See other bills
under the
same topic
PRINTER'S NO. 195
THE GENERAL ASSEMBLY OF PENNSYLVANIA
HOUSE BILL
No.
225
Session of
2019
INTRODUCED BY KENYATTA, JANUARY 28, 2019
REFERRED TO COMMITTEE ON COMMERCE, JANUARY 28, 2019
AN ACT
Amending the act of April 9, 1929 (P.L.177, No.175), entitled,
as amended, "An act providing for and reorganizing the
conduct of the executive and administrative work of the
Commonwealth by the Executive Department thereof and the
administrative departments, boards, commissions, and officers
thereof, including the boards of trustees of State Normal
Schools, or Teachers Colleges; abolishing, creating,
reorganizing or authorizing the reorganization of certain
administrative departments, boards, and commissions; defining
the powers and duties of the Governor and other executive and
administrative officers, and of the several administrative
departments, boards, commissions, and officers; fixing the
salaries of the Governor, Lieutenant Governor, and certain
other executive and administrative officers; providing for
the appointment of certain administrative officers, and of
all deputies and other assistants and employes in certain
departments, boards, and commissions; providing for judicial
administration; and prescribing the manner in which the
number and compensation of the deputies and all other
assistants and employes of certain departments, boards and
commissions shall be determined," in organization of
departmental administrative boards and commissions and of
advisory boards and commissions, providing for Cybersecurity
Innovation Commission.
The General Assembly of the Commonwealth of Pennsylvania
hereby enacts as follows:
Section 1. The act of April 9, 1929 (P.L.177, No.175), known
as The Administrative Code of 1929, is amended by adding a
section to read:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
Section 480. Cybersecurity Innovation Commission.--(a)
There is hereby established the Cybersecurity Innovation
Commission. The Office of Administration shall provide staff,
space, equipment and supplies for the commission to discharge
its duties.
(b) The commission shall consist of the following members:
(1) One member of the Senate to be appointed by the
President pro tempore.
(2) One member of the House of Representatives to be
appointed by the Speaker of the House.
(3) The Secretary of Community and Economic Development or
the secretary's designee.
(4) The Secretary of Labor and Industry or the secretary's
designee.
(5) The Director of the Pennsylvania Emergency Management
Agency or the director's designee.
(6) The following members appointed by the Governor:
(i) Five representatives of cybersecurity companies located
in this Commonwealth, with at least three representing
cybersecurity companies with fifty employes or less.
(ii) Three representatives of Statewide or regional business
associations.
(iii) Four representatives of institutions of higher
education located in this Commonwealth.
(iv) One representative of a crime victims organization.
(v) Three representatives of industries that may be
susceptible to attacks on cybersecurity.
(vi) One representative of an organization that has
expertise in electronic health care records.
(c) The Governor shall appoint, to serve at his pleasure, a
20190HB0225PN0195 - 2 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
Cybersecurity Coordinator. The Senate shall confirm the
appointment, and the Cybersecurity Coordinator shall serve a
term of four years. The Cybersecurity Coordinator shall be
removable only for cause. The Cybersecurity Coordinator shall
serve as the director of the Cybersecurity Innovation Commission
and shall be responsible for carrying out the powers and duties
of the office.
(d) The Governor also shall invite the following
representatives of Federal agencies to serve on the commission:
(1) The Director of the National Institute of Standards and
Technology or the director's designee.
(2) The Secretary of Defense or the secretary's designee.
(3) The Director of the National Security Agency or the
director's designee.
(4) The Secretary of Homeland Security or the secretary's
designee.
(5) The Director of the Defense Information Systems Agency
or the director's designee.
(6) The Director of the Intelligence Advanced Research
Projects Activity or the director's designee.
(e) The members appointed by the presiding officers of the
General Assembly shall cochair the commission.
(f) A member of the commission may not receive compensation
for his services but shall be reimbursed for all actual and
necessary expenses incurred in the discharge of his duties.
(g) The commission shall establish a framework to coordinate
the activities, outcomes and informative references of the
information technology offices and bureaus across all
Commonwealth offices and agencies. In developing this framework,
the office shall focus on those cybersecurity attributes that
20190HB0225PN0195 - 3 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
are common to all Commonwealth offices and agencies. The office
shall assess on an ongoing basis the best practices of other
state governments regarding cybersecurity. The office shall
establish a Statewide system of protocols with respect to the
following:
(1) Regularly scheduled system audits.
(2) Authentication methods.
(3) Automated indicator sharing.
(4) Conformity assessment.
(5) Cybersecurity work force needs.
(6) Data analytics.
(7) Alignment with Federal agency cybersecurity protocols.
(8) Potential alignment with international cybersecurity
protocols.
(9) Supply chain risk management.
(10) Technical privacy standards.
Section 2. This act shall take effect in 60 days.
20190HB0225PN0195 - 4 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17