Test Drive Our New Site! We have some improvements in the works that we're excited for you to experience. Click here to try our new, faster, mobile friendly beta site. We will be maintaining our current version of the site thru the end of 2024, so you can switch back as our improvements continue.
Legislation Quick Search
Advanced Search
Pennsylvania State Senate
04/19/2024 08:30 AM
Pennsylvania State Senate
https://www.legis.state.pa.us/cfdocs/Legis/CSM/showMemoPublic.cfm?chamber=S&SPick=20190&cosponId=27681
Share:
Home / Senate Co-Sponsorship Memoranda

Senate Co-Sponsorship Memoranda

Subscribe to PaLegis Notifications
NEW!

Subscribe to receive notifications of new Co-Sponsorship Memos circulated

By Member | By Date | Keyword Search


Senate of Pennsylvania
Session of 2019 - 2020 Regular Session

MEMORANDUM

Posted: January 11, 2019 04:28 PM
From: Senator Kristin Phillips-Hill and Sen. Ryan P. Aument
To: All Senate members
Subject: Strengthening State Government Cybersecurity and Consolidation of IT Services
 
In the near future, we plan to re-introduce House Bill 1704 which was also Senate Bill 914 from last session that consolidates administration and management of the commonwealth’s Information Technology (IT) under the Office of Information Technology (OIT). This legislation would address the problems the commonwealth has faced in handling IT projects across many Administrations and Agencies.

The failure of the Commonwealth in handling IT projects is abundantly clear in the State Police Radio project as well as the Unemployment Compensation (UC) Call Centers. Additionally, the Departments of Human Services, Corrections, and Education (Teacher Information Management System) all had data breaches which exposed the names and personal information of thousands of individuals, including citizens of this Commonwealth and state employees. These data breaches came on the heels of the cyber-attack that caused the Department of Human Services Bureau of Vital Statistics computer system for birth certificates and death certificates to go offline from June 20 until June 26 of 2018. This greatly impeded Pennsylvanians access to essential documents with absolutely no explanation. The state has mismanaged hundreds of millions of dollars while many projects remain incomplete. Too many times government is the last to respond to IT related issues, which often results in wasting of taxpayer money.

Under the legislation, as passed by the House State Government Committee last session, OIT is given the broad necessary powers to consolidate and oversee all IT systems and contracts within the executive branch. These powers include:
  • Consolidation of all IT functions, powers, duties, infrastructure and support services in state agencies under the governor’s jurisdiction
  • Assist in the development and review the strategic plans of state agencies for handling IT
  • Identify and make recommendations on which services are common and can be shared throughout state government
  • Supervise and manage the procurement of all IT services
  • Serve as the liaison between state agencies and IT contractors
  • Establish standards and policies for IT procurement and cybersecurity
  • Establish and maintain a comprehensive IT Portal for all state agencies
  • Oversee and manage all state agency contracts regarding IT

In order to accomplish these duties, this legislation requires each agency’s chief IT employee and other associated staff to work under the office in their respective agency. These employees answer to the director who serves as the Commonwealth’s Chief Information Technology Officer. As part of the responsibility of overseeing the office, the director is also given broad powers concerning the state’s IT infrastructure. These include:
  • Developing a schedule for replacement or modification of IT systems
  • Requiring and reviewing IT reports from each state agency
  • Establishing standards adopted by the office for IT projects and IT standards
  • Develop biennial strategic plan for handling state government IT needs
  • Oversee and ensure each state agency has updated disaster recovery plans for IT
  • Approve or deny IT contracts based on the money available for the project
  • Require performance metrics be built into contracts to prevent projects from running over budget and behind schedule

As amended by the House State Government Committee the legislation includes House Bill 2610 from last session which requires contractors to use software to verify billable hours. This software is meant to reduce fraudulent charges, which is yet another mechanism to prevent wasteful spending on projects which can often run over budget.

Equally important to the IT consolidation within the bill, are the improvements made to the commonwealth’s cybersecurity capabilities. As cyberattacks within the United States from hackers or hostile nations continue to increase, the commonwealth must begin to update our security. This bill requires all state agencies to adopt new cybersecurity standards created by the director which must, at least, match industry best practices. The director is also required to develop a two year schedule to test the cybersecurity capabilities of all state agencies which are to be paid for by the respective agency. These cybersecurity audits/assessments are to be performed by a nationally recognized organization in the field of cybersecurity.

The bill also establishes a new committee on cybersecurity which is to be comprised of members of the House and Senate and their IT staffs. Additionally, the committee will include members of the administration, state row officers and the Administrative Office of the Pennsylvania Courts and their IT staff. This committee will meet quarterly to hear testimony on emerging threats and current policy. The committee will then issue an annual report which will include policy recommendations to the governor, House and Senate Leadership along with the Pennsylvania Court Administrator.

We must guard against and close potential points of entry for cyber attackers. Their disruptive actions shut down the progress of government, waste taxpayer time and money, and imperil the safety and security of every Pennsylvanian. Please join us and co-sponsor this comprehensive draft to consolidate and improve the commonwealth’s IT procurement and oversight while also improving our cybersecurity.

Introduced as SB810