|Posted:||December 21, 2016 12:48 PM|
|From:||Representative W. Curtis Thomas|
|To:||All House members|
|Subject:||Cybersecurity Innovation and Excellence Commission|
|In the near future, I plan to introduce legislation that would establish a Cybersecurity Innovation and Excellence Commission to create a more centralized model for cybersecurity policy and implementation in Pennsylvania.
Currently, the Governor’s Office of Administration manages the cybersecurity for all Executive Branch agencies and each branch of Pennsylvania’s government addresses, manages and implements cybersecurity efforts and protocols separately. Each of these branches should be commended for their dedication and diligence in protecting from cyberattacks, the personal information that is regularly collected and stored as part of the work of the entities and its programs.
Consider for a moment, how many documents and applications are collected by the Judicial Branch, the Legislative Branch (House, Senate, Capitol Preservation Committee, Chief Clerks in the House and Senate, etc.), and the myriad documents collected by the Commonwealth Agencies, which can vary from personal income tax, to retirement systems and driver’s licensing. I would hazard that among the various branches and agencies, there are millions of pieces of personal information being held electronically on the state-level, alone.
My proposed legislation would create a system to centralize and streamline cybersecurity measures across all of the Commonwealth agencies and branches. It is based on the Maryland Commission on Cybersecurity and Innovation Excellence, which that state authorized in 2011. My legislation would amend the Administrative Code of 1929 (P.L. 177, No. 175) to establish a Commission in Pennsylvania.
The Commission complement would include: one member each from the Senate and House; the Secretary (or secretary’s designee) from the Departments of Community and Economic Development and Labor and Industry; the director of the Pennsylvania Emergency Management Agency; and to be appointed by the Governor: five representatives of Pennsylvania cybersecurity companies, three representatives from statewide or regional business associations, four representatives of Pennsylvania institutions of higher education, one representative of a crime victims organization, three representatives from industries that may be susceptible to attacks on cybersecurity and one representative of an organization with expertise in electronic health care records.
The Governor would appoint and Senate confirm a Cybersecurity Coordinator who will serve a 4-year term. Additionally, the Governor may invite a representative of a number of federal agencies to serve on the commission.
The Commission’s role, at a minimum, is to establish a framework to coordinate the activities, outcomes and informative references of information technology offices and bureaus across all Commonwealth offices and agencies, as well as establishing protocols for regularly scheduled audits, authentication methods, cybersecurity workforce needs and technical privacy concerns.
The outcome would be a centralized model for cybersecurity policy and implementation with the ability to not only recommend a comprehensive framework and strategic plan for cybersecurity innovation and excellence, but also a plan for recovery should there be a cyber attack. This legislation is one more step toward protecting all Pennsylvanians.
Please join me in co-sponsoring this legislation.
(Formerly HB1909 of the 2015-16 Legislative Session)
Introduced as HB32