This bill amends several sections of the Code of West Virginia to enhance the state's cybersecurity program and clarify the responsibilities of the Chief Information Security Officer (CISO). It establishes the West Virginia Cybersecurity Office, which will be led by the CISO and is tasked with setting cybersecurity standards and managing the cybersecurity framework for state agencies. The bill specifies that the provisions apply to all state agencies, with certain exemptions, and introduces new definitions related to cybersecurity, including "cybersecurity program review" and "user." It also outlines the powers and duties of the CISO, including the development of policies, procedures, and standards for an enterprise cybersecurity program, as well as the establishment of minimum training requirements for users of state networks.

Additionally, the bill modifies the responsibilities of information custodians, requiring them to participate in annual cybersecurity program reviews and adhere to established cybersecurity standards. It exempts certain sensitive information from public disclosure to protect the state's technology infrastructure and mandates that the CISO report annually on the status of the cybersecurity program to the Joint Committee on Government and Finance and the Governor. The bill aims to strengthen the state's cybersecurity posture and ensure that all relevant entities are equipped to manage cyber risks effectively.

Statutes affected:
Introduced Version: 5A-6B-1, 5A-6B-2, 5A-6B-3, 5A-6B-4, 5A-6B-5, 5A-6B-6