SENATE BILL REPORT

ESSB 6528

As Amended by House, March 3, 2016

Title: An act relating to promoting economic development through protection of information technology resources.

Brief Description: Enacting the cybersecurity jobs act.

Sponsors: Senate Committee on Trade & Economic Development (originally sponsored by Senators Brown, Sheldon, Dammeier, Parlette, Schoesler, Warnick, Honeyford, Braun, Angel, Hewitt, Miloscia, O'Ban, Becker, Rivers and Rolfes).

Brief History:

Committee Activity: Trade & Economic Development: 1/27/16 [DPS].

Passed Senate: 2/11/16, 49-0.Passed House: 3/03/16, 95-0.

Majority Report: That Substitute Senate Bill No. 6528 be substituted therefor, and the substitute bill do pass.

Signed by Senators Brown, Chair; Braun, Vice Chair; Chase, Ranking Minority Member; Angel, Ericksen and McCoy.

Staff: Jeff Olsen (786-7428)

Background: The Office of the Chief Information Officer (OCIO) is responsible for the preparation and implementation of a strategic information technology (IT) plan and enterprise architecture for the state. The OCIO's duties include standardization and consolidation of IT infrastructure and establishment of IT standards and policies, including state IT security and cybersecurity policies.

Summary of Engrossed Substitute Bill: The OCIO must implement a process for detecting and responding to security incidents. Security incidents include accidental or deliberate events that result in unauthorized access, loss, disruption, or destruction of communication and IT resources. The OCIO must develop plans and procedures to ensure the continuity of operations for IT resources in the event of a security incident.

The OCIO must work with the Department of Commerce and other economic development stakeholders to facilitate the development of a strategy that includes key local, state, and federal assets that will make Washington a national leader in cybersecurity. The OCIO must collaborate with community colleges, universities, the National Guard, the Department of Defense, the Department of Energy, and national laboratories to develop the strategy. The act is known and cited as the Cybersecurity Jobs Act.

Appropriation: None.

Fiscal Note: Available.

Committee/Commission/Task Force Created: No.

Effective Date: Ninety days after adjournment of session in which bill is passed.

Staff Summary of Public Testimony on Original Bill: PRO: F5 Networks is located in Washington, is a world leader in cybersecurity, and wants to offer its expertise and be a partner with the state in its cybersecurity efforts.

OTHER: The OCIO is mostly in support of the concepts in the bill and has provided a few minor technical changes to clarify that the OCIO authority is for state agencies.

Persons Testifying on Original Bill: PRO: Tim Schellberg, F5 Networks.

OTHER: Michael Cockrill, Director, Washington Technology Services.

Persons Signed In To Testify But Not Testifying: No One.

House Amendment(s): Establishes performance metrics for the OCIO to periodically measure the state's performance in achieving the Cybersecurity Jobs Act's goal of making Washington a national leader in cybersecurity, and requires the OCIO to report to the Legislature on the state's performance in achieving these metrics and any recommendations for different metrics by December 1, 2020.