of the functions of the endpoint and resolution um regarding the seriousness of sieges um information security he's absolutely right about all of this Bernville Police Department passed a seious audit by the New Jersey State Police earlier this year uh um cyber training has been underway since last August I knew that D2 security was going to be contracted by the GIF to provide cyber security training at no cost to all of the member municipalities so when I said training was coming I knew training was coming and I knew we wouldn't have to pay for it um let's seec we had a few Windows 7 machines in service not cool okay not cool um the important ones were in 24/7 line of use in a critical functionality in the com Center those have since been replaced it was a long process to make a secure machine based on Windows 10 that permitted us to implement requirements of the seious um rules like having everyone sign in under their own identity with multiactor authentication which is in place um good done thank you thank you anyone else wish to speak anybody up there all right I will close the public session now you can say I move toour to Executive session to consider personnel and we will not be coming out right have to come outen all right so thank you all for being here find you something swear