|
HOUSE OF REPRESENTATIVES |
H.B. NO. |
2755 |
|
TWENTY-EIGHTH LEGISLATURE, 2016 |
|
|
|
STATE OF HAWAII |
|
|
|
|
|
|
|
|
||
|
|
||
A BILL FOR AN ACT
relating to incident response.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF HAWAII:
SECTION 1. The legislature finds that the State is under constant threat of security breaches and cyber attacks. The State's executive department computer networks provide and control critical services to all of the State's residents. These networks are responsible for operations of the State's financial services, telecommunications, agricultural operations, legal affairs, transportation system, educational and career development programs, health care systems, and public safety response. Protection of these systems is of the utmost importance for the State.
The legislature further finds that an incident response plan for each State department prepares the departments to respond in the event a cyber attack occurs. The Hawaii cybersecurity, economic, education, and infrastructure security coordinator oversees cybersecurity and cyber resiliency matters in the State. The legislature further finds that the cybersecurity, economic, education, and infrastructure security coordinator must protect the State through an incident response plan for each executive department in the State that shall work in concert as a comprehensive statewide plan.
The purpose of this Act is to require the cybersecurity, economic, education, and infrastructure security coordinator to develop and maintain an incident response plan to cyber attacks for each executive department in the State.
SECTION 2. Section 128B-1, Hawaii Revised Statutes, is amended to read as follows:
"[[]§128B-1[]] Cybersecurity,
economic, education, and infrastructure security coordinator; powers and duties.
(a) There is established the full-time Hawaii cybersecurity, economic,
education, and infrastructure security coordinator to oversee cybersecurity and
cyber resiliency matters, including cybersecurity, economic, education, and
infrastructure security for the State. The coordinator shall be placed within
the state department of defense.
(b) The coordinator shall be selected by the state adjutant general based on the recommendations of the various agencies, departments, and private entities that will partner with the coordinator.
(c) The coordinator shall partner with representatives from the following entities:
(1) The Hawaii fusion center;
(2) The Hawaii state cyber resiliency center;
(3) Federal government agencies;
(4) State government agencies;
(5) The counties of the State;
(6) Institutions of higher education; and
(7) Other entities within the power, water, communications, transportation, and finance sectors, including public utilities, private telecommunications companies, airlines, financial institutions, and private information technology companies.
(d) Notwithstanding any law to the contrary, the coordinator, through its various partnerships, shall develop the requirements and methods for:
(1) Improving cyber resiliency within the State through the development of a structure that shall include education, cybersecurity, and critical infrastructure protection;
(2) Improving the State's critical infrastructure network and resiliency, including identifying interdependencies of critical infrastructures, points of connection between critical infrastructures, the most critical nodes, and the cascading effects of a cyber-attack on these points of connection between critical infrastructure;
(3) Improving the State's cybersecurity by using existing resources within the State;
(4) Examining specific requirements and actions to accelerate the growth of the cybersecurity industry in the State;
(5) Defining the requirements and opportunities to secure state, federal, and private moneys for cybersecurity activities and related educational programs;
(6) Forming partnerships to implement cyber resiliency structures and protocol to identify and share information about possible cyber-attacks and mitigate damage and recover quickly and efficiently from cyber-attacks; and
(7) Expanding the State's cybersecurity and cyber resiliency understanding and workforce through education.
(e) Using the requirements and methods developed under subsection (d), the coordinator, in partnership with the chief information officer, shall develop and maintain an incident report plan for each executive department.
[(e)] (f) The coordinator may
request the assistance of other departments, agencies, and private companies,
both inside and outside of the State to carry out its duties.
[(f)] (g) For the purposes of
this section:
"Coordinator" shall mean the Hawaii cybersecurity, economic, education, and infrastructure security coordinator.
"Cyber resiliency" shall mean the ability to complete vulnerability assessments, identify potential cyber-attacks, mitigate losses from cyber-attacks, and recover quickly and efficiently from cyber-attacks."
SECTION 3. Statutory material to be repealed is bracketed and stricken. New statutory material is underscored.
SECTION 4. This Act shall take effect upon its approval.
|
INTRODUCED BY: |
_____________________________ |
|
|
|
Report Title:
Cybersecurity; Incident Response Plan.
Description:
Requires the cybersecurity, economic, education, and infrastructure security coordinator to develop and maintain an incident response plan to cyber-attacks for each executive department in the State.
The summary description of legislation appearing on this page is for informational purposes only and is not legislation or evidence of legislative intent.