Kansas 2023-2024 Regular Session

Kansas House Bill HB2019

Introduced

1/11/23

Refer

1/11/23

Report Pass

2/7/23

Engrossed

3/1/23

Refer

3/2/23

Report Pass

3/16/23

Enrolled

4/24/23

Passed

4/25/23

Caption

Implementing additional reporting requirements for information technology projects and state agencies, requiring additional information technology security training and status reports, requiring reporting of significant cybersecurity audits and changing the membership requirements, terms of members and the quorum requirements for the information technology executive council.

Impact

If enacted, HB2019 will amend various statutes to reinforce state expectations concerning information security and incident reporting. The bill enhances the Chief Information Security Officer's powers by requiring them to oversee compliance and reporting for state-agency technology projects. This could lead to a more coordinated and effective response to cybersecurity threats, potentially reducing vulnerability across state-operated platforms. Additionally, it necessitates agencies provide annual cybersecurity assessments, ensuring accountability and systematic improvements.

Summary

House Bill 2019 focuses on enhancing cybersecurity practices across Kansas government entities. The bill mandates that public agencies report significant cybersecurity incidents and establishes timeliness for notifications, including a 12-hour report requirement for discovered incidents. The legislation aims to improve the overall cybersecurity posture of state information systems by ensuring immediate transparency regarding breaches and incidents. Furthermore, it outlines specific corrective measures and training requirements for agency personnel on cybersecurity protocols.

Sentiment

The sentiment surrounding HB2019 appears supportive overall, particularly among proponents who stress the importance of safeguarding sensitive data against growing cyber threats. Legislators who support the bill argue it will fortify Kansas's defense against cyberattacks, thereby instilling public confidence in government operations. Conversely, some critics express concern regarding potential privacy issues and the effectiveness of rapid response protocols, fearing that such processes may not be sufficiently robust or prompt to avert significant damage in the event of an incident.

Contention

The main points of contention regarding HB2019 center around the balance between transparency and the management of sensitive data. Some stakeholders argue that immediate reporting could lead to breaches of privacy and possible misuse of information during investigations. Additionally, the correct implementation of these requirements poses administrative burdens on state agencies, particularly smaller departments that may lack the resources to effectively comply with stringent reporting and training mandates specified in the bill.

Latest HB2019 Activity

Companion Bills

No companion bills found.

Similar Bills

KS HB2077

Substitute for HB 2077 by the Committee on Appropriations - Implementing additional reporting requirements for information technology projects and state agencies, requiring additional information technology security training and status reports, requiring reporting of significant cybersecurity audits and changing the membership requirements, terms of members and the quorum requirements for the information technology executive council.

KS SB291

House Substitute for SB 291 by Committee on Legislative Modernization - Transferring all cybsersecurity services under the chief information technology officer of each branch of government, creating chief information security officers within the judicial and legislative branches, requiring a chief information security officer to be appointed by the attorney general, Kansas bureau of investigation, secretary of state, state treasurer and insurance commissioner and requiring the chief information security officers to implement certain minimum cybersecurity standards, requiring the information technology executive council to develop a plan to integrate executive branch information technology services under the executive chief information technology officer, making and concerning appropriations for the fiscal years ending June 30, 2025, and June 30, 2026, for the office of information technology, Kansas information security office and the adjutant general, authorizing certain transfers and imposing certain limitations and restrictions and directing or authorizing certain disbursements and procedures for all state agencies and requiring legislative review of state agencies not in compliance with this act.

KS HB2842

Transferring all information technology services under the chief information technology officer of each branch of government, creating chief information security officers within the judicial and legislative branches, requiring a chief information security officer to be appointed by the attorney general, secretary of state, state treasurer and insurance commissioner and requiring the chief information security officers to implement certain minimum cybersecurity standards, making and concerning appropriations for the fiscal years ending June 30, 2025, and June 30, 2026, for the office of information technology, Kansas information security office and the adjutant general, authorizing certain transfers and imposing certain limitations and restrictions, and directing or authorizing certain disbursements and procedures for all state agencies and requiring legislative review of state agencies not in compliance with this act.

FL H1511

Cybersecurity

PA HB883

In boards and offices, providing for information technology; establishing the Office of Information Technology and the Information Technology Fund; providing for administrative and procurement procedures and for the Joint Cybersecurity Oversight Committee; imposing duties on the Office of Information Technology; providing for administration of Pennsylvania Statewide Radio Network; and imposing penalties.