HOUSE OF REPRESENTATIVES

H.B. NO.

1279

TWENTY-EIGHTH LEGISLATURE, 2015

 

STATE OF HAWAII

 

 

 

 

 

 

A BILL FOR AN ACT

 

 

relating to cybersecurity.

 

 

BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF HAWAII:

 


     SECTION 1.  The legislature finds that the security and stability of our computer infrastructure, both public and private ("cybersecurity"), is critical to our state and national defense.  Cyber attacks are the new reality of modern warfare, and national security experts have warned that the threat of a major cyber attack on our country is very real.  Given that much of our critical infrastructure and security systems are controlled by computers, a successful cyber attack could result in property damage, serious physical injury, or even loss of human life.

     The legislature further finds that while efforts are currently being made to pass federal cybersecurity legislation, our State must take a proactive approach rather than simply await further developments at the national level.  We must act now, to ensure that Hawaii's public and private computer networks, which are responsible for day to day essential services such as electricity, telecommunications, transportation systems, and emergency medical care, are not vulnerable to attack by our enemies at home and abroad.  It is not a question of if Hawaii is attacked, but when.

     Accordingly, the purpose of this Act is to establish a statewide cybersecurity council that will develop and maintain a public-private partnership to protect critical computer infrastructure, develop cybersecurity "best practices", report on its progress to the legislature, and cooperate with its future federal counterpart and/or any related federal entity, as appropriate.

     SECTION 2.  Title 10, Hawaii Revised Statutes, is amended by adding a new chapter to be appropriately designated and to read as follows:

"CHAPTER

CYBERSECURITY

     §   -1  Statewide cybersecurity council established; duties; reports.  (a)  There is established a statewide cybersecurity council within the department of defense for administrative purposes only.  Members of the council shall be appointed no later than September 1, 2015, by the governor without regard to section 26-34 and shall be composed of representatives appointed from the following entities:

     (1)  The department of defense;

     (2)  The department of commerce and consumer affairs;

     (3)  The department of health;

     (4)  The department of transportation;

     (5)  The University of Hawaii;

     (6)  The legislature; provided that the heads of the respective houses shall each appoint a member of its body to the council;

     (7)  The judiciary; provided that the chief justice shall appoint a representative of the judiciary to the council;

     (8)  The four counties; provided that the mayor of each respective county shall appoint a representative of their respective county to the council;

     (9)  The intelligence community;

    (10)  Sector-specific state agencies, as appropriate; and

    (11)  State agencies responsible for regulating the security of critical cyber infrastructure, as appropriate.

     The head of the department of defense shall serve as chair of the council.

     (b)  No later than January 1, 2016, the council shall submit to the legislature a report of the council's identification and assessment of critical computer infrastructure, as well as recommendations on incentives that will encourage the relevant private sectors to voluntarily strengthen their computer infrastructure.

     (c)  No later than June 30, 2016, the council shall identify cybersecurity "best practices" after consultation with the affected private sectors and with input from the public.  Such "best practices" shall include, but not be limited to, provisions that protect critical computer systems from physical and virtual harm, protect the privacy and security of data stored on such systems, and provide for monitoring and defense against cybersecurity threats and timely reporting of such threats to state and federal authorities.

     (d)  The council shall evaluate, on an annual basis, the efficacy of such cybersecurity "best practices", the extent to which the affected private sectors have voluntarily adopted such practices, and whether there is a need for additional incentives to achieve voluntary compliance with such practices.  The council shall report its findings annually to the legislature, no later than twenty days prior to the convening of the regular session of 2017 and each year thereafter.

     (e)  The council shall coordinate its cybersecurity efforts in conjunction with its equivalent federal counterpart and any related federal entity, as appropriate."

     SECTION 3.  This Act shall take effect on July 1, 2015.

 

INTRODUCED BY:

_____________________________

 

 


 


 

Report Title:

Cybersecurity; Statewide Cybersecurity Council

 

Description:

Establishes a statewide cybersecurity council to identify and assess critical computer infrastructure and make annual recommendations to the legislature.

 

 

The summary description of legislation appearing on this page is for informational purposes only and is not legislation or evidence of legislative intent.