The House State Government Committee approved Tuesday legislation that aims to improve cybersecurity protections for Pennsylvania.
The bill, House Bill 1704, would further empower the Office of Information Technology (OIT). It would ensure that Pennsylvania’s cybersecurity standards at least match industry standards, require more frequent testing of our security systems and create a committee that would meet quarterly to evaluate emerging cyber threats. The bill also grants the OIT director additional elements of financial oversight.
“When I first took office, it was obvious our cybersecurity systems were in dire need of updating,” Rep. Kristin Phillips-Hill (R-York), one of the primary sponsors of the bill, said. “Three years later, little has changed, as evidenced by the recent security breaches at the Department of Health, Bureau of Vital Statistics, Department of Corrections, and Department of Education that exposed Pennsylvanians’ personal information and left part of the Legislature (the Senate Democrat Caucus) unable to conduct business for more than a month. We are seriously underestimating the damage cyberattacks could inflict.”
The bill was amended in committee to include House Bill 2610, which would require state agencies to negotiate in IT contracts that vendors only receive payment for verified billable hours.
“Amending my House Bill 2610 into this already comprehensive bill serves to further guard residents’ vital information but also protects taxpayers’ dollars,” Reps. Seth Grove (R-York), who sponsored Bill 2610, said. “During the past two years, we have seen disturbing examples of contracts running late and well over cost. In some cases, such as the State Police Radio Network contract and the Department of Labor and Industry’s Unemployment Call Center contract; the state never received a working product after spending hundreds of millions of taxpayers’ dollars.”
House Bill 1704 now goes to the full House for consideration.