Public Agency Cyber Security Act

Summary: The Public Agency Cyber Security Act prohibits public agencies from using hardware, software, or services that have been prohibited by the U.S. Department of Homeland Security for use on federal systems, such as products from Kaspersky Lab.

Based upon Virginia SB 1233 (2019)

SECTION 1. SHORT TITLE

This Act shall be called the “Public Agency Cyber Security Act.”

SECTION 2. FINDINGS AND PURPOSE

(A) FINDINGSThe legislature finds that:

  1. It is essential to provide for the security of government electronic information from unauthorized uses, intrusions or other security threats.
  2. Government computer systems and information assets are under continual attack from both domestic and foreign hackers, and some of these efforts appear to be directed by foreign governments.
  3. State and local governments hold a great deal of confidential data about residents, and security breaches can do great damage to individuals, businesses and the governments themselves.
  4. The U.S. Department of Homeland Security bans certain products from use by federal agencies for security reasons. Our own agencies should follow their lead.

(B) PURPOSEThis law is enacted to help improve security for confidential information held by public agencies.

SECTION 3. PROHIBITION

After section XXX, the following new section XXX shall be inserted:

(A) DEFINITIONS—In this section:

“Public agency” means any legislative body; any court; any authority, board, bureau, commission, district, or agency of the state; any political subdivision of the state, including counties, cities, and towns, city councils, boards of supervisors, school boards, planning commissions, and governing boards of institutions of higher education; and other organizations, corporations, or agencies in the state supported wholly or principally by public funds. “Public agency” includes any committee, subcommittee, or other entity however designated of the public agency or formed to advise the public agency, including those with private sector or citizen members.

(B) BANNED COMPUTER HARDWARE, SOFTWARE

No public agency may use, whether directly or through work with or on behalf of another public agency, any hardware, software, or services that have been prohibited by the U.S. Department of Homeland Security for use on federal systems.

(C) ADDITIONAL DUTIES OF THE [CHIEF INFORMATION OFFICER]

For the security of government information, the [Chief Information Officer] shall promptly notify all public agencies about hardware, software, or services that have been prohibited pursuant to this section.

SECTION 4. EFFECTIVE DATE

This law shall become effective on July 1, 20XX.

 

Next >
< Previous
SHARE