See other bills
under the
same topic
PRINTER'S NO. 2825
THE GENERAL ASSEMBLY OF PENNSYLVANIA
HOUSE BILL
No.
2009
Session of
2019
INTRODUCED BY KENYATTA, OCTOBER 30, 2019
REFERRED TO COMMITTEE ON COMMERCE, OCTOBER 30, 2019
AN ACT
Amending the act of April 9, 1929 (P.L.177, No.175), entitled
"An act providing for and reorganizing the conduct of the
executive and administrative work of the Commonwealth by the
Executive Department thereof and the administrative
departments, boards, commissions, and officers thereof,
including the boards of trustees of State Normal Schools, or
Teachers Colleges; abolishing, creating, reorganizing or
authorizing the reorganization of certain administrative
departments, boards, and commissions; defining the powers and
duties of the Governor and other executive and administrative
officers, and of the several administrative departments,
boards, commissions, and officers; fixing the salaries of the
Governor, Lieutenant Governor, and certain other executive
and administrative officers; providing for the appointment of
certain administrative officers, and of all deputies and
other assistants and employes in certain departments, boards,
and commissions; providing for judicial administration; and
prescribing the manner in which the number and compensation
of the deputies and all other assistants and employes of
certain departments, boards and commissions shall be
determined," in organization of departmental administrative
boards and commissions and of advisory boards and
commissions, providing for Cybersecurity Coordination Board.
The General Assembly of the Commonwealth of Pennsylvania
hereby enacts as follows:
Section 1. The act of April 9, 1929 (P.L.177, No.175), known
as The Administrative Code of 1929, is amended by adding a
section to read:
Section 480. Cybersecurity Coordination Board.--(a) There
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
is hereby established the Cybersecurity Coordination Board
within the Office of Administration. The Cybersecurity
Coordination Board shall collect, study and share information
about data privacy and cybersecurity issues and initiatives and
provide advice to the Governor with respect to developing
uniform cybersecurity techniques, standards, policies,
procedures and best practices. The Cybersecurity Coordination
Board shall coordinate efforts with Federal, State and local
government agencies, academic institutions and the private
sector to promote effective cybersecurity measures for the
benefit of the residents, businesses, government entities and
other entities within this Commonwealth.
(b) The Cybersecurity Coordination Board shall consist of
the following members:
(1) One member of the Senate to be appointed by the
President pro tempore.
(2) One member of the Senate to be appointed by the Minority
Leader of the Senate.
(3) One member of the House of Representatives to be
appointed by the Speaker of the House of Representatives.
(4) One member of the House of Representatives to be
appointed by the Minority Leader of the House of
Representatives.
(5) The Secretary of Community and Economic Development or a
cybersecurity subject matter expert designated by the secretary.
(6) The Secretary of Labor and Industry or a cybersecurity
subject matter expert designated by the secretary.
(7) The Director of the Pennsylvania Emergency Management
Agency or a cybersecurity subject matter expert designated by
the director.
20190HB2009PN2825 - 2 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
(8) The Secretary of Banking and Securities or a
cybersecurity subject matter expert designated by the secretary.
(9) The Commonwealth's Chief Information Security Officer
under the Office of Administration.
(10) The Commonwealth's Chief Privacy Officer.
(11) The Secretary of Corrections or a cybersecurity subject
matter expert designated by the secretary.
(12) The Secretary of Transportation or a cybersecurity
subject matter expert designated by the secretary.
(13) The Secretary of Revenue or a cybersecurity subject
matter expert designated by the secretary.
(14) The Secretary of Administration or a cybersecurity
subject matter expert designated by the secretary.
(15) The Secretary of Human Services or a cybersecurity
subject matter expert designated by the secretary.
(16) The Secretary of Education or a cybersecurity subject
matter expert designated by the secretary.
(17) The Secretary of State or a cybersecurity subject
matter expert designated by the secretary.
(18) The Secretary of Health or a cybersecurity subject
matter expert designated by the secretary.
(19) The Commissioner of the Pennsylvania State Police or a
cybersecurity subject matter expert designated by the
commissioner.
(20) The Adjutant General of the Department of Military and
Veterans Affairs or a cybersecurity subject matter expert
designated by the Adjutant General.
(21) The Director of the Governor's Office of Homeland
Security or cybersecurity subject matter expert designated by
the director.
20190HB2009PN2825 - 3 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
(22) The Executive Director of the County Commissioners
Association of Pennsylvania or a cybersecurity subject matter
expert designated by the executive director.
(23) The Executive Director for the Pennsylvania Municipal
League or a cybersecurity subject matter expert designated by
the executive director.
(24) The Executive Director for the Pennsylvania State
Association of Township Supervisors or a cybersecurity subject
matter expert designated by the executive director.
(25) The Executive Director for the Pennsylvania State
Association of Boroughs or a cybersecurity subject matter expert
designated by the executive director.
(26) The Executive Director for the Pennsylvania State
Association of Township Commissioners or a cybersecurity subject
matter expert designated by the executive director.
(27) The President of the Pennsylvania Association of
Intermediate Units or a cybersecurity subject matter expert
designated by the president.
(28) The Chancellor of the State System of Higher Education
or a cybersecurity subject matter expert designated by the
chancellor.
(c) The Cybersecurity Coordination Board shall also include
three cybersecurity subject matter experts from private sector
industries that shall be nominated by the Cybersecurity
Coordinator and appointed by and serve at the pleasure of the
Governor.
(d) The Governor shall invite the following representatives
of Federal agencies to serve as advisory members to the
Cybersecurity Coordination Board:
(1) The United States Secretary of Defense or the
20190HB2009PN2825 - 4 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
secretary's designee.
(2) The United States Secretary of Homeland Security or the
secretary's designee.
(3) The director of the National Institute of Standards and
Technology or a designee.
(4) The Director of the Defense Information Systems Agency
or the director's designee.
(5) The Director of the Intelligence Advanced Research
Projects Activity or the director's designee.
(6) The Director of the Federal Bureau of Investigation or
the director's designee.
(e) The Office of Administration shall acquire staff, office
space, office equipment and supplies and obtain the services of
cybersecurity subject matter experts to assist the Cybersecurity
Coordination Board in fulfilling its duties under this section.
(f) The Chief Information Security Officer of the Office of
Administration shall serve as Cybersecurity Coordinator to the
Cybersecurity Coordination Board. The Cybersecurity Coordinator
shall serve as the director and secretary of the Cybersecurity
Coordination Board and shall be responsible for carrying out the
duties of the Cybersecurity Coordination Board. The
Cybersecurity Coordinator shall make the final determination as
to any action or inaction the Cybersecurity Coordination Board
shall take, including any advice or information to be given to
the Governor. The Cybersecurity Coordinator shall rely on
support from the Office of Administration's designated staff and
the Office of Administration's Office of Chief Counsel in the
furtherance of the Cybersecurity Coordination Board fulfilling
its duties under this section.
(g) (1) The Cybersecurity Coordination Board shall meet no
20190HB2009PN2825 - 5 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
less than four times a year to review and assess cybersecurity
and privacy topics, including risks, protective measures, laws,
regulations, governances, technologies, standards and best
practices that affect the Federal, State, county and local
governments, international government, businesses and other
entities. Additional meetings shall be at the discretion of the
Cybersecurity Coordinator.
(2) The Cybersecurity Coordination Board may establish
committees, as needed, to formulate recommended positions or
actions.
(3) The Cybersecurity Coordination Board shall provide the
Governor an annual report summarizing the Cybersecurity
Coordination Board's findings and assessments. The report shall
include an overview of the privacy and cybersecurity landscape,
changes since the prior report, issues and risks affecting the
protection of information, recommendations to resolve and
mitigate the issues and risks and any other relevant information
deemed appropriate by the Cybersecurity Coordination Board with
respect to privacy and cybersecurity. The report shall be
confidential and exempt from disclosure as provided under
paragraph (4).
(4) Deliberations, documentation, records and all work of
the Cybersecurity Coordination Board and its committees,
including any actions or reports of the Cybersecurity
Coordination Board, shall be confidential and shall be exempt
from the requirements of the following:
(i) 65 Pa.C.S. Ch. 7 (relating to open meetings).
(ii) The act of February 14, 2008 (P.L.6, No.3), known as
the "Right-to-Know Law."
(h) Members shall serve without compensation except for
20190HB2009PN2825 - 6 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
payment of necessary and actual expenses incurred in attending
meetings and in performing their duties and responsibilities as
members.
(i) Cybersecurity Coordination Board or committee members,
including advisory members, shall not use their position to sell
products or services to the Commonwealth or benefit financially
or enable their immediate family members or employers to benefit
financially, whether directly or indirectly, from Commonwealth
initiatives that result from recommendations or advice provided
by the Cybersecurity Coordination Board under this section.
Section 2. This act shall take effect in 60 days.
20190HB2009PN2825 - 7 -
1
2
3
4
5
6
7
8
9
10
11