In the near future, I will introduce legislation to strengthen and enhance our state’s information technology (IT) systems and cybersecurity.

The failure of the Commonwealth to competently manage IT projects is abundantly clear in the State Police Radio project as well as the Unemployment Compensation (UC) Call Centers. Additionally, the Departments of Human Services, Corrections, and Education (Teacher Information Management System) all had data breaches that exposed the names and personal information of thousands of individuals, including citizens of this Commonwealth and state employees. These data breaches came on the heels of the cyberattack that caused the Department of Human Services Bureau of Vital Statistics computer system for birth certificates and death certificates to go offline from June 20 through June 26 of 2018. This greatly impeded Pennsylvanians’ access to essential documents with no explanation. More recently, the Department of Labor and Industry experienced a “bank hijacking” scheme where unemployment claimants had money stolen from their accounts. This “hijacking” lasted months before it was discovered.  Too many times, government is the last to respond to IT related issues, which often results in wasting of taxpayer money. 

As cyberattacks within the United States from hackers or hostile nations continue to increase, Pennsylvania state government must begin to update its security. This bill requires all state agencies to adopt new cybersecurity standards created by the director which must, at least, match industry best practices. The state CIO is also required to develop a two-year schedule to test the cybersecurity capabilities of all state agencies which are to be paid for by the respective agency. These cybersecurity audits/assessments are to be performed by a nationally recognized organization in the field of cybersecurity. 

The bill also establishes a new committee on cybersecurity which is to be comprised of members of the House and Senate and its IT staff members. Additionally, the committee will include members of the administration, state row officers and the Administrative Office of the Pennsylvania Courts and its IT staff. This committee will meet quarterly to hear testimony on emerging threats and current policy. The committee will then issue an annual report which will include policy recommendations to the governor, House and Senate leadership along with the Pennsylvania Court Administrator. 

We must guard against and close potential points of entry for cyber attackers. Their disruptive actions shut down the progress of government, waste taxpayer time and money, and imperil the safety and security of every Pennsylvanian. 

Please join me in cosponsoring this important legislation.