House Status:
Senate Status:
Senate Status:
Minutes for SB342 - Committee on Ways and Means
Short Title
Enacting the Kansas cybersecurity act.
Minutes Content for Thu, Feb 1, 2018
Chairperson McGinn opened the hearing on SB 342. Jill Wolters provided an overview of the bill and responded to questions from Committee members. (Attachment 1)
Joe Acosta spoke as a proponent of the bill. Mr. Acosta provided a brief history of recent attempts to ensure cyber security that led to this bill. The risks are high and last year the State had a significant event that resulted in personal information being released. His organization has developed a Transformation Plan that will move the State forward to cover security gaps. They are currently working to close the gaps but they need help in areas such as user awareness and developing a qualified cybersecurity workforce. Mr. Acosta also discussed the National Conference of State Legislatures report Budgeting for Cybersecurity, which was provided to Committee members. Mr. Acosta responded to questions from Committee members. (Attachment 2) (Attachment 3)
Eric Sweden provided an overview of cybersecurity efforts throughout the country. Cyber threats are only going to continue to increase and states need to understand that it's not just about cybersecurity but about business risk. Every year his organization asks state CIOs for their top priorities, which they compile into a single priority list, and for the last five years security has been the number one item. Governors and state officials are paying more attention to cyber risk and a formal strategy can lead to more resources. (Attachment 4) (Attachment 5)
James Lundsted testified orally regarding the role each person plays in cybersecurity. The State needs leadership and consistent policy to help employees understand their role in securing information. Mr. Lundsted responded to questions from Committee members.
Written testimony in support of the bill was submitted by:
Rod Blunt, Deputy Chief Information Security Officer, Office of Information Technology Services (Attachment 6)
Jeff Maxon, Information Assurance Manager, Office of Information Technology Services (Attachment 7)
Adrian Guerrero, Kansas State Board of Nursing (Attachment 8)
Alan Conroy spoke as a neutral conferee. While he is supportive of efforts to improve cybersecurity, the KPERS program has already made cybersecurity a very high priority and have had a positive response for their efforts in an audit done by Legislative Post Audit. He included a proposed amendment in his testimony that would exempt KPERS from the bill. Mr. Conroy responded to questions from Committee members. (Attachment 9)
Kathleen Selzler Lippert testified as a neutral conferee and included proposed amendments in her testimony. She has had an opportunity to collaborate with the Office of Information Technology Services (OITS) to address concerns she had about a similar bill proposed last year. Her agency deals with medical records so cybersecurity is mission critical and they want to be good stewards of that information. She requested to have her appropriation authority be commensurate with the cost of the additional security requirements. (Attachment 10)
Alexandra Blasi testified as a neutral conferee. She worked with OITS on the concerns her organization had and understands the intent and goals of the bill. Her remaining concerns involve project prioritization for the smaller organizations and clarifying background check language. (Attachment 11)
Written testimony neutral to the bill was submitted by:
Amanda Stanley, League of Kansas Municipalities (Attachment 12)
There being no further conferees, Chairperson McGinn closed the hearing on SB 342.