The Kansas House advanced a bill Monday that would strengthen cybersecurity and IT measures in all three branches of government.
Kansas State University was also the victim of a cyberattack earlier this year that rendered some of its systems offline. A legislative audit published in July 2023 revealed that more than half of the 15 state-controlled entities studied did not comply with best practices for IT and cybersecurity.
Speaker Pro Tem Blake Carpenter, a Derby Republican who sponsored the legislation, said cyberattacks are not only expensive and time consuming, but compromise sensitive data.
“We’re starting to see the government get attacked a lot more and millions of dollars being paid out,” he said. “We’re wanting to address it within this legislation to find solutions.”
The legislation would establish timelines for state agencies to meet strict national cybersecurity standards and benchmarks. The bill would require mandatory audits of these agencies and penalize those that did not meet data security standards with a 5 percent budget reduction.
The three branches of government would appoint a chief information security officer to oversee the implementation of these security standards, but four elected offices under the executive branch would continue to provide their own security.
Rep. Barb Wasinger, a Hays Republican who chairs the Committee on Legislative Modernization, said the bill represents a huge milestone in protecting against foreign attacks, but it will likely have to be revisited every year.
“No matter what it’s going to have to be amended every year,” she said. “Cybersecurity changes overnight and we can’t possibly anticipate what will happen or what will need to be done.”
Last year, Kansas Democratic Gov. Laura Kelly signed into law a bill authorizing the state to change cybersecurity training, responses and assessment programs; modernize the state’s security systems; and improve public awareness of any threats.
The House bill would also require all state government websites to transfer to .gov domains; authorize the Kansas National Guard to perform test hacks into executive systems; and require annual cybersecurity training for legislators and state government employees.
Carpenter said the measures are attempting to push a cultural change within the state government to emphasize the importance of digital security and data protection.
“The weakest point we will find ourselves in any cyber situation is the human link,” he said. “It doesn’t matter how great we make out IT or security with this legislation if we don’t also address the human factor.”
Rep. Nikki McDonald, an Olathe Democrat, supported the bill but worried that since municipalities and school districts were not mentioned in the legislation, districts would not be able to afford increased security measures, especially since they are already dipping into their budget to fund special education programs.
“Let’s give some thought to the trickle-down cybersecurity that needs to happen across the board,” she said.
©2024 The Kansas City Star. Visit kansascity.com. Distributed by Tribune Content Agency, LLC.