Fall is time for the changing of the guard in flower beds and containers. As some summer flowers shout their last hurrah, others gradually fade into the background.

To fill in holes in the landscape, many nurseries and garden centers offer replacement plants such as mums, asters and pansies that will spruce up areas where summer plants have dwindled, said University of Missouri Extension horticulturist David Trinklein. Milder temperatures in late summer allow plants to convert more sugars into vibrant plant pigments that help them put on vivid displays of color.

To provide instant pop in the garden, Trinklein recommends plants with well-developed root systems in relatively large containers. It is too late in the growing season for small plants to produce masses of color. Avoid “clearance sale” plant material carried over from spring bedding plant sales. Flowers in small packs or containers are not good choices. They are likely to be root-bound and difficult to establish.

Mums, asters, pansies, violas and English daisies make good choices for fall color and usually are available in retail outlets during late summer, Trinklein said.

Many four-legged creatures across Kansas are more than pets. Along with serving with police departments, dogs work in facilities, as guide dogs and as service dogs.

A non-profit organization in Kansas helps train these animals who are sent nationwide to assist people.

“We train them to work with visually impaired and physically disabled people,” said Brook Pfizenmaier, a trainer who works with KSDS Assistance Dogs in Washington, Kansas. “They also go to schools.”

When Kai Bricker, 10, of Topeka visited the Kansas State Fair last week, he went up to Pfizenmaier and asked if he could pet Dove, a Labrador. Bricker’s grandmother is visually impaired and in need of a dog like Dove.

Kai and his family inquired as to how his grandmother might be able to acquire a service pet to help her navigate sidewalks, stairs and traffic.

KSDS is accredited by Assistance Dogs International and is a member of the International Breeding Cooperative and the North American Breeding Cooperative. All the organization’s placements are free. In addition, all KSDS dogs are provided free food and certain medications during their working life. Since its inception as the Kansas Specialty Dog Service in 1990, the organization has placed more than 600 dogs in 36 states, including Kansas.

Some dogs may need to stop working because they have health issues, like allergies or cataracts, or simply decide it is time to retire and become a pet.

KSDS’s mission is to provide professionally trained guide, service, and facility dogs for people in need of a canine partner to enhance their independence, to fully function in society, or to enrich professional career responsibilities.

“We mostly use labs and golden retrievers,” Pfizenmaier said.

KSDS has several official puppy raisers − volunteer individuals and families who provide a secure and loving home for dogs who will someday go to work. Usually, these families are given an 8-week-old animal, who was born and raised by their mother at KSDS. The puppy raiser provides the animals with basic obedience training and socialization.

When the dog turns four months old, it is given a special KSDS service dog cape, and sometime after it turns 1, it goes back to KSDS for formal training.

Dependent on needs and temperament, the dog is selected to train as a guide dog, service dog or institutional helper.

For companions like Kai’s grandmother, guide dogs help them navigate curbs, stairs and sidewalks. They also help their owners avoid overhanging obstacles. In addition, the animals are taught to follow the “find” command, showing their owners where tables, chairs and doors are.

Service dogs are taught to retrieve dropped items, pull wheelchairs and help brace people as they transfer from wheelchair to bed. They also assist in undressing, opening and closing doors and turning on lights.

Facility dogs are partnered with a working professional at a school, clinic, courthouse or nursing home. Their training is more emotionally oriented, as they are instructed to maintain appropriate social behavior.

After training, the animal is paired with a partner and they become a team, with the partner traveling up to Washington to train with the animal. The dogs are valued at about $25,000 and are given more than 1,000 hours of training plus veterinary care.

As reported in the Hutchinson News

After the state paid out up to $466 million in fraudulent unemployment benefits, an oversight council tasked with ironing out issues doesn’t know the status of correcting critical cybersecurity issues.

“I just don’t have a lot of confidence right now in the security of the system,” said Sen. Caryn Tyson, R-Parker, “and I’m afraid for Kansas citizens.”

Contractor FORVIS performed a cybersecurity audit, broken into a risk assessment report and a penetration testing report. The firm also performed a forensic audit of unemployment insurance, estimating up to $466 million in fraudulent payments.

The council released a redacted version of the penetration testing report this month. The risk assessment report hasn’t been publicly released. Officials said the risk assessment identified 31 recommendations, including six of a high priority, 11 medium and 14 low.

The agency didn’t disclose an update on any of the six high priority recommendations, telling lawmakers the information could only be discussed in secret. The medium and low priority items are a mix of completed, in progress, require additional funding or are a policy determined by the state’s technology office.

“It’s got to be noted that there are 206 vulnerabilities listed in this report, of which 43 of them are critical, 74 are high and 89 are medium,” said Rep. Sean Tarwater, R-Stilwell, in apparent reference to the confidential risk assessment report from April.

Tarwater chairs the Unemployment Compensation Modernization and Improvement Council, which keyed in on cybersecurity issues at the Kansas Department of Labor during a Sept. 19 meeting.

“This report has been out for months, and it is extremely disappointing that we are still vulnerable,” Tyson said. “We just received this,” Labor Secretary Amber Shultz said. “It hasn’t been several months; it’s been a couple of months.”

Officials said both cybersecurity reports were provided to the department in April — or five months ago. “I’m not going to put Band-Aids or more bubblegum on a system that already has its own issues,” Shultz said. “So we are being very diligent on what systems we are putting in to secure our overall systems.”

Some of the problems should be eliminated through a $41-plus million technology overhaul of the unemployment system, which is built around a 1970s-era mainframe that is a decade older than the videogame Tetris. However, Tata Consultancy Services is not expected to have the new cloud-based system until at least summer 2024.

“Certainly I don’t know that we want to sit vulnerable for another two years,” said council member Phil Hayes. “I completely agree with you,” Shultz said, “that we’re not going to be waiting 24 months to get these implemented. … We are going to secure our system with due diligence.”

In comparing KDOL to national technology and cybersecurity standards, “We were 78-100% fully or partially implemented” across five categories, Shultz said.

“It’s disconcerting that the percentage is 78-100%,” Tyson said. “On some items, I would like more detail, especially on the high priority items.”

That sentiment was bipartisan on the council and became a major theme of questioning.

Unsatisfied council members pressed the auditors and officials in Gov. Laura Kelly’s administration on how long it will take to implement fixes.

“What’s the timeframe moving forward to button up our house?” Hayes asked Jeff Maxon, the state’s chief information security officer.

“It’s hard to give an exact number and what that looks like,” Maxon said. “But it does depend on the finding, what type it is, if it’s a managerial finding, operational finding or technical finding. That does dictate how long it takes to necessarily remediate those. I will say technical does require usually funding and sometimes takes time; the operational and managerial can sometimes be quicker or longer, depending on what the finding is.”

Some fixes require a reconfiguration of existing systems. Others can be done through existing state contracts, while some require procurement of new systems or tools.

More money will be required to implement other fixes, which likely would not be available unless legislators put it in the budget next year or Kansas gets federal grants. Sen. Jeff Pittman, D-Leavenworth, said legislators “often don’t prioritize” cybersecurity resources.

Hayes again asked for an ETA or a target timeframe, which Maxon reiterated that it depends on the specific finding. Some issues may take one to six months, while others are 18-24 months.

Maxon said items that are more likely to be exploited get priority, regardless of their criticality. “We’re seeing (as a national trend) a lot of bad actors go back and actually targeting some of the lower priority stuff because they’re easier to exploit,” Maxon said.

Sen. Renee Erickson, R-Wichita, grew frustrated by the lack of specific answers to when security vulnerabilities will be fixed. She said that Kansans deserve concrete answers.

“We still can’t have open and transparent discussions with our reports because of ongoing issues,” Erickson said. “What I hear from all of this conversation — while Kansans are still sitting out there, we still have these issues — is it takes time and funding and it depends. It’s like trying to figure this out is like trying to nail Jell-O to the wall. To hear that it’s complicated and it’s a moving target, to me, it’s not acceptable.”

“Maybe it sounds smarmy and maybe it doesn’t sound solid,” Pittman said, “but just because something’s complicated doesn’t mean that things are being hidden.”

He urged to refer the reports to a separate committee tasked with IT security, on which Pittman serves as the top Democrat.

But Pittman also pressed at times for more concrete answers himself. He wanted to know the timeline for remediating a specific critical finding in the penetration report.

“When you see critical, that immediately makes our red flags go up and we want to know that it’s being fixed immediately,” Pittman said.

Ron Hulshizer, of the contractor FORVIS, did not have a specific answer, noting that “it varies not only in time, but in cost.” Pittman again pressed on timelines for the highest priority items. “I have not heard back about what those timelines may be,” said Dwayne Tucker, of FORVIS.

He explained that issues are rated based on probability and impact, but implementation decisions are made on a case-by-case basis as clients evaluate and mitigate issues based on their own internal situation.

“I guess the short answer is I don’t have a good timeline for you,” Tucker said. Hulshizer compared cybersecurity efforts to closing windows and doors.

“I feel like our doors and windows were open,” said Rep. Susan Estes, R-Wichita, and that “hundreds of millions of dollars walked out of our front door. Citing five separate findings in the risk assessment, she asked Shultz, “How were such important things overlooked?”

“Cybersecurity is so complicated that it’s never done,” Shultz said.

“Certainly some things were overlooked,” she continued. “But we were in the middle of a pandemic. We were getting just annihilated by fraud. And we were trying to stop the bleeding and try to get a multifactor authentication system on board. So all in all, I think that it’s a fair report. We’re doing what we can now to close those windows and doors and we won’t stop looking for those open windows and doors.”

While the entirety of the risk assessment remains confidential, the penetration report has been released with heavy redactions to the findings. “The whole report is pretty much redacted,” Tarwater said.

The Labor Department has contended such secrecy is necessary to prevent malicious actors from using public information to compromise the agency’s network. Kansas open records law allows the government to keep cybersecurity information confidential, including vulnerability assessments.

Council members asked for percentage to completion and target completion dates for each of the top priority items. Maxon said such tracking information should be available, at least confidentially, because of federal requirements.

Tarwater set another meeting for Oct. 5 with the intention of going through a redacted version of the risk assessment. He contends that KDOL has had enough time to address many of the 206 vulnerabilities.

“Everything that you have addressed so far can be unredacted at that point, because it’s no longer a vulnerability,” he said. “We need to know. That way we can be more transparent.”

As reported in the Topeka Capital Journal