STAND. COM. REP. NO.  508-16

 

Honolulu, Hawaii

                , 2016

 

RE:   H.B. No. 2755

      H.D. 1

 

 

 

Honorable Joseph M. Souki

Speaker, House of Representatives

Twenty-Eighth State Legislature

Regular Session of 2016

State of Hawaii

 

Sir:

 

     Your Committee on Veterans, Military, & International Affairs, & Culture and the Arts, to which was referred H.B. No. 2755 entitled:

 

"A BILL FOR AN ACT RELATING TO INCIDENT RESPONSE,"

 

begs leave to report as follows:

 

     The purpose of this measure is to address the constant threat of security breaches and cyber-attacks on the executive departments' computer network system by requiring the Cybersecurity, Economic, Education, and Infrastructure Security Coordinator (Coordinator), in partnership with the Chief Information Officer, to develop and maintain an incident report plan for each executive branch department.

 

     Two concerned individuals supported this measure.  The High Technology Development Corporation supported the intent of this measure.  The Department of Defense and the Office of Enterprise Technology Services submitted comments on this measure.

 

     Your Committee finds that, because of the scope of duties, functions, and responsibilities statutorily assigned to the Office of the Chief Information Officer, the Chief Information Officer is better suited to the task of protecting the executive branch's information and communications network from security breaches and cyber-attack than the Coordinator is.  Accordingly, your Committee has amended this measure by:

 

     (1)  Requiring the Chief Information Officer, rather than the Coordinator, to develop and maintain an incident response plan for each executive branch department;

 

     (2)  Defining "incident response plan" to mean a plan that provides for practices and activities that do not compromise the security of the systems and provides for the ability to:

 

          (A)  Complete vulnerability assessments;

 

          (B)  Identify potential cyber-attacks;

 

          (C)  Mitigate losses from cyber-attacks; and

 

          (D)  Recover quickly and efficiently from cyber-attacks;

 

     (3)  Authorizing the Chief Information Officer to request the assistance of other departments, agencies, and private companies, both inside and outside the State, to carry out the Chief Information Officer's duties; and

 

     (4)  Making technical, nonsubstantive amendments for clarity, consistency, and style.

 

     Further, to fortify the security of the executive branch departments' computer network system, your Committee strongly urges the Chief Information Officer to consider the establishment of a cyber-attack committee, to include the Department of Defense, University of Hawaii, and Department of Education, to recommend security measures and any proposed legislation.

 

     As affirmed by the record of votes of the members of your Committee on Veterans, Military, & International Affairs, & Culture and the Arts that is attached to this report, your Committee is in accord with the intent and purpose of H.B. No. 2755, as amended herein, and recommends that it pass Second Reading in the form attached hereto as H.B. No. 2755, H.D. 1, and be referred to your Committee on Finance.

 

 

Respectfully submitted on behalf of the members of the Committee on Veterans, Military, & International Affairs, & Culture and the Arts,

 

 

		____________________________ KEN ITO, Chair