Cybersecurity Legislation 2022

7/22/2022

digital numbers coming out of a safe

Overview

Overview

The risk of cyberattacks remains high for government and businesses in 2022, influenced by vulnerabilities caused by remote work, an increasing reliance on e-commerce, and more sophisticated bad actors. The war in Ukraine and economic sanctions against Russia also prompted serious concerns about an increased potential for malicious cyber activity.

Cyberattacks disrupted unemployment benefits in several states and ransomware attacks continue to shut down operations or impose huge costs on government, schools and colleges and businesses.  

State legislatures focusing on cybersecurity concerns in many ways in 2022, as detailed below.

2022 Introductions and Enactments

At least 40 states and Puerto Rico introduced or considered more than 250 bills or resolutions that deal significantly with cybersecurity. Twenty-four states enacted at least 41 bills in 2022 so far, as indicated in boldface in the list below. The most common enactments in 2022 will:

  • Require government agencies to implement cybersecurity training; to set up and follow formal security policies, standards and practices; to have incident response plans in place; to provide mandatory training for employees; and to report security incidents, including ransomware attacks.
  • Provide funding for cybersecurity programs and practices in state agencies, local governments and schools. (Not all cybersecurity appropriations are listed here, although significant funding or funding for specific statewide mandates or state projects may be listed.)
  • Mandate security practices related to elections.
  • Establish or support programs or incentives for cybersecurity workforce training and education programs.

Other NCSL resources address related topics such as security breach laws and legislation, privacy and other issues.

2022 Legislation

Alaska
AK HB 3
Status: Enacted
Includes cybersecurity incidents in the definition of disaster.

Arizona
AZ HB 2145
Status: Failed
Relates to governmental entities, relates to ransomware payment, relates to prohibition.

AZ HB 2584
Status: Failed
Provides that the Arizona Department of Homeland Security shall secure through a competitive bidding process an enterprise license for use by agencies of the state for security software that will integrate security into the development process and scan software code in development, production and postproduction to detect and improve security threats through specified methods, makes an appropriation.

AZ HB 2690
Status: Failed
Relates to cybersecurity risk, relates to insurance.

AZ SB 1457
Status: Failed
Relates to voting, relates to equipment, relates to internet, relates to custody, relates to violation.

AZ SB 1465
Status: Failed
Relates to voting equipment, relates to requirements, relates to records, relates to origin.

AZ SB 1598
Status: Enacted
Relates to information technology, relates to security, relates to office, relates to State Department of Homeland Security, provides power and duties of the department, defines terms, relates to suspension of budget unit's information infrastructure.

AZ SB 1642
Status: Failed
Relates to election management systems, relates to security.

California
CA AB 154
Status: Pending
Makes appropriations for the support of state government for specified fiscal year.

CA AB 183
Status: Enacted
Establishes the Cybersecurity Regional Alliances and Multistakeholder Partnerships Pilot Program to address the cybersecurity workforce gap.

CA AB 581
Status: Pending
Requires all state agencies, as generally defined, to review and implement specified National Institute of Standards and Technology (NIST) guidelines for, among other things, reporting, coordinating, publishing, and receiving information about a security vulnerability relating to information systems and the resolution thereof, no later than specified date.

CA AB 1980
Status: Pending
Relates to the statute of limitation and ransomware. Requires prosecution for that offense to commence within 3 years after the person is initially identified by law enforcement as a suspect in the commission of that offense, as specified.

CA AB 2001
Status: Pending
Authorizes a licensee under the California Financing Law (CFL) to designate an employee, when acting within the scope of employment, to perform work on the licensee's behalf at a remote location, as defined, if the licensee takes certain actions, including that the licensee prohibits a consumer's personal information from being physically stored at a remote location except for storage on an encrypted device or encrypted media.

CA AB 2135
Status: Pending
Requires state agencies to adopt and implement information security and privacy policies, standards, and procedures based upon standards issued by the National Institute of Standards and Technology and the Federal Information Processing Standards. Requires to certify, to the President pro Tempore of the Senate and the Speaker of the Assembly that the agency is in compliance with all adopted policies, standards, and procedures and to include a plan of action and milestones.

CA AB 2154
Status: Pending
Requires the board to report specified information to the Assembly Committee on Insurance and the Senate Committee on Insurance within 60 days of the request if the board of CIGA asks the California Infrastructure and Economic Development Bank to issue bonds, and annually thereafter while the bond remain outstanding. Specifies that obligations under a policy issued to cover cybersecurity are covered claims.

CA AB 2190
Status: Pending
Relates to the Office of Information Security in the Department of Technology and requirement for such office to be under the direction of a chief. Requires the chief to submit an annual statewide information security status report to the Assembly Committee on Privacy and Consumer Protection and the Senate Governmental Organization Committee, as described.

CA AB 2355
Status: Pending
Requires a school district, county office of education, and charter school to report any cyberattack, as defined, impacting more than 500 pupils or personnel to the California Cybersecurity Integration Center.

CA AB 2695
Status: Pending
Requires the statewide cybersecurity strategy to increase opportunities to meet the cybersecurity workforce demand.

CA SB 154
Status: Enacted
Makes appropriations for the support of the government of the State of California, including funding to establish and operate the Office of Elections Cybersecurity and for other cybersecurity programs.

CA SB 183
Status: Pending
Revises and recasts various provisions of the Higher Education Student Housing Grant Program, as provided, including various revisions to application criteria and process. Appropriates specified amount from the General Fund for grants under the program to be allocated, as specified. Appropriates specified amount from the General Fund for the purpose of providing planning grants for California community colleges that are exploring or determining if it is feasible to offer affordable student rental housing.

CA SB 468
Status: Pending
Includes an electromagnetic pulse attack among those conditions constituting a state of emergency or local emergency.

CA SB 844
Status: Pending
Establishes a program to award grants to eligible entities to address cybersecurity risks and cybersecurity threats to information systems owned or operated by, or on behalf of, state, local, or tribal governments. Requires the center to create four reports, to be delivered to the Legislature. Relates to federal State and Local Cybersecurity Improvement Act.

CA SB 892
Status: Pending
Requires the Office of Emergency Services to develop, propose, and adopt optional reporting guidelines applicable to companies and cooperatives in the food and agriculture industry and entities in the water and wastewater systems industry if they identify a significant and verified cyber threat or active cyberattack. Requires a report of cyberattack or cyber threat submitted pursuant to guidelines developed pursuant to these provisions to be confidential and would prohibit disclosure as a public record.

CA SB 1001
Status: Pending
Requires the center, to submit to the Legislature, as specified, a report on the feasibility and benefits of requiring credit reporting bureaus and lenders to implement new information security tactics that protect consumers from financial fraud, including requiring credit reporting bureaus or lenders to use multifactor authentication each time a new line of credit is opened or a credit report is accessed, and specified tactics related to using alternatives to social security numbers as authenticators.
Colorado
CO HB 1404
Status: Failed -
Concerns the Colorado critical infrastructure resiliency initiative.
Florida
FL HB 1147
Status: Failed
Relates to critical infrastructure standards and procedures, requires and encourages agency asset owners procuring certain components, services, or solutions or entering into contracts to require conformance with certain standards, requires agency asset owners to ensure that contracts require meet certain minimum standards, encourages asset owners to ensure that operation and maintenance of operational technology conform to certain standards and practices.

FL HB 1287
Status: Failed
Relates to public records/information held by a utility owned or operated by a unit of local government, provides exemption from public records requirements for certain information held by utility owned or operated by unit of local government, provides applicability, provides for future legislative review and repeal of exemption, provides statement of public necessity.

FL HB 2203
Status: Failed
Provides an appropriation for the CyberResilience, Security Leadership and Disaster Recovery.

FL HB 5001
Status: Enacted
Makes appropriations, provides moneys for the annual period beginning on specified date, and ending on specified date, and supplemental appropriations for the period ending on specified date, to pay salaries and other expenses, capital outlay buildings and other improvements, and for other specified purposes of the various agencies of state government.

FL HB 5003
Status: Enacted
Implements the 2022-2023 General Appropriations act, incorporates by reference certain calculations of the Florida Education Finance Program, provides that funds for instructional materials must be released and expended as required in the General Appropriations Act, extends for 1 fiscal year specified charter school capital outlay funding provisions, provides for the future expiration and reversion of specified statutory text.

FL HB 7019
Status: Failed
Relates to Open Government Sunset Review Act (OGSR)/technology systems/state university or a State college system institution, removes scheduled repeal of exemption from public records requirements for certain records held by state university or fcs institution relating to information technology security incidents and certain portions of risk assessments, evaluations, audits, and other reports of universityo or institutions information technology security program.

FL HB 7055
Status: Enacted
Relates to cybersecurity, requires the Department of Management Services, acting through the Florida Digital Service, to develop and publish guidelines and processes for reporting cybersecurity incidents, requires state agencies to report ransomware incidents and certain cybersecurity incidents to certain entities within specified timeframes, requires the Cybersecurity Operations Center to provide certain notifications to the Legislature within a specified timeframe.

FL HB 7057
Status: Enacted
Relates to public records and public meetings, provides an exemption from public records requirements for certain information related to a cybersecurity incident or ransomware incident held by a local government, state agency, or sheriff.

FL PCB 6073
Status: Failed -
Relates to cybersecurity, requires a list of reportable incidents maintained by the Division of Emergency Management to include cybersecurity incidents and ransomware incidents.

FL PCB 6075
Status: Failed -
Relates to public records and public meetings, provides an exemption from public records requirements for certain information related to a cybersecurity incident or ransomware incident held by a local government, state agency, or sheriff.

FL SB 828
Status: Failed
Relates to critical infrastructure.

FL SB 1670
Status: Failed
Relates to cybersecurity, requires specified entities to report certain computer attacks to the State Watch Office within the Division of Emergency Management, requires local governments to adopt certain cybersecurity standards by a specified date, requires the Florida Digital Service and the Florida Cybersecurity Advisory Council to develop training requirements and conduct training at certain intervals, prohibits specified offenses concerning ransomware.

FL SB 1694
Status: Failed
Relates to public records/criminal intelligence information or criminal investigative information, provides an exemption from public records requirements for criminal intelligence information or criminal investigative information that reveals means or methods that could allow unauthorized access to any electronic device, software, or network, provides for future legislative review and repeal of the exemption, provides a statement of public necessity.

FL SB 1740
Status: Failed
Relates to Public Records and Public Meetings.
Georgia
GA HR 877
Status: Failed -
Encourages the Department of Education to dedicate personnel, funds, and other resources to state wide outreach efforts to promote and improve cybersecurity education, training, and workforce development.

GA SB 596
Status: Failed -
Relates to emergency management, so as to provide for the creation of the Georgia Cyberforce, provides for a definition, provides for the purpose and duties of the cyberforce, provides for an annual report.

GA SR 741
Status: Failed -
Creates the Senate Study Committee on the Creation of a Georgia Cybersecurity Force.
Hawaii
HI HB 957
Status: Failed -
(Governor Bill Package) Establishes the State Fusion Center as a program under the Office of Homeland Security, establishes the position of State Fusion Center Director.

HI HB 2052
Status: Failed -
Prohibits government agencies, business entities, and health care entities in the state from paying or having another entity pay on its behalf ransom for cyber incidents or cyber ransom or ransomware attacks, requires all agencies and entities to report incidents and attacks to the office of homeland security, establishes penalties for violations.

HI HB 2118
Status: Failed -
Codifies the existing Hawaii State Cybersecurity program, administered by the Office of Homeland Security in partnership with specified entities, to oversee cybersecurity and cyber resiliency matters, eliminates the state cybersecurity, economic, education, and infrastructure security coordinator position.

HI SB 2427
Status: Failed -
Requires manufacturers of lot devices to equip the devices with reasonable security features regarding information collected, unauthorized access, or the destruction or use of the devices.

HI SB 3086
Status: Failed -
(Governor Bill Package) Updates and provides clarification to reflect the existence of the state cybersecurity program, which is administered by the state Office of Homeland Security, eliminates the state cybersecurity, economic, education, and infrastructure security coordinator position.
Idaho
ID HB 621
Status: Enacted
Relates to public records, provides that certain cybersecurity records are exempt from disclosure and to make technical corrections, declares an emergency.

ID HB 667
Status: Failed 
Adds to existing law to provide for program integrity and cross matching requirements, relates to Employment Security Law.
Iowa
IA D 5428
Status: Failed -
Relates to essential corporate purpose cybersecurity.

IA D 5430
Status: Failed -
Relates to affirmative defense cybersecurity.

IA D 5735
Status: Failed -
Relates to cyber ransom public sector.

IA D 6183
Status: Failed -
Relates to cybersecurity simulator.

IA HB 719
Status: Enacted
Relates to standards for data security, and investigations and notifications of cybersecurity events, for certain licensees under the jurisdiction of the Commissioner of Insurance, makes penalties applicable, includes effective date provisions.

IA HB 2288
Status: Failed -
Modifies the definitions of essential county purpose and essential corporate purpose to include cybersecurity purposes.

IA HB 2302
Status: Failed -
Relates to affirmative defenses for entities using cybersecurity programs.

IA HB 2361
Status: Failed
Establishes the cybersecurity simulation training center at the Iowa State University of science and technology, and makes appropriations.

IA HB 2461
Status: Failed -
Relates to ransomware and provides penalties.

IA HB 2555
Status: Failed -
Establishes the cybersecurity simulation training center at the Iowa State University of Science and Technology.

IA HSB 555
Status: Failed -
Relates to affirmative defenses for entities using cybersecurity programs and electronic transactions recorded by blockchain technology.

IA HSB 645
Status: Failed -
Relates to ransomware.

IA HSB 669
Status: Failed -
Establishes the cybersecurity simulation training center at the Iowa State University of Science and Technology.

IA HSB 670
Status: Failed -
Creates a cybersecurity unit within the Office of the Chief Information Officer.

IA HSB 691
Status: Failed -
Prohibits the state or a political subdivision of the state from expending revenue received from taxpayers for payment to persons responsible for ransomware attacks, includes effective date provisions.

IA SB 2049
Status: Failed -
Relates to affirmative defenses for entities using cybersecurity programs and electronic transactions recorded by blockchain technology.

IA SB 2207
Status: Failed -
Prohibits the state and political subdivisions of the state from expending public moneys for payment to persons responsible for ransomware attacks.

IA SSB 3068
Status: Failed -
Modifies the definitions of essential county purpose and essential corporate purpose to include cybersecurity purposes.
Illinois
IL HB 900
Status: Enacted
Appropriates monies to the Department of Commerce and Economic Opportunity, relates to Labor and Employment Relations, relates to Build Illinois Bond fund.

IL HB 1588
Status: Pending
Amends the Information Security Improvement Act, makes a technical change in a section concerning the short title.

IL HB 2869
Status: Pending
Amends the Local Records Act, provides that a unit of local government, acting through its governing board, may authorize the use of technology to execute its duties, or assist in the execution of certain portions of public duties, where those technologies utilize commonly accepted methods of data storage and cybersecurity, and the unit of local government otherwise continues adherence to the Local Records Act.

IL HB 3030
Status: Pending
Creates the Cybersecurity Compliance Act, creates an affirmative defense for every covered entity that creates, maintains, and complies with a written cybersecurity program that contains administrative, technical, and physical safeguards for the protection of either personal information or both personal information and restricted information and that reasonably conforms to an industry-recognized cybersecurity framework, prescribes requirements for the cybersecurity program.

IL HB 3040
Status: Pending
Creates the Insurance Data Security Act, requires any person licensed, authorized to operate, or registered as an insurer in accordance with the insurance Laws of this State to conduct a risk assessment of cybersecurity threats, implement appropriate security measures, and no less than annually assess the effectiveness of the safeguards' key controls, systems, and procedures.

IL HB 3204
Status: Pending
Amends the Information Security Improvement Act, makes a technical change in a section concerning the short title.

IL HB 3536
Status: Pending
Creates the Security of Connected Devices Act, requires manufacturers of connected devices to equip the device with security features that are designed to protect the device and any information the device contains from unauthorized access, destruction, use, modification, or disclosure.

IL HB 3731
Status: Pending
Amends the Department of Innovation and Technology Act, requires the Department of Innovation and Technology to work to ensure the security of the social media and Internet presence of state elected officials and state agencies and, to the extent possible, reserve the use of State government online accounts, whether social media or email, for use only by state officials, state agencies, and employees thereof, to prevent false personation, provides for the adoption of rules, defines false personation.

IL HB 4074
Status: Pending
Creates the Consumers and Climate First Act, provides that it is the policy of the state to transition to 100% clean energy by 2050, amends the Governmental Ethics Act, expands the information required to be provided on a statement of economic interests to include employment by a public utility, amends the Enterprise Zone Act, expands, in provisions relating to High Impact Businesses, the definition of new electric generating facility to include a new utility scale solar power facility.

IL HB 4152
Status: Pending
Amends the School Code to require a school district to report a cyber security attack to the State Board of Education as soon as school personnel determine that a breach of the school district's computer system or network has occurred, amends various Acts relating to the governance of public universities and community colleges in Illinois to require a public university or community college district to report a cyber security attack to the Department of Innovation and Technology as soon as school person.

IL HB 4653
Status: Pending
Creates the Insurance Data Security Law, sets forth provisions concerning an information security program, investigations of cybersecurity events, and notifications of cybersecurity events, provides that the Director of Insurance shall have power to examine and investigate into the affairs of any licensee to determine whether the licensee has been or is engaged in any conduct in violation of the Act.

IL HB 4725
Status: Pending
Amends the Public Utilities Act, provides that all public utilities are required to establish a security policy, provides that Commerce Commission staff shall determine entities subject to the attestation and reporting requirements, provides that each entity subject to the attestation and reporting requirements shall provide to the Commission an annual affidavit signed by a senior executive responsible for security of the regulated entity that States the entity has a security policy.

IL HB 5165
Status: Pending
Amends the Freedom of Information Act, modifies the exemptions from inspection and copying concerning cybersecurity vulnerabilities, amends the Department of Innovation and Technology Act, requires a local government official or employee to be chosen to act as the primary point of contact for local cybersecurity issues, amends the Information Security Improvement Act, requires the establishment of a cybersecurity liaison program, provides for cybersecurity training for county and municipal employees.

IL HB 5243
Status: Pending
Creates the Cybersecurity Compliance Act, creates an affirmative defense for every covered entity that creates, maintains, and complies with a written cybersecurity program that contains administrative, technical, and physical safeguards for the protection of either personal information or both personal information and restricted information and that reasonably conforms to an industry-recognized cybersecurity framework, prescribes requirements for the cybersecurity program.

IL HB 5248
Status: Pending
Creates the Insurance Data Security Act, requires any person licensed, authorized to operate, or registered as an insurer in accordance with the insurance Laws of this state to conduct a risk assessment of cybersecurity threats, implement appropriate security measures, and no less than annually assess the effectiveness of the safeguards' key controls, systems, and procedures, requires a licensee to develop, implement, and maintain a written information security program based on the licensee's risk.

IL HB 5561
Status: Pending
Appropriates a specified amount from the General Revenue Fund to the Board of Higher Education for a grant to the Institute of Technology to fund the Institute of Technology Cybersecurity Bootcamp program.

IL SB 350
Status: Pending
Amends the Freedom of Information Act, exempts from disclosure risk and vulnerability assessments, security measures, schedules, certifications, and response policies or plans that are designed to detect, defend against, prevent, or respond to potential cyber attacks upon the state's or an election authority's network systems, or records that the disclosure of which would, in any way, constitute a risk to the proper administration of elections or voter registration.

IL SB 3427
Status: Pending
Amends the Department of Employment Security Law of the Civil Administrative Code, requires the Department of Employment Security to consult with private cybersecurity experts on the best practices to identify and prevent fraudulent applications for benefits and fraudulent receipt of benefits under the unemployment insurance program and other programs administered by the Department, requires the Department to maintain a cloud-based system to detect and prevent fraud.

IL SB 3440
Status: Pending
Amends the Criminal Code of 2012, provides that a person also commits computer tampering when he or she knowingly and without the authorization of a computer's owner or in excess of the authority granted to him or her intentionally introduces ransomware onto a computer, computer system, or computer network, provides for penalties.

IL SB 3939
Status: Enacted
Provides that the principal executive officer, or his or her designee, of each municipality with a population of 35,000 or greater and of each county shall designate a local official or employee as the primary point of contact for local cybersecurity issues, provides that each jurisdiction must provide the name and contact information of the cybersecurity designee to the Department of Innovation and Technology Act and update the information as necessary.
Indiana
IN HB 1274
Status: Failed -
Relates to volunteer cyber civilian corps, establishes the State cyber civilian corps program (program), provides that the program includes civilian volunteers who have expertise in addressing cybersecurity incidents and may volunteer at the invitation of the office of technology (office) to provide rapid response assistance to a client in need of expert assistance during a recognition of a potential vulnerability that could lead to a cybersecurity incident.
Kansas
KS HB 2548
Status: Failed -
Implementing additional reporting requirements for informational technology proiects and state agencies and requiring additional information technology security training and status reports.

KS SB 267
Status: Enacted
Makes and concerns appropriations for the fiscal years ending a specified date, authorizes certain transfers, capital improvement projects and fees, imposing certain restrictions and limitations, directs or authorizes certain receipts, disbursements, procedures and acts incidental to the foregoing.
Kentucky
KY HB 474
Status: Enacted
Relates to insurance data security, provides that each licensee shall develop, implement, and maintain a comprehensive written information security program based on the licensees risk assessment that contains administrative, technical, and physical safeguards for the protection of nonpublic information and the licensees information system.

KY HR 77
Status: Adopted
Urges Congress to take appropriate steps in mitigating cyberattacks and ransomware attacks.

KY SB 298
Status: Enacted
Requires investment advisers to establish written procedures relating to a business continuity and succession plan, requires investment advisers to establishes and implement written physical security and cybersecurity policies and procedures, establishes continuing education requirements for investment adviser representatives on a specified date.
Louisiana
LA SCR 14
Status: Adopted
Establishes the Cybersecurity Redhibition Task Force.
Maryland
MD HB 5
Status: Failed -
Relates to state and local government employees and contractors and cybersecurity training.

MD HB 24
Status: Enacted
Alters certain criteria for the Cybersecurity Public Service Scholarship Program, includes increasing the number of years a recipient may hold an award, expanding the qualifying positions for a scholarship recipient to fulfill a work obligation, establishes criteria for part time students to be eligible for the scholarship, hold an award, and fulfill a work obligation, requires the State Department of Education to provide information on the Program to high school students.

MD HB 346
Status: Failed -
Concerns Department of Information Technology, relates to Oversight of Legislative Branch Information Technology.

MD HB 348
Status: Failed -
Concerns the General Assembly and Legislative Branch of State Government, provides for security training, protects security sensitive data.

MD HB 419
Status: Failed -
Codifies the establishment of the Office of Security Management within the Department of Information Technology, the position of State Chief Information Security Officer, and the Maryland Cybersecurity Coordinating Council, alters the membership of the Council, requires each unit of the Legislative Branch or Judicial Branch of State government that uses a certain network to certify certain compliance to the Department by a specified date each year.

MD HB 898
Status: Failed -
Establishes the Office of Domestic Terrorism Response within the State Department of Emergency Management for the purpose of developing strategies and resources to prepare for, prevent, and recover from domestic terrorism activities, requires the office to coordinate with federal, state, and local agencies, consult with the academic community, and work with public health professionals for certain purposes, requires by December 1 each year a report to the General Assembly on the activities of the office.

MD HB 1202
Status: Vetoed
Establishes the Cyber Preparedness Unit in the Department of Emergency Management, establishes certain responsibilities of the Unit, requires local governments to report certain cybersecurity incidents in a certain manner and under certain circumstances, requires the State Security Operations Center to notify appropriate agencies of a cybersecurity incident in a certain manner, establishes the Cybersecurity Fusion Center in the Department of Emergency Management.

MD HB 1205
Status: Enacted
Requires a certain water or sewer system to, on or before a certain date, assess its vulnerability to a cyber attack, develop a cybersecurity plan if appropriate, and submit a certain report to the General Assembly, authorizes the Water Quality Financing Administration to provide financial assistance to a public water or wastewater system to assess system cybersecurity vulnerabilities and develop a cybersecurity plan, establishes the Local Cybersecurity Support Fund as a special, nonlapsing fund.

MD HB 1284
Status: Failed -
Authorizes a credit against the State income tax for a certain small business that employs 50 or fewer employees for costs incurred by the small business during the taxable year for certain cybersecurity measures undertaken by the small business, makes the credit refundable.

MD HB 1334
Status: Failed -
Establishes the Cybersecurity Workforce Accelerator Program at the University of Maryland Baltimore County to increase the cybersecurity workforce in the State, increase the investment of the State in cybersecurity workforce programs and educational programs at certain institutions, and for other purposes related to the cybersecurity workforce in the State, requires the Department of Commerce and the Maryland Department of Labor to assist in administering the Accelerator Program as necessary.

MD HB 1339
Status: Failed
Authorizes the Department of Emergency Management to take action to reduce the disaster risk and vulnerability of critical infrastructure, establishes the Critical Infrastructure Cybersecurity Grant Program in the Department to leverage certain funds to make cybersecurity improvements to critical infrastructure, alters the duties and staffing requirements of the Public Service Commission to include cybersecurity, authorizes the Office of People's Counsel to retain or hire an expert in cybersecurity.

MD HB 1346
Status: Vetoed
Establishes the Office of Security Management within the Department of Information Technology, establishes certain responsibilities and authority of the Office of Security Management, establishing the Cybersecurity Coordinating Council, requires the Secretary of Information Technology to develop and maintain a statewide cybersecurity strategy, requires certain IT units to certify compliance with certain cybersecurity standards.

MD SB 4
Status: Enacted
Alters certain criteria for the Cybersecurity Public Service Scholarship Program, including increasing the number of years a recipient may hold an award, expanding the qualifying positions for a scholarship recipient to fulfill a work obligation, and establishing criteria for part time students to be eligible for the scholarship, hold an award, and fulfill a work obligation, requires the State Department of Education to provide information on the Program to high school students.

MD SB 107
Status: Failed -
Relates to state government, provides cybersecurity training for state and local government employees and contractors.

MD SB 162
Status: Failed -
Relates to Public Schools with regards to the Cyber Safety Guide and Training Course Development, Implementation, and Reporting.

MD SB 207
Status: Enacted
Establishes certain cybersecurity standards applicable to insurance carriers, including health maintenance organizations and third party administrators, requires a carrier to take certain actions related to cybersecurity, including developing, implementing, and maintaining a certain information security program, identifying certain threats, and establishing a certain incident response plan, requires a carrier to notify the Insurance Commissioner that a cybersecurity event occurred.

MD SB 290
Status: Enacted
Makes the proposed appropriations contained in the State Budget for the fiscal year ending on specified date, in accordance with Article III, Section 52 of the Maryland Constitution, relates to appropriations and budgetary provisions.

MD SB 390
Status: Failed -
Codifies the establishment of the Office of Security Management within the Department of Information Technology, the position of State Chief Information Security Officer, and the Maryland Cybersecurity Coordinating Council, alters the membership of the Council, requires each unit of the Legislative Branch or Judicial Branch of State government that uses a certain network to certify certain compliance to the Department by specified date each year.

MD SB 633
Status: Enacted
Makes alterations to the 9-1-1 Emergency Telephone System in the State, alters the classification of 9-1-1 specialists, authorizes 9-1-1 specialists to seek certain treatment confidentially, requires the Maryland 9-1-1 Board to establish certain procedures governing vacancies on the Board, alters the Powers and duties of the Board with respect to public safety answering point personnel and cybersecurity standards.

MD SB 749
Status: Failed -
Establishes the Maryland 3-1-1 Board to establish requirements, procedures, and standards for the establishment of statewide and county 3-1-1 systems, establishes a statewide 3-1-1 system under the Maryland Department of Emergency Management to provide certain nonemergency information, subject to certain requirements, requires a county to be responsible for certain costs and expenses associated with a county 3-1-1 system.

MD SB 753
Status: Failed -
Establishes the Cybersecurity Workforce Accelerator Program at the University of Maryland Baltimore County to increase the cybersecurity workforce in the State, increase the investment of the State in cybersecurity workforce programs and educational programs at certain institutions, and for other purposes related to the cybersecurity workforce in the State, requires the Department of Commerce and the Maryland Department of Labor to assist in administering the Accelerator Program as necessary.

MD SB 754
Status: Enacted
Establishes the Cyber Preparedness Unit in the Maryland Department of Emergency Management, establishes certain responsibilities of the Unit, requires local governments to report certain cybersecurity incidents in a certain manner and under certain circumstances, requires the State Security Operations Center to notify appropriate agencies of a cybersecurity incident in a certain manner, establishes the Cybersecurity Fusion Center in the Maryland Department of Emergency Management.

MD SB 780
Status: Failed -
Establishes the Office of Security Management within the Department of Information Technology, certain Office positions, and the Maryland Cybersecurity Coordinating Council, establishes certain responsibilities and authority of the Office, centralizes authority and control of the procurement of all information technology for the Executive Branch of State government in the Department of Information Technology.

MD SB 782
Status: Failed
Establishes the Workgroup on the Post Coronavirus Crisis Economic Transition to make recommendations regarding how the State may adjust its economic development and other strategies in the context of changes resulting from crises in certain sectors, requires the Workgroup to submit an interim report on or before a specified date, and a final report on or before a specified date to the Governor and the General Assembly.

MD SB 810
Status: Failed -
Authorizes the Department of Emergency Management to take action to reduce the disaster risk and vulnerability of critical infrastructure, establishes the Critical Infrastructure Cybersecurity Grant Program in the Department to leverage certain funds to make cybersecurity improvements to critical infrastructure, alters the duties and staffing requirements of the Public Service Commission to include cybersecurity, authorizes the Office of People's Counsel to retain or hire an expert in cybersecurity.

MD SB 811
Status: Failed -
Authorizes the Maryland Stadium Authority to issue bonds and, in consultation with the Department of Information Technology, finance projects related to information technology and cybersecurity-related State government infrastructure, establishes an Information Technology and Cybersecurity Infrastructure Fund as a special, non-lapsing fund, establishes a Statewide Reporting Framework and Oversight Commission in the Department.

MD SB 812
Status: Enacted
Establishes the Office of Security Management within the Department of Information Technology and the Maryland Cybersecurity Coordinating Council, centralizes authority and control of the procurement of all information technology for the Executive Branch of State government, exempts meetings of the Council from the Open Meetings Act, requires each unit of the Executive Branch of State government and certain local entities to report certain cybersecurity incidents.
Massachusetts
MA HB 107
Status: Pending
Regulates privacy and technology in education.

MA HB 122
Status: Pending
Relates to cyber procurement insurance.

MA HB 349
Status: Pending
Relates to the security of personal financial information.

MA HB 3132
Status: Pending
Establishes a task force to study the need for increased cyber security within government agencies.

MA HB 3133
Status: Pending
Relates to cybersecurity standards in state contracts or procurements.

MA HB 4514
Status: Pending
Establishes the Massachusetts Information Privacy and Security Act.

MA HB 4720
Status: Pending
Invests in Future Opportunities for Resiliency, Workforce, and Revitalized Downtowns.

MA HD 4731
Status: Pending
Finances the general governmental infrastructure of the Commonwealth.

MA SB 51
Status: Pending
Creates an office of data protection, cybersecurity, and privacy.

MA SB 55
Status: Pending
Relates to cyber crime prevention in schools.

MA SB 2088
Status: Pending
Establishes a Cybersecurity Control and Review Commission.

MA SB 2633
Status: Adopted
Relates to granting the committee on advanced information technology, the internet and cybersecurity until April 30, 2022 within which time to make its final report on certain current Senate and House documents relates to advanced information technology, the internet and cybersecurity.

MA SB 2683
Status: Pending
Authorizes the joint committee on Advanced Information Technology, the Internet and Cybersecurity to make an investigation and study of certain current Senate documents relative to advanced information technology, the internet and cybersecurity matters.

MA SB 2687
Status: Pending
Relates to establishing the Massachusetts Information Privacy and Security Act.

Michigan
MI HB 5036
Status: Enacted
Provides technology, management, and budget department to create resources concerning digital literacy and cyber safety on public website to House Communications and Technology Committee.

MI SB 520
Status: Pending
Provides technology, management, and budget department to create resources concerning digital literacy and cyber safety on public website.

MI SB 672
Status: Pending
Provides for an affirmative defense for covered entities with cybersecurity programs under certain circumstances.

Minnesota
MN HB 4069
Status: Failed -
Relates to state government, appropriates money in the data security account.

MN HB 4125
Status: Failed -
Relates to the financing of State government, appropriates money for certain constitutional offices, State agencies, and Veterans Affairs, modifies data practices provisions, establishes the Office of Enterprise Translations and the language access service account, establishes county and local cybersecurity grants, modifies provisions governing burial grounds and cemeteries, modifies provisions governing military veterans, establishes a Veterans Service Organization grant program.

MN HB 4568
Status: Failed -
Relates to emergency management, protects information and telecommunications technology systems and services during emergencies.

MN SB 3468
Status: Failed -
Relates to state government, appropriates money in the data security account.

MN SB 4002
Status: Failed -
Relates to the financing of state government, appropriates money for certain constitutional offices, state agencies, and Veterans Affairs, modifies data practices provisions, establishes the Office of Enterprise Translations and the language access service account, establishes county and local cybersecurity grants, modifies provisions governing burial grounds and cemeteries, modifies provisions governing military veterans, establishes a Veterans Service Organization grant program.

MN SB 4388
Status: Failed -
Relates to emergency management, protects information and telecommunications technology systems and services during emergencies.
Missouri
MO HB 1878
Status: Enacted
Relates to elections, with penalty provisions, provides that the secretary of state shall have the authority to, at his or her discretion, audit the list of registered voters for any local election authority to ensure accuracy. Provides for cybersecurity reviews and other measures.

MO HB 2436
Status: Failed -
Creates a grant program for employers to enhance cybersecurity.

MO SB 674
Status: Failed -
Relates to grants to employers for the purpose of enhancing cybersecurity.

MO SB 1215
Status: Failed -
Creates provisions relating to a task force on cyber crimes.
Mississippi
MS SB 2530
Status: Vetoed
Establishes the State Enterprise Security Program, for purpose of possible amendment.
Nebraska
NE L 904
Status: Failed -
Appropriates federal funds to the University of Nebraska for an Artificial Intelligence, Cybersecurity, and Holland Computer Center facility.
New Hampshire
NH HB 1277
Status: Enacted
Defines cybersecurity incident and requires that political subdivisions report such incidents to the Department of Information Technology.

NH LSR 546
Status: Pending
Establishes the position of chief information security officer and deputy chief information security officer in the department of information technology.

New Jersey
NJ AB 493
Status: Pending
Requires public agencies report cybersecurity incidents to New Jersey Office of Homeland Security and Preparedness.

NJ AB 1450
Status: Pending
Concerns information security standards and guidelines for state and local government.

NJ AB 1671
Status: Pending
Requires state, county, and municipal employees and certain state contractors to complete cybersecurity awareness training.

NJ AB 1703
Status: Pending
Requires certain persons and business entities to maintain comprehensive information security program.

NJ AB 1848
Status: Pending
Requires state employees to receive best cybersecurity practices.

NJ AB 1962
Status: Pending
Directs state Cybersecurity and Communications Integration Cell, Office of Information Technology, and state Big Data Alliance to develop advanced cyberinfrastucture strategic plan.

NJ AB 1979
Status: Pending
Requires businesses in financial, essential infrastructure, and health care industries to report cybersecurity incidents.

NJ AB 1980
Status: Pending
Establishes cybersecurity employment grant program for qualified businesses, appropriates funds.

NJ AB 1981
Status: Pending
Requires businesses in financial, essential infrastructure, and health care industries to develop cybersecurity plans.

NJ AB 1982
Status: Pending
Requires instruction on cybersecurity in grades nine through 12, requires Office of Secretary of Higher Education to develop cybersecurity model curricula, establishes loan redemption programs for individuals in certain cybersecurity occupations.

NJ AB 1983
Status: Pending
Requires municipalities, counties, and school districts to report cybersecurity incidents, provides for reimbursement.

NJ AB 3379
Status: Pending
Requires public institutions of higher education to establish plans concerning cyber security and prevention of cyber attacks.

NJ AB 4013
Status: Pending
Requires each principal department in Executive Branch and each State college to conduct review of department's or college's cybersecurity infrastructure and make recommendations.

NJ AB 4050
Status: Pending
Provides protections for social media users, creates private cause of action for social media users whose accounts have been hacked and not restored by social media websites under certain circumstances.

NJ AB 4184
Status: Pending
Requires shared service incentive programs to allow hiring of information technology and cyber security professionals.

NJ AB 4444
Status: Pending
Requires certain persons and business entities to maintain comprehensive information security program.

NJ AJR 66
Status: Pending
Establishes state Cybersecurity Task Force.

NJ AJR 119
Status: Pending
Designates October of each year as Cyber Security Awareness Month.

NJ SB 297
Status: Pending
Provides that every public agency and government contractor shall report cybersecurity incidents to the New Jersey Office of Homeland Security and Preparedness, provides that the report shall be made within a specified number of hours of when the public agency or government contractor reasonably believes that a cybersecurity incident has occurred.

NJ SB 423
Status: Pending
Directs the state Cybersecurity and Communications Integration Cell, Office of Information Technology, and the State Big Data Alliance to develop an advanced cyber infrastructure strategic plan.

NJ SB 484
Status: Pending
Requires each government entity in the state to conduct review of cybersecurity infrastructure and make recommendations.

NJ SB 1860
Status: Pending
Creates affirmative defense for certain breaches of security.

NJ SB 2827
Status: Pending
Requires shared service incentive programs to allow hiring of information technology and cyber security professionals.

NJ SJR 12
Status: Pending
Establishes State Cybersecurity Task Force.

New Mexico
NM HB 2
Status: Enacted
Makes general appropriations and authorizing expenditures by state agencies required by law. Provides funding to assist public postsecondary educational institutions and school districts and charter schools in performing risk-based vulnerability management and penetration testing to identify, deter, protect against, detect, remediate and respond to cyber threats and ransomware. Provides that the office of the chief information security officer of the department of information technology will act in an oversight capacity and serve to certify cyber security projects.

NM HB 122
Status: Failed -
Makes an appropriation to the Department of Information Technology for the development of a cybersecurity program for all school districts, charter schools and state special schools and the statewide education technology infrastructure network by the end of fiscal year 2026.

NM SB 98
Status: Failed -
Relates to Cybersecurity Act.
New York
NY AB 322
Status: Pending
Relates to the security of connected devices.

NY AB 535
Status: Pending
Enacts the New York Grid Modernization Act to address the aging infrastructure, establishes the grid modernization program, defines terms, creates the smart grid advisory council, makes related changes.

NY AB 749
Status: Pending
Authorizes continuing care retirement communities to adopt a written cybersecurity policy, requires such policies to be self-certified and approved by the superintendent.

NY AB 3847
Status: Pending
Establishes the crime of disruption of an online public meeting when a person with intent to cause public inconvenience, annoyance or alarm, without lawful authority, and acting through a computer service, he or she disturbs any lawful assembly or meeting of persons open to the public conducted through a computer service, makes such crime a class B misdemeanor.

NY AB 3900
Status: Pending
Establishes a commission to study the European Union's general protection data regulation and the current state of cybersecurity in the state.

NY AB 3904
Status: To Governor
Relates to critical energy infrastructure security and responsibility.

NY AB 4567
Status: Pending
Establishes the School District Cyber Crime Prevention Services Program to provide school districts with information on strategies, best practices and programs offering training and assistance in the prevention of cyber crimes in school districts or otherwise affecting school districts, provides further that information on eligibility and applications for financial assistance be made available to school districts.

NY AB 4581
Status: Pending
Establishes the misdemeanor of interfering in the election process by electronic means.

NY AB 4640
Status: Pending
Requires the Department of Education to provide annual notifications to school districts to combat cyber crime.

NY AB 4892
Status: Pending
Creates the crime of cyberterrorism and calculating damages caused by computer tampering, cyberterrorism shall be a class B felony.

NY AB 6774
Status: Pending
Relates to contracts pertaining to information technology cloud services, requires bidders for such contracts to be certified by the federal risk authorization management program.

NY AB 6984
Status: Pending
Establishes civilian cyber security reserve Forces within the New York state militia to be capable of being expanded and trained to educate and protect state, county, and local government entities, critical infrastructure, including election systems, businesses and citizens of the state from cyber attacks, makes related provisions.

NY AB 7983
Status: Pending
Relates to computer-related crimes, Creates the crimes unlawful disruption of computer services in the first and second degree, unlawful computer access assistance in the first and second degree, unauthorized use of internet domain name or profile, and unlawful introduction of a computer contaminant, allows for a civil action for compensatory damages for victims of such crimes.

NY AB 9641
Status: Pending
Amends the Chap 57 of 2005, requires the New York state higher education capital matching grant board to award matching capital grants totaling two million dollars for projects to implement, modify, or otherwise enhance cyber security infrastructure, makes related provisions.

NY AB 9951
Status: Pending
Directs that state agencies require that procurement of personal computing goods, services and solutions meet the National Institute of Standards and Technology Cybersecurity Framework.

NY AB 9952
Status: Pending
Enacts the Critical Infrastructure Standards and Procedures Act.

NY AB 9995
Status: Pending
Creates a cyber security enhancement fund to be used for the purpose of upgrading cyber security in local governments, including but not limited to, villages, towns and cities with a population of one million or less, restricts the use of taxpayer moneys in paying ransoms in response to ransomware attacks.

NY SB 118
Status: Pending
Establishes the misdemeanor of interfering in the election process by electronic means.

NY SB 348
Status: Pending
Requires the Department of Education to provide annual notifications to school districts to combat cyber crime.

NY SB 349
Status: Pending
Establishes the school district cyber crime prevention services program.

NY SB 2087
Status: Pending
Amends the Tax Law, relates to a business tax credit for purchase of data breach insurance.

NY SB 2652
Status: Pending
Amends the State Technology Law, requires governmental entities to implement multifactor authentication for local and remote network access.

NY SB 3213
Status: Pending
Directs that state agencies require that procurement of personal computing goods, services and solutions meet the National Institute of Standards and Technology Cybersecurity Framework.

NY SB 3830
Status: Pending
Requires manufacturers of connected devices to equip such devices with reasonable security features.

NY SB 5186
Status: Pending
Relates to computer-related crimes, creates the crimes unlawful disruption of computer services in the first and second degree, unlawful computer access assistance in the first and second degree, unauthorized use of internet domain name or profile, and unlawful introduction of a computer contaminant, allows for a civil action for compensatory damages for victims of such crimes.

NY SB 5410
Status: Pending
Elevates all computer tampering offenses by one degree in severity.

NY SB 5579
Status: Pending
Provides that the Public Service Commission shall have the power to provide for an annual audit of gas corporations and electric corporations relating to the adequacy of cyber security policies, protocols, procedures and protections including, but not limited to, as such policies, protocols, procedures and protections relate to critical energy infrastructure and also to customer privacy.

NY SB 6068
Status: Pending
Establishes a commission to study the European Union's general protection data regulation and the current state of cybersecurity in the state.

NY SB 6154
Status: Pending
Creates a Cyber Security Enhancement Fund to be used for the purpose of upgrading cyber security in local governments, including but not limited to, villages, towns and cities with a population of one million or less, restricts the use of taxpayer moneys in paying ransoms in response to ransomware attacks.

NY SB 6515
Status: Pending
Requires all state agencies to utilize third-party, commercial cloud computing solutions for any new information technology or telecommunications investments on or before a specified date.

NY SB 6806
Status: Pending
Prohibits governmental entities, business entities and health care entities from paying a ransom in the event of a cyber incident or a cyber ransom or ransomware attack.

NY SB 7312
Status: Pending
Enacts the "Critical Infrastructure Standards and Procedures (CRISP) Act".

NY SB 7512
Status: Pending
Requires the New York state higher education capital matching grant board to award matching capital grants totaling two million dollars for projects to implement, modify, or otherwise enhance cyber security infrastructure, makes related provisions.

NY SB 9005
Status: Pending
Establishes the Secure Our Data Act, relates to state entities preparing for and protecting against a ransomware attack.
North Carolina
NC HB 1132
Status: Pending
Appropriates funds for cybersecurity improvements at constituent institutions of the University of North Carolina identified as public historically minority-serving institutions.

NC SB 621
Status: Failed -
Appropriates additional funds to support a dedicated North Carolina Defense Cyber Office in the NC Military Business Center.
Ohio
OH HB 116
Status: Pending
Enacts the Computer Crimes Act.

OH HB 230
Status: Pending
Regards the state's information technology systems and shared services, makes an appropriation.

OH HB 432
Status: Pending
Amends section 1347.12, enacts section 125.184 of the Revised Code regarding data breaches on state agency computer systems.
Oklahoma
OK HB 3064
Status: Failed -
Relates to technology, enacts the State Cyber Security Act of 2022, provides for noncodification, provides an effective date.

OK HCR 1017
Status: Failed -
Declares the need for grid modernization technologies and cybersecurity, provides for distribution.

OK SB 1802
Status: Enacted
Relates to multiple versions of statutes, amends, merges, consolidates and repeals multiple versions of statutes. Requires the Information Services Division of the Office of Management and Enterprise Services to create a standard security risk assessment for state agency information technology systems. Provides that a state agency with an IT system that is not consolidated under the Information Technology Consolidation and Coordination Act is required to have an information security audit that is based upon the most current version of the NIST Cyber-Security Framework.
Oregon
OR D 261
Status: Failed -
Modifies composition and duties, powers and functions of Oregon Cybersecurity Advisory Council.

OR D 295
Status: Failed -
Modifies composition and duties, powers and functions of Oregon Cybersecurity Advisory Council as governing body of Oregon Cybersecurity Center of Excellence, establishes Oregon Cybersecurity Center of Excellence as independent, nonprofit public corporation charged with overseeing, coordinating, funding and providing cybersecurity education, awareness and training for public, private and nonprofit sectors, cybersecurity workforce development and cybersecurity-related goods and services.

OR HB 4155
Status: Failed
Relate to cybersecurity, modifies composition and duties, powers and functions of Oregon Cybersecurity Advisory Council.
Pennsylvania
PA HB 40
Status: Pending
Establishes the Office of Information Technology and the Information Technology Fund, provides for administrative and procurement procedures and for the joint cybersecurity oversight committee, imposes duties on the office of information technology, provides for administration of statewide radio network, imposes penalties.

PA HB 1362
Status: Pending
Provides for Cybersecurity Coordination Board.

PA HB 1397
Status: Pending
Amends the Public Utility Confidential Security Information Disclosure Protection Act, provides for procedures for submitting, challenging and protecting confidential security information, for applicability to other law and for prohibition.

PA HB 2499
Status: Pending
Provides for insurance data security, establishes penalties.

PA SB 482
Status: Pending
Establishes the Office of Information Technology and the Information Technology Fund, provides for administrative and procurement procedures and for the Joint Cybersecurity Oversight Committee, imposes duties on the Office of Information Technology, provides for administration of Statewide Radio Network, imposes penalties.

PA SB 597
Status: Pending
Provides that beginning no later than 18 months after specified date, a water system operator shall annually submit an asset management plan, including a cybersecurity plan.

PA SB 696
Status: Pending
Provides for the notification of residents whose personal information data was or may have been disclosed due to a security system breach, imposes penalties, further providing for title of act, for definitions and for notification of breach, prohibits employees of the Commonwealth from using nonsecured Internet connections, provides for Commonwealth policy and for entities subject to the Health Insurance Portability and Accountability Act of 1996, provides for notice exemption.

PA SB 726
Status: Pending
Provides for the offense of ransomware, imposes duties on the Office of Administration.

PA SB 1048
Status: Pending
Provides for requirements for multifactor authentication to verify claimants for unemployment compensation benefits.
Rhode Island
RI HB 5200
Status: Pending
Adopts the National Association of Insurance Commissioners Cybersecurity Act which establishes the current cybersecurity standard for insurers doing business in this state.

RI HB 6004
Status: Pending
Relates to elections, relates to mail ballots, entitles disabled and military voters to utilize electronically transmitted ballots.

RI HB 6042
Status: Pending
Relates to elections, authorizes the secretary of state and board of elections to conduct an extensive cybersecurity assessment of our election systems and facilities and to establish a cybersecurity review board to review and assess our election system, creates a cybersecurity incident response group to adopt protocols in the event of any agency or public body breaches of cybersecurity.

RI HB 6668
Status: Pending
Authorizes the Secretary of State and Board of Elections to conduct an extensive cybersecurity assessment of our election systems and facilities and to establish a cybersecurity review board to review and assess our election system, creates a cybersecurity incident response group to adopt protocols in the event of any agency or public body breaches of cybersecurity.

RI HB 7732
Status: Enacted
Authorizes the secretary of state and board of elections to conduct an extensive cybersecurity assessment of our election systems and facilities and to establish a cybersecurity review board to review and assess our election system, creates a cybersecurity incident response group to adopt protocols in the event of any agency or public body breaches of cybersecurity.

RI HB 7777
Status: Pending
Relates to the National Association of Insurance Commissioners Model Act regarding data security to establish standards for data security and standards for the investigation of and notification to the commissioner of a cybersecurity event, provides that all documents, materials or other information in the control of the Department of Business Regulation, Division of Insurance furnished by a licensee or that are obtained by the commissioner in an investigation.

RI HB 7883
Status: Pending
Creates a cybersecurity incident response group that would promulgate cybersecurity breach related protocols for agencies and public bodies, require immediate notice of a breach within twenty four hours to the cybersecurity incident response group and the attorney general, and notice to the affected individuals no later than a specified number of days after the discovery of the breach.

RI SB 340
Status: Pending
Establishes that manufacturers of devices capable of connecting to the Internet equip the devices with reasonable security features.

RI SB 835
Status: Pending
Authorizes the secretary of state and board of elections to conduct an extensive cybersecurity assessment of our election systems and facilities and to establish a cybersecurity review board to review and assess our election system, creates a cybersecurity incident response group to adopt protocols in the event of any agency or public body breaches of cybersecurity.

RI SB 2031
Status: Pending
Would establish that manufacturers of devices capable of connecting to the Internet equip the devices with reasonable security features. This act would take effect on January 1, 2023.

RI SB 2664
Status: Pending
Provides identity theft protections by requiring reporting of breaches by certain municipal and state agencies, requires notice to collective bargaining agents where required and requires an explanation of remediation services.

RI SB 2744
Status: Pending
Adopts the National Association of Insurance Commissioners Model Act regarding data security.

RI SB 2809
Status: Enacted
Authorizes the secretary of state and board of elections to conduct an extensive cybersecurity assessment of election systems and facilities and to establish a cybersecurity review board to review and assess our election system, creates a cybersecurity incident response group to adopt protocols in the event of any agency or public body breaches of cybersecurity.
South Carolina
SC HB 5150
Status: Enacted
Makes appropriations and to provide revenues to meet the ordinary expenses of state government for the fiscal year beginning on a specified date, regulates the expenditure of such funds, provides further for the operation of state government during this fiscal year and for other purposes. Requires all state agencies to adopt and implement cyber security policies, guidelines and standards developed by the Department of Administration. The department may conduct audits on state agencies as necessary to monitor compliance with established cyber security policies, guidelines and standards.
South Dakota
SD HB 1092
Status: Enacted
Appropriates funds for purposes of creating the precision agriculture cybersecurity CyberAg partnership initiative between South Dakota State University and Dakota State University, developing undergraduate and graduate curricula, engaging in research, and providing associated outreach programming and communication to address agricultural security threats.
Tennessee
TN SB 2282
Status: Enacted
Provides that by specified date, or within one (1) year after a utility is formed, whichever is later, a utility shall prepare and implement a cyber security plan to provide for the protection of the utilitys facilities from unauthorized use, alteration, ransom, or destruction of electronic data.
Utah
UT HB 280
Status: Enacted
Creates the Cybersecurity Commission to gather information and share best practices on cybersecurity, repeals the Data Security Management Council, creates the Cybersecurity Commission, directs the appointment of members to the commission, directs the commission to gather information about cybersecurity, authorizes the commission to share information it gathers with the governor, directs the commission to establish guidelines and best practices with respect to cybersecurity protections.

UT HB 457
Status: Failed
Amends provisions related to the protection of personal information.

UT SB 15
Status: Enacted
Amends provisions relating to the Department of Government Operations, permits the Data Security Management Council to hold a closed meeting to conduct business relating to information technology security, modifies provisions relating to rulemaking authority, clarifies provisions relating to the setting of rates and fees, clarifies provisions relating to risk management, modifies provisions relating to the duties of the Division of Archives and Records Services.
Virginia
VA HB 30
Status: Enacted
Relates to Budget Bill, provides for all appropriations of the Budget submitted by the Governor of Virginia in accordance with the provisions of Section 2.2-1509, Code of Virginia, and to provide a portion of revenues for the two years ending respectively on the thirtieth day of June, 2023, and the thirtieth day of June, 2024. Provides funding for the Commonwealth Cyber Initiative (CCI) for resources for faculty recruiting and to the Cybersecurity Public Service Grant Program (the Program) as a public-private initiative for the purpose of attracting to and retaining in qualified employment talented recent graduates and veterans to meet qualified employers' growing demand for cybersecurity professionals.

VA HB 442
Status: Failed
Relates to income tax credit, relates to employers of G3 Program or cybersecurity graduates, creates a nonrefundable individual and corporate income tax credit for employers that hire eligible employees who are graduates of the Get Skilled, Get a Job, Give Back Program (G3 Program) or graduates with a degree in cybersecurity from a Virginia four-year institution of higher education, provides that the credit is available for taxable years 2022 through 2026, is equal to $1,000 per eligible employee hired.

VA HB 466
Status: Failed
Relates to register of volunteer cybersecurity and information technology professionals, directs the Secretary of Administration to establish a register of cybersecurity and information technology professionals interested in volunteering to assist localities and school divisions, in collaborating on workforce development, and in providing mentorship opportunities.

VA HB 1290
Status: Enacted
Relates to public bodies, relates to security of government databases and data communications.

VA SB 764
Status: Enacted
Relates to public bodies, relates to security of government databases and data communications. Requires every public body to report all (i) known incidents that threaten the security of the Commonwealth's data or communications or result in exposure of data protected by federal or state laws and (ii) other incidents compromising the security of the public body's information technology systems with the potential to cause major disruption to normal activities of the public body or other public bodies. Such reports shall be made to the Virginia Fusion Intelligence Center within 24 hours from when the incident was discovered. The Virginia Fusion Intelligence Center shall share such reports with the Chief Information Officer or his designee at the Virginia Information Technologies Agency, promptly upon receipt.
Vermont
VT HB 515
Status: Enacted
Makes various amendments to Vermont law pertaining to banking, securities, and insurance regulation, including with respect to travel insurance, data security, and whistleblower awards and protection.
> Washington
WA HB 1190
Status: Failed -
Fosters economic growth in Washington by supporting emerging businesses in the new space economy.

WA HB 2044
Status: Failed -
Concerns the protection of critical constituent and state operational data against the financial and personal harm caused by ransomware and other malicious cyber activities.

WA SB 5693
Status: Enacted
Makes 2021-2023 fiscal biennium supplemental operating appropriations, defines certain terms, provides for conditions and limitations on certain appropriations. Provides funding for the security operations center, including identified needs for expanded operations, systems, technology tools, training resources; additional staff dedicated to the cyber and physical security of election operations at the office and county election offices; expanding security assessments, threat monitoring, enhanced security training; and providing grants to county partners to address identified threats and expand existing grants and contracts with other public and private organizations such as the Washington military department, national guard, private companies providing cyber security, and county election offices. Provides funding for cybersecurity initiatives in the workforce education investment account.

WA SB 5916
Status: Failed -
Concerns the protection of critical constituent and state operational data against the financial and personal harm caused by ransomware and other malicious cyber activities.

WA SB 5956
Status: Failed -
Concerns insurance data security.
Wisconsin
WI AB 147
Status: Failed
Imposes requirements related to insurance data cybersecurity, grants rule making authority.

WI AB 818
Status: Failed
Concerns cybersecurity standards for state government entities, grants rule making authority.

WI SB 786
Status: Failed
Concerns cybersecurity standards for state government entities, grants rule making authority.
West Virginia
WV HB 4498
Status: Failed -
Increases the financial penalties in regard to ransomware attacks.

WV SB 529
Status: Enacted
Relates to computer science education in schools, recognizes a need to provide coursework on computational thinking, block based programming, text based programming, network communication, computer architecture, coding, application development, digital literacy, and cyber security, requires the board to update and build upon prior computer science education plans and policy to include additional subject matter, removes obsolete language.
Puerto Rico
PR HR 468
Status: Pending
Orders the House Committee on Finance and Budget to carry out an investigation into the cyber attack caused by ransomware in 2017, causing a state of emergency in the Department of the Treasury.

PR SB 118
Status: Pending
Amends Law 20 of 2017, the Law of the Department of Security, in order to add functions and powers to the Office of Security Information Management, which are essential to really achieve the implementation of the system interoperability of communications and that it has a proper and accurate operation.
Powered by LexisNexis State NetLexisNexis Terms and Conditions

 

Additional Resources