CS/CS/HB 1555 (Giallombardo) and CS/SB 1662 (Collins) make several changes to the State Cybersecurity Act (Act). The bills revise the reporting timelines and requirements for the “Cybersecurity Operations Center,” adding additional requirements for the state chief information officer and the chief information security officer. CS/CS/HB 1555 requires the Cybersecurity Operations Center to immediately notify the Department of Law Enforcement and the state chief information officer of an incident. The state chief information officer will be required to notify the President of the Senate and the Speaker of the House. The bills require the Cybercrime Operations Center to notify the Cybercrime Office of the Department of Law Enforcement of any incidents, provide regular reports and provide aid to investigate the incident. The bills require the Cybersecurity Operations Center to provide a consolidated incident report to the Governor, the Attorney General and the Executive Director of the Department of Law Enforcement by the 30th day after the end of each quarter. 

Local Government Incident Notification:

The bills require local governments to immediately notify the Cybercrime Office in the Department of Law Enforcement and the local sheriff who is responsible for receiving notification of a cybercrime incident in a local jurisdiction. Further, the bills require immediate notification to the state chief information security officer. Once a notification has been made to appropriate parties, the status and continued reporting updates are required to the local sheriff until there is no further risk to the public or other critical state systems. (Wagoner)