House Substitute for SB 291 by Committee on Legislative Modernization - Transferring all cybsersecurity services under the chief information technology officer of each branch of government, creating chief information security officers within the judicial and legislative branches, requiring a chief information security officer to be appointed by the attorney general, Kansas bureau of investigation, secretary of state, state treasurer and insurance commissioner and requiring the chief information security officers to implement certain minimum cybersecurity standards, requiring the information technology executive council to develop a plan to integrate executive branch information technology services under the executive chief information technology officer, making and concerning appropriations for the fiscal years ending June 30, 2025, and June 30, 2026, for the office of information technology, Kansas information security office and the adjutant general, authorizing certain transfers and imposing certain limitations and restrictions and directing or authorizing certain disbursements and procedures for all state agencies and requiring legislative review of state agencies not in compliance with this act.
Impact
The legislation is expected to transform state laws concerning cybersecurity practices within government agencies. By formalizing the roles of CISOs and establishing centralized protocols, SB291 aims to mitigate risks associated with data breaches and unauthorized access to sensitive information. Agencies will have to adhere to the new standards, potentially shifting how they allocate resources toward cybersecurity initiatives and impacting existing state statutes related to data governance and privacy.
Summary
Senate Bill 291, known as the Kansas Cybersecurity Act, mandates a comprehensive approach to cybersecurity within state government agencies. It establishes the position of Chief Information Security Officers (CISOs) across the judicial and legislative branches and designates responsibilities for implementing standardized cybersecurity measures. The bill underscores the necessity for all state agencies to adhere to certain cybersecurity protocols and outlines requirements for annual training and compliance assessments. The intent is to bolster the state's defense against cyber threats and secure sensitive information managed by governmental bodies.
Sentiment
The sentiment surrounding SB291 is largely supportive among lawmakers, as it addresses growing concerns regarding cybersecurity threats and data protection. Proponents view the legislation as a proactive measure that will enhance the security posture of state agencies while ensuring compliance with modern cybersecurity standards. However, there are murmurs of concern regarding the implementation costs and the feasibility of the mandated training and assessment requirements, with some arguing it could strain smaller agencies.
Contention
Notable points of contention include debates about the resources required for effective implementation and ongoing training mandated by the bill. Some legislators express concern about the balance between cybersecurity measures and operational flexibility within agencies. Additionally, the confidentiality of audit results generated under this act raises issues around accountability and transparency in government practices, as it limits public access to potentially relevant information regarding cybersecurity failings within agencies.
Transferring all information technology services under the chief information technology officer of each branch of government, creating chief information security officers within the judicial and legislative branches, requiring a chief information security officer to be appointed by the attorney general, secretary of state, state treasurer and insurance commissioner and requiring the chief information security officers to implement certain minimum cybersecurity standards, making and concerning appropriations for the fiscal years ending June 30, 2025, and June 30, 2026, for the office of information technology, Kansas information security office and the adjutant general, authorizing certain transfers and imposing certain limitations and restrictions, and directing or authorizing certain disbursements and procedures for all state agencies and requiring legislative review of state agencies not in compliance with this act.
Authorizing the chief information security officer to receive audit reports and updating statutes related to services provided by the chief information technology officer.
Implementing additional reporting requirements for information technology projects and state agencies, requiring additional information technology security training and status reports, requiring reporting of significant cybersecurity audits and changing the membership requirements, terms of members and the quorum requirements for the information technology executive council.
Removing the expiration of provisions relating to moving cybersecurity services under the chief information technology officer of each branch of government.
Substitute for HB 2077 by the Committee on Appropriations - Implementing additional reporting requirements for information technology projects and state agencies, requiring additional information technology security training and status reports, requiring reporting of significant cybersecurity audits and changing the membership requirements, terms of members and the quorum requirements for the information technology executive council.
Transferring all information technology services under the chief information technology officer of each branch of government, creating chief information security officers within the judicial and legislative branches, requiring a chief information security officer to be appointed by the attorney general, secretary of state, state treasurer and insurance commissioner and requiring the chief information security officers to implement certain minimum cybersecurity standards, making and concerning appropriations for the fiscal years ending June 30, 2025, and June 30, 2026, for the office of information technology, Kansas information security office and the adjutant general, authorizing certain transfers and imposing certain limitations and restrictions, and directing or authorizing certain disbursements and procedures for all state agencies and requiring legislative review of state agencies not in compliance with this act.
Implementing additional reporting requirements for information technology projects and state agencies, requiring additional information technology security training and status reports, requiring reporting of significant cybersecurity audits and changing the membership requirements, terms of members and the quorum requirements for the information technology executive council.
Substitute for HB 2077 by the Committee on Appropriations - Implementing additional reporting requirements for information technology projects and state agencies, requiring additional information technology security training and status reports, requiring reporting of significant cybersecurity audits and changing the membership requirements, terms of members and the quorum requirements for the information technology executive council.
Removing the expiration of provisions relating to moving cybersecurity services under the chief information technology officer of each branch of government.
In boards and offices, providing for information technology; establishing the Office of Information Technology and the Information Technology Fund; providing for administrative and procurement procedures and for the Joint Cybersecurity Oversight Committee; imposing duties on the Office of Information Technology; providing for administration of Pennsylvania Statewide Radio Network; and imposing penalties.
In boards and offices, providing for information technology; establishing the Office of Information Technology and the Information Technology Fund; providing for administrative and procurement procedures and for the Joint Cybersecurity Oversight Committee; imposing duties on the Office of Information Technology; providing for administration of Pennsylvania Statewide Radio Network; and imposing penalties.
Senate Substitute for Substitute for HB 2060 by Committee on Local Government, Transparency and Ethics - Providing for the treatment of the reimbursement for expenses incurred for travel and activities in attending conferences or events by certain specified nonprofit organizations and discounted or free access to entertainment, sporting events or other activities.