Kansas Gov. Laura Kelly recently signed a bill that aims to improve public awareness of cybersecurity incidents, authorize the state to make changes to cybersecurity training, assessments, and responses, and modernize Kansas cybersecurity systems.
“In today’s digital world, it is essential to ensure cybersecurity measures are in place to protect communities across Kansas,” said Gov. Kelly. “I am pleased to sign House Bill 2019, a bipartisan solution that protects privacy and taxpayer dollars by improving our ability to prevent and respond to cybersecurity attacks.”
A key provision in the bill is a new cybersecurity incident reporting requirement. The new law requires any public entity that suffers a cybersecurity incident to notify the Kansas Information Security Office within 12 hours of discovering the incident.
Any government contractor that experiences an incident involving confidential state info or the integrity or availability of personal or confidential information provided by Kansas, networks or information systems operated by or for the state must notify the Kansas Information Security Office (KISO) within 72 hours. The law also requires the contractor to notify the KISO within 12 hours after it is determined that an incident impacts state data, networks or Information systems. Additionally, if the incident involved election data, then the public entity or contractor would be required to notify the Secretary of State within 12 hours or 72 hours, respectively.
To support the new incident reporting requirements, the new law also requires KISO to provide instructions on its website, prior to October 1, 2023, detailing the submission of the required cybersecurity incident reports. At a minimum, the instructions must include the types of incidents that are required to be reported, and any information that must be included an incident report.
The bill was unanimously voted out of the Kansas State Senate and received a 117-1 vote in the state House of Representatives.
In a statement, Jeff Maxon, interim chief information technology officer, praised the bill’s passage.
“With the passage of HB 2019, the State of Kansas makes significant progress towards safeguarding its systems and data,” he said.
“Through mandatory reporting, the bill increases communication between the State and its public and private partners to ensure that we address cybersecurity in a holistic fashion,” he said. “The bill also helps create a cohesive standard for cybersecurity policy across state agencies. As a steward of citizen data, the State has made cybersecurity is a top priority, and HB 2019 puts in place the necessary resources to protect the citizens of Kansas.”