Test Drive Our New Site! We have some improvements in the works that we're excited for you to experience. Click here to try our new, faster, mobile friendly beta site. We will be maintaining our current version of the site thru mid 2025, so you can switch back as our improvements continue.
Legislation Quick Search
12/01/2024 04:16 PM
Pennsylvania State Senate
https://www.legis.state.pa.us/cfdocs/Legis/CSM/showMemoPublic.cfm?chamber=S&SPick=20210&cosponId=33247
Share:
Home / Senate Co-Sponsorship Memoranda

Senate Co-Sponsorship Memoranda

Subscribe to PaLegis Notifications
NEW!

Subscribe to receive notifications of new Co-Sponsorship Memos circulated

By Member | By Date | Keyword Search


Senate of Pennsylvania
Session of 2021 - 2022 Regular Session

MEMORANDUM

Posted: December 8, 2020 09:56 AM
From: Senator Kristin Phillips-Hill and Sen. Ryan P. Aument
To: All Senate members
Subject: Strengthening State Government Cybersecurity and Consolidation of IT Services
 
In the near future, we plan to reintroduce Senate Bill 810 from last session that consolidates administration and management of the commonwealth’s Information Technology (IT) under the Office of Information Technology (OIT). This legislation would address the problems the commonwealth has faced in directing IT projects across many Administrations and Agencies.

The failure of the Commonwealth to competently manage IT projects is abundantly clear in the State Police Radio project as well as the Unemployment Compensation (UC) Call Centers. Additionally, the Departments of Human Services, Corrections, and Education (Teacher Information Management System) all had data breaches which exposed the names and personal information of thousands of individuals, including citizens of this Commonwealth and state employees. These data breaches came on the heels of the cyber-attack that caused the Department of Human Services Bureau of Vital Statistics computer system for birth certificates and death certificates to go offline from June 20 until June 26 of 2018. This greatly impeded Pennsylvanians access to essential documents with absolutely no explanation. The state has mismanaged hundreds of millions of dollars while many projects remain incomplete. Too many times government is the last to respond to IT related issues, which often results in wasting of taxpayer money.

Under the legislation, OIT is given the broad necessary powers to consolidate and oversee all IT systems and contracts within the executive branch. These powers include:
  • Consolidation of all IT functions, powers, duties, infrastructure and support services in state agencies under the governor’s jurisdiction
  • Assist in the development and review the strategic plans of state agencies for handling IT
  • Identify and make recommendations on which services are common and can be shared throughout state government
  • Supervise and manage the procurement of all IT services
  • Serve as the liaison between state agencies and IT contractors
  • Establish standards and policies for IT procurement and cybersecurity
  • Establish and maintain a comprehensive IT Portal for all state agencies
  • Oversee and manage all state agency contracts regarding IT

To accomplish these duties, this legislation requires each agency’s chief IT employee and other associated staff to work under the office in their respective agency. These employees answer to the director who serves as the Commonwealth’s Chief Information Technology Officer. As part of the responsibility of overseeing the office, the director is also given broad powers concerning the state’s IT infrastructure. These include:
  • Developing a schedule for replacement or modification of IT systems
  • Requiring and reviewing IT reports from each state agency
  • Establishing standards adopted by the office for IT projects and IT standards
  • Developing a biennial strategic plan for handling state government IT needs
  • Overseeing and ensuring each state agency has updated disaster recovery plans for IT
  • Approving or denying IT contracts based on the money available for the project
Equally important to the IT consolidation within the bill, are the improvements made to the commonwealth’s cybersecurity capabilities. As cyber attacks within the United States from hackers or hostile nations continue to increase, the commonwealth must begin to update our security. This bill requires all state agencies to adopt new cybersecurity standards created by the director which must, at least, match industry best practices. The director is also required to develop a two year schedule to test the cybersecurity capabilities of all state agencies which are to be paid for by the respective agency. These cybersecurity audits/assessments are to be performed by a nationally recognized organization in the field of cybersecurity.

The bill also establishes a new committee on cybersecurity which is to be comprised of members of the House and Senate and their IT staffs. Additionally, the committee will include members of the administration, state row officers and the Administrative Office of the Pennsylvania Courts and their IT staff. This committee will meet quarterly to hear testimony on emerging threats and current policy. The committee will then issue an annual report which will include policy recommendations to the governor, House and Senate Leadership along with the Pennsylvania Court Administrator.

We must guard against and close potential points of entry for cyber attackers. Their disruptive actions shut down the progress of government, waste taxpayer time and money, and imperil the safety and security of every Pennsylvanian. Please join us and co-sponsor this comprehensive draft to consolidate and improve the commonwealth’s IT procurement and oversight while also improving our cybersecurity.

Previous co-sponsors of this legislation include Senators Mensch, Baker, K. Ward, J. Ward, Browne, Regan, and Stefano.
 




Introduced as SB482


Memo Updated: December 8, 2020 09:57 AM