IL
Illinois Senate Bill SB1740

Illinois 2023-2024 Regular Session

Illinois Senate Bill SB1740 Compare Versions

Only one version of the bill is available at this time.
OldNewDifferences
11 103RD GENERAL ASSEMBLY State of Illinois 2023 and 2024 SB1740 Introduced 2/9/2023, by Sen. Steve Stadelman SYNOPSIS AS INTRODUCED: New Act Creates the Ransomware Attack Act. Provides that a governmental unit (the State, a unit of local government, or any other subdivision of the State) may not use any public funds to pay any person or entity to recover its computer system after a ransomware attack unless the Governor first makes a proclamation that the ransomware attack against the governmental unit is a disaster under the Illinois Emergency Management Agency Act and, in the proclamation, authorizes the governmental unit to make a payment to recover its computer system following the ransomware attack. Requires a governmental unit to report a ransomware attack to the Department of Innovation and Technology no later than 24 hours after discovering the attack, and requires the Department of Innovation and Technology to adopt rules to implement reporting requirements. Limits the current exercise of home rule powers. Effective immediately. LRB103 28322 AWJ 54701 b A BILL FOR 103RD GENERAL ASSEMBLY State of Illinois 2023 and 2024 SB1740 Introduced 2/9/2023, by Sen. Steve Stadelman SYNOPSIS AS INTRODUCED: New Act New Act Creates the Ransomware Attack Act. Provides that a governmental unit (the State, a unit of local government, or any other subdivision of the State) may not use any public funds to pay any person or entity to recover its computer system after a ransomware attack unless the Governor first makes a proclamation that the ransomware attack against the governmental unit is a disaster under the Illinois Emergency Management Agency Act and, in the proclamation, authorizes the governmental unit to make a payment to recover its computer system following the ransomware attack. Requires a governmental unit to report a ransomware attack to the Department of Innovation and Technology no later than 24 hours after discovering the attack, and requires the Department of Innovation and Technology to adopt rules to implement reporting requirements. Limits the current exercise of home rule powers. Effective immediately. LRB103 28322 AWJ 54701 b LRB103 28322 AWJ 54701 b A BILL FOR
22 103RD GENERAL ASSEMBLY State of Illinois 2023 and 2024 SB1740 Introduced 2/9/2023, by Sen. Steve Stadelman SYNOPSIS AS INTRODUCED:
33 New Act New Act
44 New Act
55 Creates the Ransomware Attack Act. Provides that a governmental unit (the State, a unit of local government, or any other subdivision of the State) may not use any public funds to pay any person or entity to recover its computer system after a ransomware attack unless the Governor first makes a proclamation that the ransomware attack against the governmental unit is a disaster under the Illinois Emergency Management Agency Act and, in the proclamation, authorizes the governmental unit to make a payment to recover its computer system following the ransomware attack. Requires a governmental unit to report a ransomware attack to the Department of Innovation and Technology no later than 24 hours after discovering the attack, and requires the Department of Innovation and Technology to adopt rules to implement reporting requirements. Limits the current exercise of home rule powers. Effective immediately.
66 LRB103 28322 AWJ 54701 b LRB103 28322 AWJ 54701 b
77 LRB103 28322 AWJ 54701 b
88 A BILL FOR
99 SB1740LRB103 28322 AWJ 54701 b SB1740 LRB103 28322 AWJ 54701 b
1010 SB1740 LRB103 28322 AWJ 54701 b
1111 1 AN ACT concerning government.
1212 2 Be it enacted by the People of the State of Illinois,
1313 3 represented in the General Assembly:
1414 4 Section 1. Short title. This Act may be cited as the
1515 5 Ransomware Attack Act.
1616 6 Section 5. Definitions. As used in this Act:
1717 7 "Governmental unit" means an agency of the State, a unit
1818 8 of local government, or any other subdivision of the State.
1919 9 "Ransomware" means malware that prevents or limits a user
2020 10 from accessing the user's computer system by locking the
2121 11 user's files until a ransom is paid.
2222 12 Section 10. Payments due to ransomware prohibited;
2323 13 Governor-approved payments.
2424 14 (a) Except as provided in subsection (b), a governmental
2525 15 unit may not use any public funds to pay any person or entity
2626 16 to recover its computer system after a ransomware attack.
2727 17 (b) If the governor makes a proclamation that a ransomware
2828 18 attack against a governmental unit is a disaster under the
2929 19 Illinois Emergency Management Agency Act and, in the
3030 20 proclamation, authorizes the governmental unit to make a
3131 21 payment to recover its computer system following the
3232 22 ransomware attack, then the governmental unit may make any
3333
3434
3535
3636 103RD GENERAL ASSEMBLY State of Illinois 2023 and 2024 SB1740 Introduced 2/9/2023, by Sen. Steve Stadelman SYNOPSIS AS INTRODUCED:
3737 New Act New Act
3838 New Act
3939 Creates the Ransomware Attack Act. Provides that a governmental unit (the State, a unit of local government, or any other subdivision of the State) may not use any public funds to pay any person or entity to recover its computer system after a ransomware attack unless the Governor first makes a proclamation that the ransomware attack against the governmental unit is a disaster under the Illinois Emergency Management Agency Act and, in the proclamation, authorizes the governmental unit to make a payment to recover its computer system following the ransomware attack. Requires a governmental unit to report a ransomware attack to the Department of Innovation and Technology no later than 24 hours after discovering the attack, and requires the Department of Innovation and Technology to adopt rules to implement reporting requirements. Limits the current exercise of home rule powers. Effective immediately.
4040 LRB103 28322 AWJ 54701 b LRB103 28322 AWJ 54701 b
4141 LRB103 28322 AWJ 54701 b
4242 A BILL FOR
4343
4444
4545
4646
4747
4848 New Act
4949
5050
5151
5252 LRB103 28322 AWJ 54701 b
5353
5454
5555
5656
5757
5858
5959
6060
6161
6262 SB1740 LRB103 28322 AWJ 54701 b
6363
6464
6565 SB1740- 2 -LRB103 28322 AWJ 54701 b SB1740 - 2 - LRB103 28322 AWJ 54701 b
6666 SB1740 - 2 - LRB103 28322 AWJ 54701 b
6767 1 payment needed using public funds to end the ransomware
6868 2 attack.
6969 3 Section 15. Reports of ransomware attacks; rules. A
7070 4 governmental unit must report a ransomware attack to the
7171 5 Department of Innovation and Technology no later than 24 hours
7272 6 after discovering the attack. The Department of Innovation and
7373 7 Technology shall adopt rules to implement reporting
7474 8 requirements under this Section.
7575 9 Section 90. Home rule. A home rule unit may not authorize
7676 10 payment for ransomware in a manner inconsistent with this Act.
7777 11 This Act is a limitation under subsection (i) of Section 6 of
7878 12 Article VII of the Illinois Constitution on the concurrent
7979 13 exercise by home rule units of powers and functions exercised
8080 14 by the State.
8181 15 Section 99. Effective date. This Act takes effect upon
8282 16 becoming law.
8383
8484
8585
8686
8787
8888 SB1740 - 2 - LRB103 28322 AWJ 54701 b