Task Force on Cybersecurity and Privacy Work Group

Dec. 5, 2022, San Diego (Prior to NCSL Forecast '23 Meeting) | Agenda

Session Resources:

• Governance Issues in Artificial Intelligence
  
  • AI in State Government (slides), NASCIO, Doug Robinson
• Cyber Center of Excellence 
  • Cybersecurity in the San Diego Region (slides), CCOE, Pat Sullivan
• California Age-Appropriate Design Code Act
  • California AB 2273 (slides), NetChoice, Carl Szabo
• NASCIO Update
  • States at Risk: State Cybersecurity in a Heightened Risk Environment (slides), NASCIO, Doug Robinson

July 31, 2022, Denver (Invitational Prior to NCSL's Legislative Summit) | Agenda

Session Resources:

• Cybersecurity Workforce Solutions
  • Cybersecurity Workforce Solutions (slides), Louisiana, Monique Appeaning
  • La. Rev. Stat. 17:3138.9. Louisiana Cybersecurity Talent Initiative Fund; Cybersecurity Education Management Council
• State Privacy Laws: Keeping Security at the Forefront
  • The Relationship Between Data Privacy and Cybersecurity (slides), Jim Dempsey (bio)
  • Cybersecurity Law Fundamentals, Jim Dempsey, 2021
• Bridging the Gap Between Technology and Privacy Policymaking
  • IEEE Digital Privacy Initiative (slides), Kent Lambert (bio)
  • Privacy by Design: The Seven Foundational Principles, Ann Cavoukian, Ph.D.; Rep. Elkins (bio)
• Federal Cybersecurity Grant Update
  • State and Local Cybersecurity Grant Program (slides), Bess Mitchell, CISA
• Trends in State Privacy Laws
• Trends in State Privacy Laws (slides), David Stauss (bio), Husch Blackwell
• Dark Patterns
  • Dark Patterns: A Progress Report (slides), Will Rinehart (bio), The CGO
  • Bringing Dark Patterns to Light: An FTC Workshop, April 29, 2021
  • Public Comment, “Bringing Dark Patterns to Light,” FTC Workshop, The CGO, May 28, 2021
• Connecticut Privacy Law
  • 2022 S.B. 6, Public Act 22-15 (Personal Data Privacy and Online Monitoring)
  • Gov. Lamont Signs Legislation Enacting a Comprehensive Consumer Data Privacy Law
• Ethical and Responsible Data Stewardship
  • Ethical Data Stewardship (slides), Sarah Alt (bio), Michael Best & Friedrich LLP

NCSL Resources

• State Laws Related to Digital Privacy
• 2022 Consumer Data Privacy Legislation
• 2022 Cybersecurity Legislation
• Data Security Laws - Government
• Data Security Laws - Private Sector

May 19-20, 2022, Seattle | Agenda

Session Resources:

• Al, Algorithms and Trust
  • Washington Automated Decision-Making Workgroup, Final Report
  • Katy Ruckle's presentation
  • BSA Framework to Promote Trust in Artificial Intelligence
  • Christian Troncoso's presentation
• Privacy and Data Sharing Agreements
  • Washington S.B. 5432, concerning cybersecurity and data sharing in Washington state government.
  • Katy Ruckle's presentation
• State Cybersecurity Centers and State-Local Collaboration
  • Sen. Scott DeLano's presentation
  • Sean McSpaden's presentation
• Cybersecurity Grant Program Update
  • State Associations Feedback to CISA on Cyber Grant Program
• Safe Harbor for Cybersecurity Best Practices
  • Utah Cybersecurity Affirmative Defense Act, 2021 H.B. 80
• Spotlight on Utah Consumer Privacy Act
  • Utah Consumer Privacy Act (2022 S.B. 227)
• The Internet of Things and the Internet of Bodies
  • Assembly Member Jacqui Irwin's presentation: California's Internet of Things Security Requirement
  • California IoT security law, enacted in 2018, and AB 2392, from 2022
  • NIST White Paper: Recommended Criteria for Cybersecurity Labeling for Consumer Internet of Things (IoT) Products and general standards for federal procurement
  • The Internet of Bodies: Opportunities, Risks and Governance, RAND

Virtual Task Force Meeting, March 25, 2022 | 1-3 p.m. ET | Agenda

(Open to task force members and sponsors only.)

No session resources/handouts available.

Virtual Task Force Meeting, June 18, 2021 | 1-3 pm ET | Agenda

Session Resources:

• CISA Services Catalog | CISA (connect with field personnel and request CISA’s services)
• Digital Crimes Unit: Ransomware (Kemba Walden's presentation)
• A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force, Institute for Security + Technology, April 2021
• Managing Cyber Threats through Effective Governance, CIS, CTG, NGA and NCSL
• Laws Addressing Ransomware and Computer Extortion, NCSL
• Speaker Biographies

Dec. 3, 2020 | Cybersecurity Task Force Virtual Meeting | 1-4 p.m. ET | Agenda

(Open to Task Force members and sponsors only)

Handouts:

• Speaker biographies
• 2020 Deloitte-NASCIO Cybersecurity Study – States at Risk: The Cybersecurity Imperative in Uncertain Times
• Meredith Ward's (NASCIO) presentation
• North Carolina Statewide Information Security Threat Management & Incident Response Program
• North Carolina 2019-200 H.B. 217

Sept. 22-25, 2020 | Privacy Week

Privacy Week examined policy issues including consumer data policy, government data usage, and the intersections between data privacy and cybersecurity. Links to blogs, podcasts, and virtual meetings are available on the Privacy Week web page.

June 25 and 26, 2020 | Cybersecurity Task Force Virtual Meeting—Virtual Cyber Range Experience

This virtual event, held with the IBM X-Force Command Center, allowed attendees to participate in a simulation of how a breach unfolds in real time. It showcased the attack vectors that healthcare, life sciences, education, and government organizations experience every day. The event covered security best practices and tactics, the importance of implementing a security strategy and the leadership skills required to deal with a major security issue.

Resources:

• IBM Security Learning Academy
  Hundreds of no cost training tutorials and hands on labs
• IBM's no cost X-Force Exchange Threat Intelligence
  A threat intelligence sharing platform that you can use to research security threats, to aggregate intelligence, and to collaborate with peers.
• The Cyber Range Experience (by task force member, Terri Clark, Kansas) July 2020

May 28, 2020 | Cybersecurity Task Force Virtual Meeting—Ransomware Resistance | Agenda

Presentations

• Representative Giovanni Capriglione's (Texas) presentation
• Yejin Jang and Jonathan Jesse's (Forescout) presentation

Other Resources

• NCSL Computer Crime Statutes - Ransomware and Computer Extortion

April 28, 2020 | Cybersecurity Task Force Virtual Meeting | Agenda

Presentations

• Federal and State Updates, NCSL
• Doug Robinson's presentation: State IT Update: COVID-19 Response and Recovery
• Bradford Wilke (speaker) biography
• NCSL Joint Letter urging the inclusion of direct funding to states, territories and localities specifically for addressing cybersecurity and IT infrastructure needs due to the global impact of the novel coronavirus (COVID-19).

Dec. 9, 2019 | JW Marriott Phoenix Desert Ridge, Phoenix, Ariz. (Prior to the NCSL Capitol Forum) | Agenda

Presentations

• Michael Willis' presentation: Key Takeaways from the 2018 Ransomware Attack on the Colorado Department of Transportation
• MauriceTurner's presentation: Election Security: How Information (and Misinformation) Play a Role,
• Daniel Salvo's presentation: Foreign Efforts to Undermine American Democracy - Implications beyond Washington

Session Resources

• CISA's Cyber Essentials
• NCSL: Election Security: What Legislators (and Others) Need to Know
• NCSL LegisBrief: State and Federal Efforts to Enhance Cybersecurity

Aug. 4, 2019 | NCSL Legislative Summit, Nashville, Tenn. | Agenda

May 22, 2019 | Archived Recording: NCSL Webinar: Cybersecurity Inside Legislatures

Jan. 18, 2018 | NCSL Executive Committee Meeting, New Orleans | Agenda

Session Resources:

• Cyber Liability Insurance
  NAMIC PowerPoint | PDF
  NAMIC Understanding Evolving Cybersecurity Standards Landscape for Insurers
• Louisiana's IT Consolidation
  NASCIO PowerPoint | PDF

July 30, 2018 | NCSL Legislative Summit, Los Angeles | Agenda | Printable Agenda

May 11, 2018 | NCSL Executive Committee Meeting, Denver | Final Agenda

Session Materials:

• Budgeting for Cybersecurity
  • Budgeting for Cybersecurity Guide
• Case Study: Oklahoma IT Unification
  • IT Modernization in State Government Drivers, Challenges and Successes
• Case Study: Colorado Cybersecurity Funding--Strategy First
  • Information Security Assessment
• Colorado's National Cybersecurity Center
  • Cybersecurity...Hope for the Future
• Employee Training and Security Awareness
  • COMPTIA – Recognizing Security Risks Associated with Human Error and Safeguarding your Business
  • COMPTIA – Building Smarter Cities and Communities
  • The Changing Face of IT Security in the Government Sector
  • Cyber Security Attack Methods-Terms
  • IBM X-Force Threat Intelligence Index 2017: The Year of the Mega Breach
  • 2017 Cost of Data Breach Study
  • Employee Training & Security Awareness
  • Security Essentials
• State and Federal Legislative Update
  • Federal Update
  • State Update

Dec. 12, 2017 | NCSL Capitol Forum, Coronado, Calif. | Final Agenda

Session Materials

• The Intersection of Cybersecurity and Autonomous Vehicles
  • Presentation: Automated Driving Systems: A Vision for Safety, NHTSA
  • NHTSA Autonomous Vehicle Cybersecurity Guidance
• A New World: Blockchain
  • Presentation by Richard Morris, Department of Financial and Professional Regulation, Illinois
  • NCSL: Blockchain Technology: An Emerging Public Policy Issue, LegisBrief, Nov. 2017
• Defending Democracy Against Cybersecurity Attacks
  • NCSL Blog Post

Aug. 6-9, 2017 | NCSL Legislative Summit, Boston | Agenda

July 14, 2017 | Webinar: Cybertechnology and the Law

New technologies are outpacing the laws that govern their use. In this archived webinar, hear how cybersecurity, cybercrime and other technology issues can be addressed with legislation that will stand the test of time.

April 21, 2017 | Task Force meeting in conjunction with the NCSL Spring Executive Committee Meeting, Santa Fe | Agenda

Presentations

• Cybersecurity Federal Update
• New Mexico Tech Cybersecurity Workforce Development
• Oregon Legislative Fiscal Office (LFO)
• Security Budget Development
• Shadow IT
• State Cybersecurity Legislation
• Unsuccessful Cyber Attack-Georgia

Jan. 27, 2017 | Joint Webinar With NGA’s Policy Academy on Enhancing State Cybersecurity: “Engaging State Lawmakers”

This webinar featured our task force co-chairs and discussed bridging the communication gap between the executive and legislative branches.

• NGA-NCSL Joint Webinar Staff Notes

Dec. 5-6, 2016 | NCSL Capitol Forum | Cybersecurity Task Force Pre-Conference Agenda

Presentations

• Cybersecurity and the Role of Mobile Financial Transactions
• Digital Identities to Enable State Programs
• Security Readiness Assessment (Oracle)

Oct. 21, 2016 | NCSL/NASCIO Webinar on the State of the States Chief Information Security Officer Biennial Survey

This webinar explored collaboration efforts between executive agency CISOs and Legislators.

• PowerPoint Presentation

Aug. 7, 2016 | Chicago in Conjunction With the NCSL Legislative Summit.

• Agenda
• Speaker Biographies
• Meeting Summary

Presentations

• CompTIA Security Overview
• Department of Homeland Security Cyber Resilience Review
• Department of Homeland Security: Managing Cyber Risk
• Federal Cybersecurity Workforce Strategy
• Minnesota Cybersecurity at a Glance
• Minnesota Risk Management Foundation: Cyber Security at a Glance
• Minnesota Risk Management Foundation
• Multi-State Information Sharing & Analysis Center
• National Centers of Academic Excellence in Cyber Defense (NICE)
• National Initiative for Cybersecurity Education (NICE)
• Naval Academy Center for Cyber Security Studies
• Two Tools for Cybersecurity: Risk Assessment and Data Analytics

June 22, 2016 | Conference Call With Department of Homeland Security on Cybersecurity Information Sharing Act of 2015

• Presentation

May 20-21, 2016 | Executive Committee Task Force on Cybersecurity, Minneapolis | Agenda

Presentations

• Cybersecurity Task Force Meeting Summary
• Speaker Biographies
• Cybersecurity Federal Update
• Cybersecurity: A National Asset and Homeland Security Priority
• Cybersecurity Survey of State Legislators & Staff
• Cyber Threats and Motivations
• State Government at Risk: Time to Move Forward
• State Cybersecurity Laws and Legislation

• April/May 2020
• February/March 2020
• December 2019/Jan. 2020
• August/September 2019
• June/July 2019
• March/April 2019
• January/February 2019
• November/December 2018
• October 2018
• September 2018
• August 2018
• July 2018
• June 2018
• May 2018
• April 2018
• March 2018
• February 2018
• January 2018
• November/December 2017
• September/October 2017

• Walmart
• Amazon
• American Institute of CPAs
• AT&T
• Consumer Data Industry Association (CDIA)
• CTIA - The Wireless Association
• Equifax
• Google
• NCTA - The Internet & Television Association 
• NEC
• Oracle
• RELX
• Okta

Please contact NCSL staff for information about sponsorship levels and benefits. 

• State Associations Feedback to CISA on Cyber Grant Program (December 2021)
• Managing Cyber Threats through Effective Governance (October 2020)
• Budgeting for Cybersecurity (January 2018)
• Cybersecurity Conversation Guide: Executive Branch, Legislative Branch and Higher Education (February 2017)
• Legislator Privacy Guide and Glossary of Privacy Terms (November 2021)

NCSL Resources

• Cybersecurity Legislation 2022 
• Data Security Laws - Government
• Data Security Laws - Private Sector
• Computer Crime Statutes
• The DOTGOV Online Trust in Government Act, Nov. 2019 (memo)
• The Case for IT Consolidation, April 2018 (article)
• Cyber Education and Training
• Identity Theft Statutes

External Resources

• Don't Get Duped! National Cybersecurity Center
• The National Institute of Standards and Technology’s (NIST) one-page flyer on data protection and cybersecurity to help protect against ransomware attacks. (April 29, 2020)
• Cybersecurity & Infrastructure Security Agency (CISA) (Aug. 9, 2019)
• How can US state governments help ensure a secure digital society?, Microsoft on the Issues blog, July 27, 2018
• From Policy to Practice: Strengthening Cybersecurity in State Governments, Microsoft white paper, July 27, 2018
• Cyber Tips for Elected Officials and Candidates (April 2017)
• Curriculum Guidelines for Post-Secondary Degree Programs in Cybersecurity (April 2017)
• Healthy Living, Healthy Agency: A Healthy Cyber Lifestyle (February 2018)
• AT&T Security Budget Development (Oct. 31, 2017)
• The Tech Jobs Conundrum: Tools for Bridging the Confidence Gap (September 2017)
• Cybersmart Buildings: Securing Your Investments in Connectivity and Automation (February 2017)
• 2016 NASCIO Cybersecurity Study
• Congressional Cybersecurity Caucus
• MS-ISAC (Multi-State Information Sharing & Analysis Center)
• U.S. Department of Homeland Security, Cybersecurity Division
• Cyber Supply Chain Security and Potential Vulnerabilities within U.S. Government Networks, June 15, 2015

Federal Activities

• America’s Data Held Hostage: Case Studies in Ransomware Attacks on American Companies, Senate Homeland Security and Governmental Affairs Committee, March 24, 2022
• Federal Bureau of Investigation’s Internet and Crime Complaint Center (IC3) 2021 report
• Selected Federal Agencies Need to Coordinate on Requirements and Assessments of States, U.S. GAO, May 27, 2020
• The DOTGOV Online Trust in Government Act, November 2019 (memo)
• Cybersecurity Legislation in 115th Congress (March 16, 2017)
• S. 516 State Cyber Resiliency Act Bill Summary (March 10, 2017)
• HR 1224 is a new bill on the NIST cybersecurity framework. (March 6, 2017)
• CISA Law: Section (C) Authorization for Sharing or Receiving Cyber Threat Indicators or Defensive Measures (March 6, 2017)
• Cybersecurity Legislation in the 115th Congress (March 15, 2017)

State Practice

• Virginia Ransomware Study Report, (January 2021)
• California A.B. 1906, Security of Connected Devices, Press Release (October 2018)
• Cyber Event - Sen. DiPalma to hold 1st Annual Cyber Hygiene Event with Congressman Langevin on Oct. 18 
• Ohio data center case study
• Washington Cybercrime Bill (Sept. 1, 2016)