Provides for registration with secretary of state by managed service providers servicing public bodies. (See Act) (EN +$48,000 GF EX See Note)
The law imposes a requirement for MSPs and MSSPs to report any cyber incidents or ransomware payments to the Louisiana Fusion Center within specific timeframes. This aligns with efforts to improve the state's cybersecurity framework by ensuring swift reporting and response to incidents that compromise the security of public bodies. Additionally, the bill introduces exceptions to public records laws regarding the details of certain cyber incidents, which could enhance the confidentiality of sensitive information but raises concerns about transparency.
Senate Bill 273 (SB273) introduces regulations for managed service providers (MSPs) and managed security service providers (MSSPs) that offer services to public bodies in Louisiana. The bill mandates a formal registration process with the Secretary of State for any provider managing a public body’s information technology systems. One of the primary goals of the bill is to ensure that public bodies can access reliable information about their service providers and enhance the security of their operations, particularly regarding cybersecurity threats and incidents.
The sentiment surrounding SB273 appears to be generally supportive among legislators, especially those invested in cybersecurity and information technology governance. The bill has received unanimous support in voting, reflecting a collective agreement on the necessity of establishing stronger controls over cybersecurity for public organizations. However, there are potential concerns among advocates for transparency about the exceptions made regarding public records, which could limit public oversight.
One point of contention noted during discussions relates to the implications of restricting public access to information about cyber incidents and the financial transactions related to ransomware. Stakeholders and advocacy groups express concern that while protecting sensitive data is crucial, it should not come at the expense of public accountability. Overall, SB273 is a significant step towards formalizing cybersecurity measures for public bodies, balancing the need for security with the imperatives of public trust.