SB694 (2020) Detail

(New Title) relative to recommended minimum cybersecurity standards for municipalities and making an appropriation therefor.


SB 694-FN-A - AS AMENDED BY THE SENATE

 

03/12/2020   1091s

2020 SESSION

20-2812

06/04

 

SENATE BILL 694-FN-A

 

AN ACT relative to recommended minimum cybersecurity standards for municipalities and making an appropriation therefor.

 

SPONSORS: Sen. Dietsch, Dist 9; Sen. Levesque, Dist 12; Sen. Chandley, Dist 11; Sen. Rosenwald, Dist 13; Sen. Morgan, Dist 23; Rep. Ebel, Merr. 5; Rep. Balch, Hills. 38

 

COMMITTEE: Election Law and Municipal Affairs

 

─────────────────────────────────────────────────────────────────

 

AMENDED ANALYSIS

 

This bill:

 

I.  Requires the department of information technology to recommend minimum cybersecurity standards for political subdivisions.

 

II.  Requires political subdivisions to report cybersecurity incidents to the New Hampshire cyber integration center.

 

III.  Makes an appropriation to the department of information technology.

 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

Explanation: Matter added to current law appears in bold italics.

Matter removed from current law appears [in brackets and struckthrough.]

Matter which is either (a) all new or (b) repealed and reenacted appears in regular type.

03/12/2020   1091s 20-2812

06/04

 

STATE OF NEW HAMPSHIRE

 

In the Year of Our Lord Two Thousand Twenty

 

AN ACT relative to recommended minimum cybersecurity standards for municipalities and making an appropriation therefor.

 

Be it Enacted by the Senate and House of Representatives in General Court convened:

 

1  New Paragraph; Department of Information Technology; Duties of Commissioner.  Amend RSA 21-R:4 by inserting after paragraph XX the following new paragraph:

XXI.  Recommending minimum cybersecurity standards for political subdivisions, based on CIS controls, as established and maintained by the Center for Internet Security.  The department shall:

(a)  Publish recommended minimum cybersecurity standards for political subdivisions, to be updated annually.

(b)  Designate the New Hampshire cyber integration center to coordinate incident response of cybersecurity incident reports from political subdivisions.  

2  New Paragraph; Department of Information Technology; Definitions.  Amend RSA 21-R:1 by inserting after paragraph II the following new paragraph:

III.  “Cybersecurity incident” means an occurrence that actually or potentially:

(a)  Jeopardizes the confidentiality, integrity, or availability of an information system;

(b)  Jeopardizes the information the system processes, stores, or transmits; or

(c)  Constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.

3  New Section; Duties of Towns; Cybersecurity.  Amend RSA 31 by inserting after section 103-a the following new section:

31:103-b  Cybersecurity.  The governing body, chief administrative officer, or the designee of any political subdivision who knows of or suspects a cybersecurity incident within such political subdivision, or within any vendor acting as an agent of the political subdivision, shall immediately report such incident, upon discovery, and shall disclose all known information and interactions to the New Hampshire cyber integration center of the department of information technology.

4  Department of Information Technology; Appropriation.  The sum of $1 for the fiscal year ending June 30, 2021 is hereby appropriated to the department of information technology.  The governor is authorized to draw a warrant for said sum out of any money in the treasury not otherwise appropriated.

5  Effective Date.  This act shall take effect 60 days after its passage.

 

LBAO

20-2812

Amended 5/18/20

 

SB 694-FN-A- FISCAL NOTE

AS AMENDED BY THE SENATE (AMENDMENT 2020-1091s)

 

AN ACT relative to recommended minimum cybersecurity standards for municipalities and making an appropriation therefor.

 

FISCAL IMPACT:      [ X ] State              [    ] County               [    ] Local              [    ] None

 

 

 

Estimated Increase / (Decrease)

STATE:

FY 2020

FY 2021

FY 2022

FY 2023

   Appropriation

$0

$1

$0

$0

   Revenue

$0

$0

$0

$0

   Expenditures

$0

$0

$0

$0

Funding Source:

  [ X ] General            [    ] Education            [    ] Highway           [    ] Other

 

METHODOLOGY:

This bill requires that the Department of Information Technology (DOIT) recommend minimum cybersecurity standards for political subdivisions, based on CIS controls, as established and maintained by the Center for Internet Security.  The DOIT shall:

 

(a)  Publish recommended minimum cybersecurity standards for political subdivisions, to be updated annually.

(b)  Designate the New Hampshire cyber integration center to coordinate incident response of cybersecurity incident reports from political subdivisions. 

 

The bill defines a "cybersecurity incident".  The bill requires the governing body, chief administrative officer or designee of any political subdivision that knows of or suspects a cybersecurity incident within such political subdivision, or within any vendor acting as an agent of such political subdivision, to immediately report such incident to DOIT.  The bill appropriates $1 to the DOIT for the fiscal year ending June 30, 2021.

 

AGENCIES CONTACTED:

Department of Information Technology

 

Links

SB694 at GenCourtMobile
SB694 Discussion

Action Dates

Date Body Type
Feb. 12, 2020 Senate Hearing
March 12, 2020 Senate Floor Vote
March 11, 2020 Senate Floor Vote
March 11, 2020 Senate Floor Vote

Bill Text Revisions

SB694 Revision: 8344 Date: May 18, 2020, 5:36 p.m.
SB694 Revision: 8028 Date: Jan. 29, 2020, 7:49 a.m.

Docket

Date Status
Jan. 8, 2020 Introduced 01/08/2020 and Referred to Election Law and Municipal Affairs; SJ 2
Feb. 12, 2020 Hearing: 02/12/2020, Room 102, LOB, 09:30 am; SC 6
March 11, 2020 Committee Report: Ought to Pass with Amendment # 2020-1091s, 03/11/2020; SC 10
March 12, 2020 Committee Report: Ought to Pass with Amendment # 2020-1091s, 03/12/2020; SC 10
March 12, 2020 Special Order to 03/12/2020, Without Objection, MA; 03/11/2020 SJ 6
March 12, 2020 Committee Amendment # 2020-1091s, AA, VV; 03/12/2020; SJ 7
March 12, 2020 Ought to Pass with Amendment 2020-1091s, MA, VV; Refer to Finance Rule 4-5; 03/12/2020; SJ 7
June 16, 2020 Vacated from Committee and Laid on Table, MA, VV; 06/16/2020 SJ 8
June 16, 2020 No Pending Motion; 06/16/2020 SJ 8