Cybersecurity Legislation 2017

12/29/2017

Cybersecurity is a growing concern for government and the private sector. It has enormous implications for government security, economic prosperity and public safety.

States are addressing cybersecurity through various initiatives, such as providing more funding for improved security measures, requiring government agencies or businesses to implement specific types of security practices, increasing penalties for computer crimes, addressing threats to critical infrastructure, and more.

2017 Introductions: At least 42 states introduced more than 240 bills or resolutions related to cybersecurity. Some of the key areas of legislative activity include: 

  • Improving government security practices.
  • Creating commissions, task forces and studies.
  • Providing funding for cybersecurity programs and initiatives.
  • Targeting computer crimes.
  • Restricting public disclosure of sensitive security information.
  • Promoting workforce, training, economic development:.

2017 Cybersecurity Legislation

21 states have 1-5 disasters, 20 states have 6-10 disasters and 8 states have 11 or more disasters AL AK AZ AR CA CO CT DC DE FL GA HI IL IN IA KS KY LA ME MA MD MI MN MS MO MT NE NV NH NJ NM NY NC ND OH OK OR PA RI SC SD TN TX UT VA WA WV WI WY VT ID PR AS GU MP VI

LEGEND:

Enacted

Adopted

Introduced

No legislation

Powered By StateNet

2017 Enactments: At least 28 states enacted legislation in 2017 (as indicated by bill status in bold below).

NOTE: Please check individual legislative websites for the most current status, summaries and versions of bill text.

StateNet logoLexis Nexis Terms and Conditions

2017 Cybersecurity Legislation

Alabama

H.R. 88
Status: Adopted
Urges protection of the nation's electric power grid from dynamic cyber threats.

H.J.R. 89
Status: Failed - adjourned.
Urges protection of the nation's electric power grid from dynamic cyber threat.

Arkansas

H.B. 1311
Status: Enacted, Act 169
Concerns the emergency powers of the bank commissioner, relates to cyberattacks and cybersecurity breaches.

S.B. 466             
Status: Failed
Provides for the Department of Information Systems general improvement appropriation.

S.B. 493             
Status: Failed
Amends the definition of the offense of computer fraud to include extortion using ransomware.

Arizona

H.B. 2451          
Status: Failed
Relates to government, relates to passwords, relates to data encryption.

S.B. 1219           
Status: Failed - adjourned.
Relates to automatic voter registration, relates to database, relates to public agencies.

California

A.B. 276             
Status: Pending
Requests the Regents of the University of California, the Chancellor's Office of the California state University, the Chancellor's Office of the California Community Colleges and independent higher education institutions to complete a report that evaluates the state of cybersecurity education and training programs, and to determine the extent to which the state is meeting the workforce needs of the cybersecurity industry.

A.B. 364             
Status: Pending             
Requires the governor's Office of Business and Economic Development to complete a study that would evaluate the economic impact of California's cybersecurity industry.

A.B. 405             
Status: Pending             
Authorizes the Board of Governors of the California Community Colleges to establish a statewide baccalaureate degree cybersecurity pilot program at not more than 10 community college districts.

A.B. 475
Status: Enacted, Chapter 193
Amends existing law that requires state agencies to report to the department a summary of its actual and projected information technology and telecommunications costs and to report to the department a summary of its actual and projected information security costs. Requires that both of these summaries be submitted on or before a specified calendar date each year. 

A.B. 650             
Status: Pending             
Requires the Director of Technology to develop, tailor, and subsequently review and revise baseline security controls for the state based on emerging industry standards and baseline security controls published by the National Institute of Standards and Technology. Requires that the director's annual performance report also assess and measure the state's progress toward developing, tailoring, and complying with the state baseline security controls.

A.B. 1186          
Status: Pending             
Declares the intent of the Legislature to enact legislation relating to cybersecurity.

A.B. 1306          
Status: Vetoed by Governor.            
Establishes in statute the California Cybersecurity Integration Center (CaI-CSIC) within the Office of Emergency Services to develop a cybersecurity strategy for California in coordination with the Cybersecurity Task Force. Requires that the Department of Technology be included in the cyber attack response portion of the state Emergency Plan.

A.B. 1359          
Status: Pending             
Requires a critical infrastructure business that experiences a breach of security and is required by federal law to disclose that breach to also disclose to the Office of Emergency Services in a form specified by the Office.

S.B. 327             
Status: Pending 
Requires a manufacturer that sells or offers to sell any device, sensor, or other physical object that is capable of connecting to the Internet, directly or indirectly, or to another connected device, to equip the device with certain security features that protect it from unauthorized access, destruction, use, modification, or disclosure, and to design the device to indicate when it is collecting information and to obtain consumer consent before it collects or transmits information.

Colorado

H.B. 1069          
Status: Failed - adjourned.             
Concerns the creation of a subcommittee to address information security, charges the subcommittee to consider strategies for protecting data and other information resources of the state against unauthorized access, disclosure, use, modification, or destruction.

S.B. 40
Status: Enacted, Chap. 286
Concerns public access to government files with details of security arrangements or investigations or the physical and cyber assets of critical infrastructure.

S.B. 196
Status: Enacted, Chap. 61
Concerns the improvement of the Department of Law's information technology security.

S.B. 304             
Status: Enacted, Chap. 252
C
oncerns the authority of the Joint Technology Committee; regards data privacy and cybersecurity within state agencies, and may coordinate with the Colorado cybersecurity council.

Connecticut

H.B. 5974          
Status: Failed
Concerns computer extortion, establishes the crime of computer extortion.

H.B. 6439          
Status: Failed
Concerns ransomware, defines ransomware and make it a crime to knowingly install ransomware on a computer.

H.B. 7221
Status: Enacted, Public Act No, 17-211.
Concerns access to water planning information; provides access to information that is needed for water planning purposes while adhering to prudent security considerations. Makes confidential cybersecurity plans and measures, supervisory control and data acquisition systems, information and communications systems, system access codes and specifications, vulnerability assessments, internal security audits, security manuals, security training or security reports.

H.B. 7304          
Status: Enacted, Public Act No, 17-223.             
Concerns computer extortion by use of ransomware, establishes the crime of computer extortion by the use of ransomware.

Delaware

H.B. 180
Status: Enacted, Chap. 129
Amends Chapter 12B of Title 6 to update Delaware's law regarding computer security breaches by doing the following; creates a requirement that any person who conducts business in Delaware and maintains personal information must safeguard that information; updates the definition of breach of security by including the unauthorized access, use, modification, or disclosure of personal information and the information that is included in the definition of personal information

Florida

H.B. 501            
Status: Enacted, Chap. 2017-109.
Relates to public records and meetings, information technology and postsecondary education institutions, creates an exemption from public records requirements for certain records held by a state university or Florida College System institution which identify detection, investigation, or response practices for suspected or confirmed information technology security incidents, creates an exemption from public records requirements for certain portions of risk assessments, evaluations, audits, and other reports of a university's information technology security program.

H.B. 2891          
Status: Failed             
Provides an appropriation for cybersecurity skills training.

H.B. 5301          
Status: Vetoed by governor.
Relates to state agency information technology reorganization, creates Office of Technology and Data Solutions within Department of Management Services (DMS), terminates Agency for state Technology, transfers agency powers, duties, records, offices, contracts, and funds to office, provides powers, duties, and functions of office, transfers state data center from agency to Department of Management Services (DMS), revises state data center duties, creates state Cybersecurity Task Force.

S.B. 110             
Status: Failed             
Relates to public records and public meetings, creates an exemption from public records requirements for certain records held by a state university or Florida College System institution which identify detection, investigation, or response practices for suspected or confirmed information technology security incidents, creates an exemption from public records requirements for certain portions of risk assessments, evaluations, audits, and other reports of a university or institution.

Georgia

H.B. 44
Status: Enacted, Act 37
Makes and provides appropriations for the operation of the state government and its departments, boards, bureaus, commissions, institutions, and other agencies, including for cyber insurance premiums and cyber terrorism.

S.R. 318        
Status: Pending  - Carryover
Creates the Senate Cyber Challenge Study Committee.

S.R. 454        
Status: Pending - Carryover      
Creates the Senate Cyber Security Education Study Committee.

Hawaii

H.B. 598            
Status: Pending - Carryover                
Authorizes the University of Hawaii to participate in and contribute funding for activities related to the development of a Hawaii cyber ecosystem and other related aspects of cyber security.

H.B. 1089 
Status: Pending - Carryover
Provides that the state of Hawaii, as a strategic location in the Pacific, have all information necessary to guard against those who would do harm to the country and to the state; provides that the Hawaii state Fusion Center be fully staffed and supported; adds the fusion center as a program under the existing Office of Homeland Security; establishes the position of director of the fusion center who shall be responsible to the Director of Homeland Security and accountable to manage the day-to-day operations of the center.

S.B. 955             
Status: Pending - Carryover              
Relates to homeland security, adds the fusion center as a program under the existing Office of Homeland Security, establishes the position of director of the fusion center who shall be responsible to the director of homeland security and accountable to manage the day-to-day operations of the fusion center.

Iowa

H.B. 366            
Status: Pending - Carryover      
Provides for state employee cyber security briefings for certain travel outside the country.

H.B. 445
Status: Enacted
Relates to the confidentiality of information relating to cyber security and critical infrastructure, relates to the authority of utilities to make temporary rate changes.

H.B. 558
Status: Pending - Carryover
Designates a chief technology officer and a chief information security officer for the state. The chief technology officer shall have responsibility for enterprise technology strategy, including information technology services, information technology platforms, information architecture, system integration, and technology innovation. The chief information security officer shall have responsibility for enterprise information security, including information technology continuity of operations and disaster recovery, information security awareness, information security policy and standards, and information security monitoring and oversight.

H.B. 601
Status:  Enacted.
Provides for the confidentiality of certain cyber security and critical infrastructure information developed and maintained by a government body, relates to information and records concerning physical infrastructure, cyber security, critical infrastructure, security procedures, or emergency preparedness developed, and maintained, or held by by a government body for the protection of life or property.

HSB 76
Status: Pending - Carryover. 
Provides for confidentiality of infrastructure information and records relating to the safeguarding of critical infrastructure systems such as telecommunications, electric, water, sanitary sewage, storm water drainage, energy, hazardous liquid, and natural gas, held by the department and the utilities board confidential from public disclosure. This includes “cyber security information”, defined in the bill as including but not limited to information relating to cyber security defenses, threats, attacks, or general attempts to attack cyber system operations.

HSB 185
Status: Pending - Carryover    
Provides for the confidentiality of certain cyber security and critical infrastructure information developed and maintained by a government body.

S.B. 417             
Status: Failed 
Relates to public utilities and other infrastructure, includes the confidentiality of certain information relating to cyber security or critical infrastructure, the authority of utilities to make temporary rate changes, and presiding officers at public information meetings held for electric transmission line franchise petitions.

SSB 1045 
Status: Pending - Carryover. 
Provides for confidentiality of infrastructure information and records relating to the safeguarding of critical infrastructure systems such as telecommunications, electric, water, sanitary sewage, storm water drainage, energy, hazardous liquid, and natural gas, held by the department and the utilities board confidential from public disclosure. This includes “cyber security information”, defined in the bill as including but not limited to information relating to cyber security defenses, threats, attacks, or general attempts to attack cyber system operations.

Idaho

E.O. 2      
Presents findings of the Idaho Cybersecurity Cabinet Task Force.

Illinois

H.B. 2371          
Status: Enacted, Public Act. No. 40.
Amends the Data Security on state Computers Act, requires certain state employees to annually undergo training by the Department of Innovation and Technology concerning cybersecurity, allows the department to make the training an online course, requires the training to include detecting phishing scams, preventing spyware infections and identity theft, and preventing and responding to data breaches, allows the department to adopt rules to implement the program.

H.B. 3158          
Status: Pending
Requires public water utilities operating in this state to file annually to the Commerce Commission a report analyzing the risk and vulnerability of the state's water supply to cyber attack, specifies the information to be provided in the report, requires the reports to be submitted to the Commission by a specified date of each year, and for the Commission to post the reports on its publicly accessible website, allows the Commission to adopt rules to implement.

H.B. 3737          
Status: Pending             
Creates the Government Cybersecurity Review Act, creates the Division of Cybersecurity Inspection within the Department of Innovation and Technology, provides that the Division shall review all websites operated by certain state agencies to determine whether cybersecurity flaws and data breach risks exist, provides that, if the Division finds that a flaw or data breach risk exists, the Division may issue an order to the state agency to cease operation of the website until certain requirements are met.

HJR 27
Status: Pending             
Creates the Cybersecurity Task Force to study the status, progress, and future of cybersecurity.

HJR 59
Status: Pending
Creates the International Cybersecurity Task Force within the Commerce Commission to review the Joint Analysis Report from the U.S. Department of Homeland Security and the Federal Bureau of Investigation dated December 29, 2016 and entitled Grizzly Steppe - Russian Malicious Cyber Activity and develop strategies to either implement or reject the report recommendations; makes changes to who is to appoint to Co-Chair of the Task Force and to the membership of the committees.

Indiana

H.B. 1001
Status: Enacted, Public Law 217-2017
Provides for the state biennial budget, provides for capital expenditures, health funds, state owned buildings, an open data hub, higher education appropriations, gaming integrity fund appropriations, a law enforcement academy fund, biosciences research grants, airline funding, military retirement and survivor's benefit income tax deductions, venture capital investment tax credits, highway funds, the fish and wildlife fund, hospital and health facility quality assessment fees and other matters.

H.B. 1318
Status: Enacted, Public Law 148-2017
Relates to insurance, provides that a United States Postal Service intelligent mail bar code tracking record or certificate of mailing to be used as proof of mailing, requires a resident insurance producer to complete at least twenty-four hours of credit in continuing education courses.

Kansas

S.B. 86
Status: Sent to Governor. (Provisions related to disclosure of cybersecurity threats were amended out of final version.)
Relates to Kansas Open Records Act and openness in government.

S.B. 204             
Status: Pending             
Enacts the Kansas cybersecurity act.

Louisiana

HCR 121
Status: Adopted.
Requests the office of technology services to perform a risk assessment of the state's information technology infrastructure.

Massachusetts

H.B. 2668          
Status: Pending             
Relates to legislation to provide procurement preference to vendors that carry cybersecurity insurance.

H.B. 2813          
Status: Pending             
Relates to the security of personal financial information.

H.B. 2814          
Status: Pending             
Relates to amending certain statutes pertaining to data security breaches and calling for an investigation by a special commission on cybersecurity to assess the various threats across the Commonwealth.

H.B. 3365          
Status: Pending             
Establishes a task force to study the need for increased cyber security within government agencies.

H.B. 3731
Status: Enacted; Chapter 64
Reorganizes the information technology function to improve data security, safeguard privacy, and promote better service delivery

S.B. 149             
Status: Pending             
Relates to the security of personal financial information.

S.B. 2060
Status: Pending
Relates to forming a special senate committee to review and make recommendations for the state to improve its cyber security readiness, enhance technological responses to homeland security and public safety threats, and further protect financial, medical and other sensitive information.

S.B. 2076
Status: Pending
Makes appropriations for the Fiscal Year 2018 for the maintenance of the departments, boards, commissions, institutions, and certain activities, including an initiative to promote and expand the cybersecurity sector in the state.

S.D. 2187
Status: Pending
Establishes a Special Senate committee on cyber security readiness.

S.B. 2091
Status: Pending
Submits the majority report on the Governor's Reorganization Plan Number 2 of 2017, an act to reorganize the information technology function of the Commonwealth and to improve data security, safeguard privacy, and promote better service delivery.

Maryland

H.B. 150
Status: Enacted, Chap. 150
Makes the proposed appropriations contained in the state Budget.

E.O. 22
Delegates the responsibility to maintain and improve a cybersecurity plan for State Government to the Director of Homeland Security or the Director's designee. Provides that the Cybersecurity Plan improve the processes and procedures designed to shield State Government from Cyber-hazards, and to manage and minimize the consequences of such Cyber-hazards. A draft Cybersecurity Plan is subject to review or revision by the Governor and shall be presented to the Governor by the end of May 2018.

H.B. 340            
Status: Failed.
Prohibits the creation of or unauthorized introduction into a computer, computer system, or computer network of unauthorized software designed to restrict access or use by an authorized user for the purpose of extorting money, property, or anything of value from another, establishes that a violation is a felony with up to 10 years imprisonment and up to a $10,000 fine, provides that a person who has suffered a specified injury because of a specified violation may bring a civil action in a specified court.

H.B. 347            
Status: Failed 
Expands the authorized uses of the Cybersecurity Investment Fund and the Enterprise Fund within the Maryland Technology Development Corporation to include authorizing specified companies to use funding received from the Fund to assist in the repayment of higher education loans owed by employees of the company who meet specified income limits.

H.B. 378            
Status: Failed - Adjourned
Alters the eligibility criteria under the cybersecurity investment incentive tax credit to provide the credit to a specified qualified investor in a specified qualified Maryland cybersecurity company, extends the termination date of the credit.

H.B. 435            
Status: Failed 
Requires specified state and local governmental units to secure by encryption specified personal information of an individual that the unit has collected in computerized form.

S.B. 170             
Status: Failed - Adjourned
Makes the proposed appropriations contained in the state Budget for the fiscal year ending June 30, 2018, in accordance with Article III, Section 52 of the Maryland Constitution.

S.B. 286             
Status: Failed - Adjourned
Requires that the statewide information technology master plan developed by the Secretary of Information Technology include a cybersecurity framework, requires that the Secretary consider materials developed by the National Institute of Standards and Technology in developing or modifying the cybersecurity framework.

S.B. 318             
Status: Failed - Adjourned
Alters the eligibility criteria for the cybersecurity investment incentive tax credit to provide the credit to a certain qualified investor in a certain qualified state cybersecurity company rather than providing the credit to the company, alters the definition of "company" to include an entity that becomes duly organized and existing under certain laws and for a certain purpose within a certain time period, provides for the recapture of the credit under certain circumstances.

S.B. 405             
Status: Failed 
Prohibits the creation of or unauthorized introduction into a computer, computer system, or computer network of unauthorized software designed to restrict access or use by an authorized user for the purpose of extorting money, property, or anything of value from another, establishes that a violation is a felony with up to 10 years imprisonment and up to a $10,000 fine, provides that a person who has suffered a specified injury because of a specified violation may bring a civil action in a specified court.

S.B. 525             
Status: Failed - Adjourned
Requires a specified business, when destroying an employee's or a former employee's records that contain specified personal information of the employee or former employee, to take specified steps to protect against unauthorized access to or use of the information, alters the circumstances under which a specified business that owns, licenses, or maintains computerized data that includes specified personal information must conduct a specified investigation and notify specified persons of a specified breach.

Maine

H.B. 743            
Status: Failed.
This resolve directs the Commissioner of Administrative and Financial Services to convene a cybersecurity commission.

LR 1393              
Status: Failed - adjourned.  
Establishes a cybersecurity commission.

Michigan

H.B. 4313
Status: Enacted, Chap. 108
Amends the school aid act of 1979; provides or a school of excellence that is a cyber school, as defined, and a pupil's participation in the cyber school's educational program is considered regular daily attendance; provides for a district or public school academy, a pupil's participation in a virtual course as defined is considered regular daily attendance.

H.B. 4323

Status: Enacted, Act. No. 107
Appropriates funds for cyber security staffing, hardware, and support costs. Requires the department to identify specific outcomes and performance measures, including, but not limited to, the following: (a) Reduce the number of cyber threats based on the daily attacks to prevent data breaches during the fiscal year ending September 30, 2018. (b) Reduce the risk of cyber vulnerabilities for application, data, and network during the fiscal year ending September 30, 2018. (c) Increase awareness of cyber threats and the preventative steps for citizens, businesses, and employees during the fiscal year ending September 30, 2018. Provides that the department shall maintain the staffing and resources necessary to support the cyber section, including the Michigan cyber command center, the computer crimes unit, and the internet crimes against children task force.

H.B. 4368          
Status: Pending             
Provides for omnibus budget bill.

H.B. 4369          
Status: Pending             
Provides for omnibus appropriations for school aid, higher education and community colleges.

H.B. 4508          
Status: Signed by Governor. Chapter 132.             
Creates Michigan cyber civilian corps.

H.B. 4697
Status: Pending
Expands the definition of disaster to include a cybersecurity incident.

H.B. 4973
Status: Pending
Exempts public body records, documents or information disclosable under freedom of information act, including cybersecurity plans, assessments or vulnerabilities.

S.B. 149
Status: Pending
Relates to the school aid appropriations budget, including providing for cyber schools and for grants to school districts for expanded opportunities to improve computer science skills in grades 6 to 12 by participating in cybersecurity competitive events.

S.B. 217             
Status: Pending             
Provides omnibus appropriations or school aid, higher education and community colleges.

S.B. 218             
Status: Pending             
Provides omnibus executive recommendation bill.

S.B. 632
Status: Pending
Adds a section to the Management and Budget Act to create a Cybersecurity Council and outlines council membership and duties. 

S.B. 633
Status: Pending
Adds a section to the Management and Budget Act to create a Cybersecurity Council and outlines council membership and duties. 

Minnesota

H.B. 691            
Status: Pending  - Carryover       
Relates to state government, requires monthly reports related to the employee gainsharing system, appropriates money for the legislature, governor's office, state auditor, attorney general, secretary of state, certain agencies, boards, councils, retirement funds, military affairs, and veterans affairs, cancels and reduces of certain appropriations, requires a base budget report, establishing districting principles, establishes the Legislative Budget Office.

H.B. 1080          
Status: Pending  - Carryover            
Relates to state government, changes provisions governing state government operations and military veterans policy, appropriates money.

H.B. 1896          
Status: Pending  - Carryover    
Relates to state government, establishes a Legislative Commission on Cyber Security, provides legislative appointments.

H.B. 2298          
Status: Pending  - Carryover    
Relates to state government, establishes a Legislative Commission to Review Consolidation of the state's Information Technology, requires a report. Provides that the commission may close a meeting when necessary to safeguard the state's cyber security.

H.B. S 1 a
Status: Enacted, Chap. 4
Relates to the operation of state government; appropriates money for the legislature, governor's office, state auditor, attorney general, secretary of state, certain agencies, Appropriates funds to the Office of MN.IT Services, and provides that the state chief information officer must prioritize the use of appropriations provided to enhance cybersecurity across state government.

S.B. 605             
Status: Vetoed by governor            
Relates to the operation of state government, appropriates money for the legislature, governor's office, state auditor, attorney general, secretary of state, certain agencies, boards, councils, retirement funds, provides for cancellation of certain appropriations, precludes agencies from transferring money to the governor's office for services, constrains the state auditor's use of funds for litigation expenses.

S.B. 798             
Status: Pending  - Carryover  
Relates to state government, changes provisions governing state government operations and military veterans policy, appropriates money.

S.B. 1251           
Status: Pending  - Carryover      
Relates to state government, establishes a Legislative Commission on Cyber Security, provides legislative appointments.

S.B. 1709           
Status: Pending  - Carryover    
Relates to state government, establishes a Legislative Commission to Review Consolidation of the state's Information Technology, requires a report.

Missouri

H.B. 741            
Status: Failed - Adjourned.            
Specifies that commercial insurers are exempt from filing rates and policy forms with respect to certain lines of commercial insurance, relates to rates and policy forms rates and policy forms for a single commercial policy holder exceed a specified amount and the commercial policyholder employs a full-time risk manager or has retained a licensed insurance producer to negotiate on its behalf or sold as a stand-alone policy, provides for temporary reinstate for a limited time the requirements.

S.B. 386             
Status: Failed - Adjourned.           
Exempts certain types of commercial insurance lines from filing requirements with respect to rates and policy forms.

Mississippi

H.B. 999
Status: Enacted, Chap. 316
Establishes the enterprise security program, provides for the coordinated oversight of the cybersecurity efforts across all state agencies, requires the Department of Information Technology Services to provide centralized management and coordination of state policies for the security of data and information technology resources, prescribes the responsibilities of MDITS with regard to administering the provisions of the program, prescribes the responsibilities of each state agency's executive director.

H.B. 1570          
Status: Failed
Authorizes the governing authorities of the city of Biloxi, Mississippi, to establish a nonprofit, community based corporation to be known as Biloxi Biometrics and Cybersecurity Center, Inc., authorizes such authorities to acquire, purchase and/or construct a biometrics and nanotechnology research and development center, creates a public-private partnership with private for-profit and nonprofit research and development firms and institutions.

Montana

E.O. 12
Concerns an amendment to executive order creating the Montana Information Security Council.

Nebraska

L 247  
Status: Pending - Carryover.
Provides for school district levy and bonding authority for cybersecurity.

Nevada

A.B. 325             
Status: Failed.        
Creates the Task Force on the Modernization of state Government.

A.B. 471             
Status: Enacted, Chap. 307          
Creates the Nevada Office of Cyber Defense Coordination within the Department of Public Safety; provides for the powers and duties of the office; requires the Nevada Commission on Homeland Security to consider a certain report of the office when performing certain duties; provides for the confidentiality of certain information concerning cybersecurity; requires certain state agencies to comply with the provisions of regulations adopted by the office.

S.B. 200             
Status: Enacted, Chap. 597          
Requires certain pupils to receive instruction in computer education and technology, authorizes a pupil to apply credit received for certain courses in computer science to fulfill requirements for graduation from high school, admission to college and eligibility for the Millennium Scholarship, requires the Advisory Council on Science, Technology, Engineering and Mathematics to appoint a subcommittee on computer science to make recommendations concerning instruction in computer education and technology.

S.B. 395             
Status: Failed
Makes various changes relating to the cybersecurity of critical infrastructure.

New Hampshire

H.B. 25               
Status: Enacted, Chap. 2017-228           
Makes appropriations for capital improvements for the biennium and extends certain lapse dates for previous appropriations, makes appropriations for capital improvements.

New Jersey

A.B. 2265         
Status: Pending             
Creates New Jersey Cybersecurity Commission, appropriates funds.

A.B. 2800          
Status: Pending             
Directs the state Treasurer to establish state Government Electronic Payment Security Standards.

A.B. 2873          
Status: Failed            
Requires completion of a computer science class as part of the high school graduation requirements, provides that each public school enrolling students in grades nine through 12 shall offer a course in computer science, including instruction in computational thinking, computer programming, appropriate use of the Internet, development of Internet web pages, data security and the prevention of data breaches, ethical matters in computer science and the global impact of advancements in computer science.

A.B. 3464          
Status: Pending             
Requires Economic Development Authority to establish program offering low-interest loan to certain financial institutions and personal data businesses to protect business's information technology system from customer personal information disclosure.

A.B. 4936
Status: Pending
Requires state, county, and municipal employees and certain state contractors to complete cybersecurity awareness training.

AJR 118        
Status: Pending             
Urges Secretary of state to assure Legislature and public that state's electoral system is protected from foreign computer hackers.

S.B. 808             
Status: Pending             
Creates the New Jersey Cybersecurity Advisory Board, relates to cybersecurity information sharing and preparedness.

S.B. 1028           
Status: Pending             
Clarifies crime of unlawful access concerning certain password protected communications in electronic storage.

S.B. 1403           
Status: Pending             
Requires the Secretary of state to establish a secure Internet website for online voter registration, authorizes use of digitized signatures from New Jersey Motor Vehicle Commission's database.

S.B. 2485           
Status: Pending             
Requires completion of a computer science class as part of the high school graduation requirements.

S.B. 2834           
Status: Enacted, Chap. 2017 - 133.       
Concerns the Water Quality Accountability Act, imposes certain testing, reporting, management, and infrastructure investment requirements on water purveyors. Requires water purveyors to develop a cybersecurity program that defines and implements organization accountabilities and responsibilities for cyber risk management activities, and establishes policies, plans, processes, and procedures for identifying and mitigating cyber risk to its public water system. As part of the program, a water purveyor shall conduct risk assessments and implement appropriate controls to mitigate identified risks to the public water system, maintain situational awareness of cyber threats and vulnerabilities to the public water system, and create and exercise incident response and recovery plans.

SJR  78          
Status: Pending             
Urges Secretary of state to assure Legislature and public that state's electoral system is protected from foreign computer hackers.

New Mexico

S.B. 380                              
Status: Enacted, Chap. 93
Relates to military affairs, authorizes activation of the National Guard in the case of cybersecurity threats, places limits on the authority exercised pursuant to such activations, prohibits the incurrence of debt for such activations.

New York

A.B. 2765          
Status: Pending             
Amends the Penal Law, relates to creating the crime of cyber terrorism and calculating damages caused by computer tampering, provides that cyber terrorism shall be a class B felony.

A.B. 3004                         
Status: Enacted, Line Item Vetoed, Chap. 54
Makes appropriations for the support of government, amends a chapter of the laws of 2017 enacting the aid to localities budget and amends a chapter of the laws of 2017 enacting the state operations budget, in relation to the support of government.

A.B. 3311          
Status: Pending             
Relates to cyber terrorism in the first and second degree.

A.B. 3448          
Status: Pending             
Requires the formation of a cyber security advisory board and the implementation of a cyber security initiative.

A.B. 3451          
Status: Pending             
Requires a comprehensive review of all cyber security services to be performed every five years.

A.B. 4422          
Status: Pending             
Amends the Banking Law, requires lending institutions to supply customers with PINs to be used in conjunction with any chip-embedded credit card.

A.B. 5232          
Status: Failed 
Amends the General Business Law, relates to the protection of personal information by businesses.

A.B. 5496          
Status: Pending             
Relates to cyber crimes and identity theft, increases penalties for certain acts involving use of personal information, fraud, tampering, theft and use of a computer to commit crimes.

A.B. 7480          
Status: Pending             
Enacts the New York Grid Modernization Act to address the aging infrastructure, establishes the grid modernization program, defines terms, creates the smart grid advisory council, makes related changes.

A.B. 7781 
Status: Pending
Amends the Tax Law; relates to a business tax credit for purchase of data breach insurance.

A.B. 7916
Status: Pending
Establishes the ethical standards for state agency contractors act. Provides that contractors shall be responsible for the security of any system relating to nonpublic information whether such system is maintained electronically or otherwise.

A.B. 7997
Status: Pending
Amends the General Business Law; relates to the protection of personal information by businesses.

A.B. 8501
Status: Pending
Directs the Commissioner of the Division of Homeland Security and Emergency Services to work with other experts who maintain experience and knowledge in the area of cyber security to develop a cyber security action plan for New York State.

A.B. 8674
Status: Pending
Amends the Tax Law; relates to offering a tax credit to employers who pay for their employees to acquire an associate of applied science in computer security from a SUNY or CUNY school. 

S.B. 924             
Status: Pending             
Requires the formation of a cyber security advisory board and the implementation of a cyber security initiative.

S.B. 926             
Status: Pending             
Requires a comprehensive review of all cyber security services to be performed every five years.

S.B. 953             
Status: Pending             
Relates to cyber terrorism in the first and second degree.

S.B. 1563           
Status: Pending             
Relates to offenses involving theft of identity and computer tampering.

S.B. 2004           
Status: Pending             
Makes appropriations for the support of government, relates to the Capital Projects Budget.

S.B. 2406           
Status: Pending             
Relates to cyber crimes and identity theft, increases penalties for certain acts involving use of personal information, fraud, tampering, theft and use of a computer to commit crimes.

S.B. 3654           
Status: Pending             
Relates to offenses involving thefts of identity.

S.B. 4615           
Status: Pending             
Amends the Tax Law, relates to a business tax credit for purchase of data breach insurance.

S.B. 5492                            
Status: Enacted, Chap. 24
Enacts into law major components of legislation which are necessary to implement the state fiscal plan for the 2017-2018 state fiscal year.

S.B. 5946
Status: Pending
Directs the commissioner of the division of homeland security and emergency services to work with other experts who maintain experience and knowledge in the area of cyber security to develop a cyber security action plan for New York state.

North Carolina

S.B. 394
Status: Pending
Establishes the Legislative Cybersecurity Committee.

North Dakota

H.B. 1075          
Status: Failed   
Provides an appropriation for defraying the expenses of the various divisions under the supervision of the director of the office of management and budget, provides for various transfers, relates to oil and gas allocations, provides an exemption, provides a statement of legislative intent, declares an emergency.

H.B. 1104                         
Status: Enacted, Chap. 241
Relates to the governor's authority to call out the national guard, includes cyber attacks.

H.B. 1106                           
Status: Enacted, Chap. 243
Relates to disasters and emergencies, relates to critical industry sectors that provide essential lifeline services, relates to disasters including cyber attacks.

H.B. 1108                         
Status: Enacted, Chap. 309
Relates to the availability of records involving security and cyber attacks, provides that unless made confidential, records received by the state department of emergency services from the federal government and any public or private agency or entity for disaster mitigation, preparation, response, and recovery, or for cyber threat are exempt from certain provisions.

Ohio

S.B. 220
Status: Pending
Enacts certain provisions of the Revised Code relating to safe harbor; provides a legal safe harbor to covered entities that implement a specified cybersecurity program.

Oregon

H.B. 3221
Status: Failed - Adjourned.
Requires the state Chief Information Officer to develop, in collaboration with state agencies and Secretary of state, state Treasurer and Attorney General, curriculum and materials for training state employees in information security; specifies criteria for curriculum and materials; requires state agencies and Secretary of state, state Treasurer and Attorney General to implement information security training for state employees annually or as conditions otherwise warrant.

S.B. 90
Status: Enacted, Chap. 513
Transfers information technology security functions of certain state agencies in executive branch to state Chief Information Officer, establishes Oregon Cybersecurity Center of Excellence in office of state Chief Information Officer, establishes Oregon Cybersecurity Fund, continuously appropriates moneys in fund to office of state Chief Information Officer for operation of Oregon Cybersecurity Center of Excellence and for certain initiatives.

S.B. 120
Status: Failed - Adjourned.
Subjects the office of Secretary of state and office of state Treasurer to authority of state Chief Information Officer concerning information systems security matters.

SCR 12
Status: Failed - Adjourned.      
Declares policy of state of Oregon concerning cybersecurity risks and need for proactive cybersecurity risk management.

Pennsylvania

H.B. 32               
Status: Pending             
Amends the act of April 9, 1929 (P.L.177, No.175), known as The Administrative Code of 1929, in organization of departmental administrative boards and commissions and of advisory boards and commissions, provides for Cybersecurity Innovation and Excellence Commission.

H.B. 1704
Status: Pending
Amends Title 71 of the Pennsylvania Consolidated Statutes, providing for information technology; establishes the Office of Information Technology and the Information Technology Fund; provides for administrative and procurement procedures; provides for the Legislative Cybersecurity Oversight Committee; imposes penalties.

H.R. 565
Status: Adopted
Recognizes the month of October 2017 as "Cybersecurity Awareness Month."

S.B. 308             
Status: Pending             
Amends the Breach of Personal Information Notification Act, provides for title of act, for definitions and for notification of breach, prohibits employees of the state from using non secured Internet connections, provides for a policy and for entities subject to the Health Insurance Portability and Accountability Act of 1996.

S.B. 427             
Status: Pending             
Amends Vehicles of the Pennsylvania Consolidated Statutes, in operation of vehicles, provides for highly automated vehicles and platooning testing. Addresses cybersecurity intrusions.

S.B. 914
Status: Pending
Amends Title 71 of the Pennsylvania Consolidated Statutes; provides for information technology; establishes the Office of Information Technology and the Information Technology Fund; provides for administrative and procurement procedures and for the Legislative Cybersecurity Oversight Committee; imposes penalties.

Rhode Island

H.B. 5543          
Status: Pending             
Prohibits unauthorized access to confidential information from a computer, computer program, computer system, or computer network with the intent to either view, obtain, copy, or download any confidential information, establishes that violations would be a felony.

H.B. 5954          
Status: Pending             
Would require all state, municipal and quasi-public departments to protect information contained in their computer systems by complying with the criteria set forth in a publication (800-171) put out by the US Department of Commerce's National Institute of Standards and Technology (NIST). It gives the departments 18 months after passage of the act to comply. Also in furtherance of this end, the act would exempt all discussion and activity from the open meetings law. This act would take effect upon passage.

South Carolina

H.B. 3427          
Status: Pending    
Enacts the Computer Science Education Initiative, provides that public high schools and charter high schools shall offer certain computer science coursework, requires the state Board of Education to adopt and ensure implementation of grade-appropriate standards for computer science and computational thinking for public school students in kindergarten through twelfth grade, Provides for the office of the governor to establish criteria and processes for science, technology, engineering and math regions.

H.B. 3720          
Status: Enacted, Act No. 97.     
Makes appropriations and to provide revenues to meet the ordinary expenses of state government for the fiscal year beginning July 1, 2017, regulates the expenditure of such funds, furthers provide for the operation of state government during this fiscal year and for other purposes.

Texas

H.B. 342a (First special session)
Status: Failed-Adjourned
Relates to cybersecurity for elections.

H.B. 8 
Status: Enacted, Chap. 683.
Relates to cybersecurity for state agency information resources, requires the commission and its staff to consider specified criteria in determining whether a public need exists for the continuation or the functions of a state agency or its advisory committees.

H.B. 9 
Status: Enacted, Chap. 684.
Relates to cybercrime, creates criminal offenses, defines terms.

H.B. 138
Status: Failed - Adjourned.
Creates the Fiscal Risk Management Commission to study, among other issues, the effect of power outages caused by acts of cyberterrorism. 

H.B. 787            
Status: Failed - Adjourned.          
Relates to the security of the electric grid.

H.B. 788            
Status: Failed - Adjourned.           
Relates to enhancing the security of the electric grid, makes an appropriation.

H.B. 1048          
Status: Failed - Adjourned.           
Relates to the acknowledgment by management of risks identified in state agency information security plans.

H.B. 1604          
Status: Failed - Adjourned.   
Relates to an acknowledgement of vulnerabilities and risks in a state agency's information security plan.

H.B. 1605          
Status: Failed - Adjourned.
Relates to the powers and duties of the Department of Information Resources regarding cybersecurity.

H.B. 1861          
Status: Enacted, Chap. 1042.    
Relates to the confidentiality of certain information related to a computer security incident.

H.B. 2192          
Status: Failed - Adjourned.        
Relates to comprehensive information security assessments on state agency information resources and network systems and digital data storage and security.

H.B. 3593          
Status: Enacted, Chap 1088.          
Relates to instruction in career and technology education provided by public schools, including instruction in technology applications, cybersecurity, and computer coding, and to consideration of completed practicums and internships in school accountability ratings. Provides that a district may offer a course in cybersecruity that is approved by the board of trustees for credit without obtaini9ng State Board of Education approval if the district partners with a public or private institution of higher education.

H.B. 4141          
Status: Failed - Adjourned.   
Relates to commercial insurance rates and forms.

SCR 1a (First special session)
Status: Failed - Adjourned.   
Requests a joint interim committee to study the security of the state electric grid, including cybersecurity threats.

S.B. 99a (First special session)
Status: Failed-Adjourned
Relates to cybersecurity for elections.

S.B. 56
Status: Failed - Adjourned.      
Relates to the acknowledgment by management of risks identified in state agency information security plans.

S.B. 83
Status: Failed - Adjourned. 
Relates to protection of energy critical infrastructure from electromagnetic, geomagnetic, terrorist, and cyber-attack threats.

S.B. 532
Status: Enacted, Chap. 555
Relates to reports on and purchase of information technology by state agencies; provides definitions; relates to information security; requires an inventory of the agencies servers, mainframes and other information technology equipment; provides for identification of vendors that operate and manage the information technology infrastructure.

S.B. 564             
Status: Enacted, Chap. 560
Relates to the applicability of open meetings requirements to certain meetings of a governing body relating to information technology security practices.

S.B. 1020           
Status: Failed - Adjourned.             
Relates to cybercrime, creates criminal offenses.

S.B. 1470           
Status: Failed - Adjourned.    
Relates to the Powers and duties of the Department of Information Resources regarding cybersecurity.

S.B. 1477           
Status: Failed - Adjourned.            
Relates to ransomware, creates a criminal offense.

S.B. 1910
Status: Enacted, Chap. 955.
Relates to state agency information security plans, information technology employees, and online and mobile applications.

SCR 55
Status: Failed - Adjourned.
Requests the lieutenant governor and the speaker of the house of representatives to create a joint interim committee to study the security of the state electric grid, including cyberthreats.

Utah

H.B. 80               
Status: Enacted, Chap. 238
Amends provisions related to state technology governance, eliminates divisions within the Department of Technology Services, assigns duties formerly assigned to divisions within the Department of Technology Services to the Department and the chief information officer within the Department, directs the chief information officer to appoint a chief information security officer.

H.B. 319            
Status: Enacted, Chap. 258       
Amends provisions related to executive branch agency information security technology, requires the Department of Technology Services to assess each executive branch agency's information security technology, requires the Department of Technology Services to develop recommendations to address the results of the assessment and make recommendations to the Legislature.

S.B. 118             
Status: Enacted, Chap. 462
Amends criminal provisions relating to cybercrime and making a false report, modifies the elements, penalties, and defenses for computer crime, makes it a crime to interrupt or interfere with critical infrastructure, amends and enacts reporting requirements relating to computer crime or the interruption of, or interference with, critical infrastructure, amends provisions relating to raising a false alarm or filing a false report, amends the elements of electronic communication harassment.

Virginia

H.B. 30                              
Status: Enacted, Chap. 780
Provides for appropriations of the budget submitted by the governor of Virginia in accordance with the provisions of Section 2.2-1509, Code of Virginia, provides a portion of revenues for the two years that end respectively on the thirtieth day of June, 2017, and the thirtieth day of June, 2018.

H.B. 509            
Status: Failed
Relates to security of government information, relates to creation of the position of Chief Information Security Officer, creates the position of the Chief Information Security Officer of the Commonwealth (CISO), provides the full-time, classified position is appointed by the governor and reports to the Chief Information Officer of the Commonwealth, the CISO is responsible for the security of government information and applications in the Commonwealth.

H.B. 799          
Status: Failed
Relates to income tax subtractions and credits for investments in technology businesses, modifies the qualified equity and subordinated debt investments tax credit by increasing the maximum amount of credits that can be issued each year, allocating the annual increase in credits to cybersecurity businesses, and allowing credit for investments in technology businesses with no more than a specified number of full-time employees.

H.B. 817                           
Status: Enacted, Chap. 620
Relates to the Commonwealth Freedom of Information Act, relates to record exclusions, relates to the rule of redaction, provides provisions for public records that contain both excluded and nonexcluded information and the duty redact those records, provides only portions of a record subject to exclusion may be withheld and all portions thereof not excluded shall be disclosed.

H.B. 834                             
Status: Enacted, Chap. 779
Relates to Commonwealth Growth and Opportunity Act, relates to report, establishes the Commonwealth Growth and Opportunity Board to administer grants from the Commonwealth Growth and Opportunity Fund for regional economic and workforce development projects, provides that regional councils will be established across the Commonwealth, consisting of representatives of government and the business and education communities, and councils may submit applications for collaborative projects in their region.

H.B. 922            
Status: Failed - Adjourned
Relates to computer trespass, relates to government computers and computers used for public utilities, increases the Class 1 misdemeanor computer trespass crimes if the computer targeted is one that is exclusively for the use of, or used by or for, the Commonwealth of Virginia, a local government within the Commonwealth, or certain public utilities.

H.B. 929            
Status: Failed
Relates to promotion of cybersecurity in the Commonwealth, initiates several efforts to promote economic development, research and development, and workforce development of the cybersecurity industry in the Commonwealth, creates two new matching grant funds, adds one administered by the Innovation and Entrepreneurship Investment Authority for private entities that collaborate with one or more public institutions of higher education on research and development related to cybersecurity.

H.B. 1013          
Status: Enacted, Chap. 554
Relates to threat assessment teams of local school boards, excludes from the Commonwealth Freedom of Information Act any records received by the Department of Criminal Justice Services pursuant to the operation of or for the purposes of evaluating threat assessment teams and oversight committees, school safety audits, school crisis, emergency management, and medical emergency response plans of public schools and threat assessment teams of public institutions of higher education.

H.B. 1138          
Status: Failed - Adjourned
Relates to the Racketeer Influenced and Corrupt Organization Act, relates to computer crimes, relates to penalties, adds crimes contained in the Virginia Computer Crimes Act as qualifying offenses under the Virginia Racketeering Influenced and Corrupt Organization Act, provides that such crimes include computer fraud, computer trespass, transmission of spam, and theft of computer services.

H.B. 1343          
Status: Enacted, Chap. 775
Relates to research and development, creates the Research Investment Fund to promote research, development, and commercialization efforts with a high potential for economic development, relates to higher education, job creation, and cooperation and collaboration among higher education research institutions and with the private sector, in areas and with activities that foster economic development, provides for funding criteria, procedures, and administration.

H.B. 1539          
Status: Enacted, Chap. 778
Relates to Virginia Freedom of Information Act (FOIA), relates to public access to records of public bodies, provides for personal contact information that is excluded from FOIA's mandatory disclosure provisions in certain cases, includes email addresses and telephone numbers, clarifies that a requester has the right to inspect records or receive copies at his option, provides exceptions for personnel records of public employee disputes.

H.B. 1806          
Status: Failed
Relates to income tax subtractions and credits for investments in technology businesses, modifies the qualified equity and subordinated debt investments tax credit by increasing the maximum amount of credits that can be issued each year from $5 million to $7.5 million, allocating the $2.5 million annual increase in credits to cybersecurity businesses, and allowing credit for investments in technology businesses with no more than 50 full-time employees.

H.B. 1815          
Status: Enacted, Chap. 562
Relates to computer trespass, government computers and computers used for public utilities, increases Class 1 misdemeanor computer trespass crimes to a Class 6 felony if the computer targeted is one that is exclusively for the use of, or used by or for, the Commonwealth, a local government within the Commonwealth, or certain public utilities, includes telephones, wireless, oil, electric, gas, sewer, wastewater, or water service to the public.

H.B. 2288          
Status: Failed
Relates to computer trespass, relates to computer invasion of privacy, relates to penalty, relates to civil relief, makes it a Class 5 felony for a person to maliciously install or cause to be installed a computer program that takes control of or restricts access to another computer or computer network, or data therein, and demand money or anything else of value to remove the computer program, provides that restore control of or access to the computer or computer network, or data therein.

H.B. 2360                           
Status: Enacted, Chap. 664
Relates to the Virginia Information Technologies Agency, relates to procurement of information technology, relates to compliance with federal laws and regulations pertaining to information security and privacy, requires the Chief Information Officer of the Virginia Information Technologies Agency to develop policies, standards, and guidelines to control unauthorized uses.

HJR  692        
Status: Failed 
Relates to study, relates to Joint Legislative Audit and Review Commission, relates to Commonwealth's cybersecurity standards, relates to report, directs the Joint Legislative Audit and Review Commission to evaluate the Commonwealth's current policies, procedures, and standards for assessing cybersecurity risks and protecting the electronic information of all branches of state government from unauthorized uses, intrusions, and other security threats.

S.B. 494                              
Status: Enacted, Chap. 716
Relates to Freedom of Information Act, relates to record exclusions, relates to rule of redaction, relates to no weight accorded to public body's determination, reverses the holding of the Commonwealth's Supreme Court in a related court case, provides that, by setting out the general rule of redaction, which provides that no provision of Freedom of Information Act is intended, nor shall it be construed or applied, authorizes a public body to withhold a public record.

S.B. 645             
Status: Enacted, Chap. 717
Relates to Freedom of Information Act (FOIA), exempts records concerning critical infrastructure information, provides that any public body receiving a request for records excluded under existing law shall notify the Secretary of Public Safety and Homeland Security or his or her designee of such request and the response made by the public body in accordance with existing law, defines critical infrastructure information.

S.B. 747             
Status: Failed
Relates to promotion of cybersecurity in the Commonwealth, initiates several efforts to promote economic development, research and development, and workforce development of the cybersecurity industry in the Commonwealth, creates two new matching grant funds.

S.B. 900             
Status: Failed
Relates to Budget Bill, amends Chapter 780, 2016 Acts of Assembly.

S.B. 1090           
Status: Failed
Relates to computer trespass, relates to computer invasion of privacy, relates to penalty, relates to civil relief, makes it a Class 5 felony for a person to maliciously install or cause to be installed a computer program that takes control of or restricts access to another computer or computer network, or data therein, and demand money or anything else of value to remove the computer program, provides that restore control of or access to the computer or computer network, or data therein.

S.B. 1138           
Status: Failed
Relates to computer trespass, relates to government computers and computers used for public utilities, relates to penalty, increases the Class 1 misdemeanor computer trespass crimes to a Class 6 felony if the computer targeted is one that is exclusively for the use of, or used by or for, the Commonwealth, a local government within the Commonwealth, or certain public utilities.

S.B. 1156           
Status: Failed
Relates to Virginia Public Building Authority, relates to Military Mission Improvement and Expansion projects, authorizes the Virginia Public Building Authority to finance or assist in the financing of certain activities connected with Military Mission Improvement and Expansion projects (MMIE projects), defined by the bill as a project or projects recommended by the Commission on Military Installations and Defense Activities.

Vermont

H.B. 474            
Status: Pending             
Relates to cybercrime.

E.O. 18
Relates to the Governor's Cybersecurity Advisory Team; protects the State's computer networks; investigates criminal attacks on State computer networks and critical infrastructure system. 

Washington

H.B. 1417
Status: Enacted, Chap. 137
Concerns the harmonization of the open public meetings act with the public records act in relation to information technology security matters.

H.B. 1418          
Status: Pending - Carryover
Establishes a blue ribbon panel on cybersecurity.

H.B. 1419          
Status: Pending - Carryover           
Grants the governor authority to proclaim a state of emergency in the event of a substantial cybersecurity incident.

H.B. 1421          
Status: Pending - Carryover             
Concerns the removal of payment credentials and other sensitive data from state data networks.

H.B. 1479          
Status: Pending - Carryover       
Concerns encryption of data on state information technology systems.

H.B. 1697
Status: Pending   - Carryover           
Addresses the cybersecurity and information technology professional shortage by requiring a study of incentive methods for attracting high-demand talent in information technology and cybersecurity to state agencies.

H.B. 1829          
Status: Enacted, Chap. 149
Concerns the exemption from public disclosure of information regarding public and private computer and telecommunications networks.

H.B. 1830          
Status: Pending - Carryover         
Creates the cybersecurity conditional loan program.

H.B. 1929          
Status: Pending - Carryover               
Concerns independent security testing of state agencies' information technology systems and infrastructure by the military department.

H.B. 2086          
Status: Pending - Carryover            
Establishes a task force to address state interagency coordination in cybersecurity.

H.B. 2172          
Status: Pending - Carryover       
Concerns independent security testing of state agencies' information technology systems and infrastructure by the military department.

S.B. 5048           
Status: Pending  - Carryover      
Makes fiscal biennium operating appropriations, provides for the appropriation and authorization to be incurred for salaries, wages, and other expenses of the agencies and offices of the state and for other specified purposes for the fiscal biennium.

S.B. 5455           
Status: Pending - Carryover          
Concerns statewide cybersecurity performance.

Wyoming

D 12    
Status: Failed - Adjourned
Relates to education, amends requirements of state data security plan to ensure privacy of student data collected, requires policies for the collection, access, privacy, security and use of student data by school districts, requires school districts to adopt and enforce policies for the collection, access, privacy and use of student data, provides for an effective date.

D 56    
Status: Failed - Adjourned
Relates to against computer property, creates the criminal offense of computer extortion, specifies elements of the offense, provides penalties, expands the list of computer crimes to be investigated by the division of criminal investigation, provides for an effective date.

S.B. 33
Status: Enacted, Chap. 22
Relates to offenses against computer property, creates the criminal offense of computer extortion, specifies elements of the offense, provides penalties, expands the list of computer crimes to be investigated by the division of criminal investigation.

Puerto Rico

H.R. 257
Status: Pending             
Orders the House Committees on Finance and Public Security to investigate the information systems of the Department of the Treasury, its maintenance and the reasons for a cyber virus that caused on Monday, January 6 of 2017 the Department of the Treasury to raise about $20 million, determines if the information from taxpayers and the government hosted on the servers of the Department of the Treasury was affected as a result of this cyber virus.

H.R. 353
Status: Adopted.
Orders the House Committee on Public Safety to research the field of computer security in Puerto Rico and how new technologies can help the government safeguard the confidential information handling, security and integrity of the components of the information system.

H.R. 475
Status: Pending
Orders the House Committee on Public Safety to research the practices and policies of cyber security and of the executive departments and agencies of the government, with urgency in the Department of Treasurey, the State Department and the Department of Public Safety. 

S.R. 155
Status: Adopted
Orders the Senate Committee on Public Safety to research the existing safety measures in the information systems of the Government in order to identify the current security measures in place to prevent being attacked by a hacker or affected by any computer virus in the agencies and public corporations that expose vital information of the citizens and the government.

S.R. 158
Status: Pending             
Orders the Senate Committee on Finance of the Senate to study cyber attacks on the electronic systems of the Department of the Treasury and the Municipal Revenues Collection Center, studies the effect of this incident in the fulfilment of the functions of these agencies regarding any information, either from the Government or its taxpayers, that was affected, studies preventive measures to be established to avoid that this continues happening.

StateNet logoLexis Nexis Terms and Conditions

Additional Resources