In the near future I will reintroduce Senate Bill 745 of last session which aimed at protecting our state’s information technology (IT). Cybersecurity attacks cost businesses and governments trillions of dollars every year. Often, governments consider security in terms of preventing ‘a PC’ from being infected. The reality is that attacks are becoming much more destructive and at a larger scale. It’s not uncommon to see attacks take down hundreds or thousands of machines in a single incident.

Right here within our own state government we have seen attacks and breaches across almost every agency, including the Department of Labor and Industry, Department of Human Services, Department of Education, and Department of Health.

In this environment, it’s critical to understand that every PC or printer purchase decision our state government makes should include cybersecurity as a critical procurement requirement and utilize best practices. The National Institute of Standards and Technology (NIST) guidelines consist of standards, guidelines, and best practices to manage cybersecurity-related risk. This is a flexible and cost-effective approach that helps to promote the protection and resilience of our IT. These standards have also been adopted by the U.S. Government in all of their IT procurements.

This legislation will require that any state government purchase of computer hardware shall meet NIST standards and best practices for computer security. Pennsylvania must demonstrate the capability to fight these adversaries who are perpetually launching cyberattacks and to do that, we must utilize the best tools and procedures that are on the market. 

Please join me in cosponsoring this important legislation.

Previous cosponsors were Senators Pennycuick, Costa, J. Ward, and Culver