See other bills
under the
same topic
PRINTER'S NO. 39
THE GENERAL ASSEMBLY OF PENNSYLVANIA
HOUSE BILL
No.
32
Session of
2017
INTRODUCED BY THOMAS, SIMS AND V. BROWN, JANUARY 23, 2017
REFERRED TO COMMITTEE ON COMMERCE, JANUARY 23, 2017
AN ACT
Amending the act of April 9, 1929 (P.L.177, No.175), entitled
"An act providing for and reorganizing the conduct of the
executive and administrative work of the Commonwealth by the
Executive Department thereof and the administrative
departments, boards, commissions, and officers thereof,
including the boards of trustees of State Normal Schools, or
Teachers Colleges; abolishing, creating, reorganizing or
authorizing the reorganization of certain administrative
departments, boards, and commissions; defining the powers and
duties of the Governor and other executive and administrative
officers, and of the several administrative departments,
boards, commissions, and officers; fixing the salaries of the
Governor, Lieutenant Governor, and certain other executive
and administrative officers; providing for the appointment of
certain administrative officers, and of all deputies and
other assistants and employes in certain departments, boards,
and commissions; and prescribing the manner in which the
number and compensation of the deputies and all other
assistants and employes of certain departments, boards and
commissions shall be determined," in organization of
departmental administrative boards and commissions and of
advisory boards and commissions, providing for Cybersecurity
Innovation and Excellence Commission.
The General Assembly of the Commonwealth of Pennsylvania
hereby enacts as follows:
Section 1. The act of April 9, 1929 (P.L.177, No.175), known
as The Administrative Code of 1929, is amended by adding a
section to read:
Section 480. Cybersecurity Innovation and Excellence
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
Commission.--(a) There is hereby established the Cybersecurity
Innovation and Excellence Commission. The Office of
Administration shall provide staff, space, equipment and
supplies for the commission to discharge its duties.
(b) The commission shall consist of the following members:
(1) One member of the Senate to be appointed by the
President pro tempore.
(2) One member of the House of Representatives to be
appointed by the Speaker of the House.
(3) The Secretary of Community and Economic Development or
the secretary's designee.
(4) The Secretary of Labor and Industry or the secretary's
designee.
(5) The Director of the Pennsylvania Emergency Management
Agency or the director's designee.
(6) The following members appointed by the Governor:
(i) Five representatives of cybersecurity companies located
in this Commonwealth, with at least three representing
cybersecurity companies with fifty employes or less.
(ii) Three representatives of Statewide or regional business
associations.
(iii) Four representatives of institutions of higher
education located in this Commonwealth.
(iv) One representative of a crime victims organization.
(v) Three representatives of industries that may be
susceptible to attacks on cybersecurity.
(vi) One representative of an organization that has
expertise in electronic health care records.
(c) The Governor shall appoint, to serve at his pleasure, a
Cybersecurity Coordinator. The Senate shall confirm the
20170HB0032PN0039 - 2 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
appointment, and the Cybersecurity Coordinator shall serve a
term of four years. The Cybersecurity Coordinator shall be
removable only for cause. The Cybersecurity Coordinator shall
serve as the director of the Cybersecurity Innovation and
Excellence Commission and shall be responsible for carrying out
the powers and duties of the office.
(d) The Governor also shall invite the following
representatives of Federal agencies to serve on the commission:
(1) The Director of the National Institute for Standards and
Technology or the director's designee.
(2) The Secretary of Defense or the secretary's designee.
(3) The Director of the National Security Agency or the
director's designee.
(4) The Secretary of Homeland Security or the secretary's
designee.
(5) The Director of the Defense Information Systems Agency
or the director's designee.
(6) The Director of the Intelligence Advanced Research
Projects Activity or the director's designee.
(e) The members appointed by the presiding officers of the
General Assembly shall cochair the commission.
(f) A member of the commission may not receive compensation
for his services but shall be reimbursed for all actual and
necessary expenses incurred in the discharge of his duties.
(g) The commission shall establish a framework to coordinate
the activities, outcomes and informative references of the
information technology offices and bureaus across all
Commonwealth offices and agencies. In developing this framework,
the office shall focus on those cybersecurity attributes that
are common to all Commonwealth offices and agencies. The office
20170HB0032PN0039 - 3 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
shall assess on an ongoing basis the best practices of other
state governments regarding cybersecurity. The office shall
establish a Statewide system of protocols with respect to the
following:
(1) Regularly scheduled system audits.
(2) Authentication methods.
(3) Automated indicator sharing.
(4) Conformity assessment.
(5) Cybersecurity work force needs.
(6) Data analytics.
(7) Alignment with Federal agency cybersecurity protocols.
(8) Potential alignment with international cybersecurity
protocols.
(9) Supply chain risk management.
(10) Technical privacy standards.
Section 2. This act shall take effect in 60 days.
20170HB0032PN0039 - 4 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16