|Posted:||December 8, 2020 09:56 AM|
|From:||Senator Kristin Phillips-Hill and Sen. Ryan P. Aument|
|To:||All Senate members|
|Subject:||Strengthening State Government Cybersecurity and Consolidation of IT Services|
|In the near future, we plan to reintroduce Senate Bill 810 from last session that consolidates administration and management of the commonwealth’s Information Technology (IT) under the Office of Information Technology (OIT). This legislation would address the problems the commonwealth has faced in directing IT projects across many Administrations and Agencies.
The failure of the Commonwealth to competently manage IT projects is abundantly clear in the State Police Radio project as well as the Unemployment Compensation (UC) Call Centers. Additionally, the Departments of Human Services, Corrections, and Education (Teacher Information Management System) all had data breaches which exposed the names and personal information of thousands of individuals, including citizens of this Commonwealth and state employees. These data breaches came on the heels of the cyber-attack that caused the Department of Human Services Bureau of Vital Statistics computer system for birth certificates and death certificates to go offline from June 20 until June 26 of 2018. This greatly impeded Pennsylvanians access to essential documents with absolutely no explanation. The state has mismanaged hundreds of millions of dollars while many projects remain incomplete. Too many times government is the last to respond to IT related issues, which often results in wasting of taxpayer money.
Under the legislation, OIT is given the broad necessary powers to consolidate and oversee all IT systems and contracts within the executive branch. These powers include:
To accomplish these duties, this legislation requires each agency’s chief IT employee and other associated staff to work under the office in their respective agency. These employees answer to the director who serves as the Commonwealth’s Chief Information Technology Officer. As part of the responsibility of overseeing the office, the director is also given broad powers concerning the state’s IT infrastructure. These include:
The bill also establishes a new committee on cybersecurity which is to be comprised of members of the House and Senate and their IT staffs. Additionally, the committee will include members of the administration, state row officers and the Administrative Office of the Pennsylvania Courts and their IT staff. This committee will meet quarterly to hear testimony on emerging threats and current policy. The committee will then issue an annual report which will include policy recommendations to the governor, House and Senate Leadership along with the Pennsylvania Court Administrator.
We must guard against and close potential points of entry for cyber attackers. Their disruptive actions shut down the progress of government, waste taxpayer time and money, and imperil the safety and security of every Pennsylvanian. Please join us and co-sponsor this comprehensive draft to consolidate and improve the commonwealth’s IT procurement and oversight while also improving our cybersecurity.
Previous co-sponsors of this legislation include Senators Mensch, Baker, K. Ward, J. Ward, Browne, Regan, and Stefano.
Introduced as SB482