Emergency Management Council. The Emergency Management Council (EMC), established within the state Military Department, advises the Governor and the adjutant general on all matters pertaining to state and local emergency management. The EMC must ensure the Governor receives an annual assessment of statewide emergency preparedness and review administrative rules governing state and local emergency management practices and recommend necessary revisions to the adjutant general.

Technology Services Board.  The Consolidated Technology Services Agency, also known as Washington Technology Services (WaTech), supports state agencies as a centralized provider and procurer of information technology (IT) services. Within WaTech, the Office of the Chief Information Officer (OCIO) has primary duties related to IT for state government such as establishing statewide enterprise architecture and standards.

The Technology Services Board (TSB) is created within WaTech. Its specified powers and duties include reviewing and approving standards and policies developed by the OCIO and providing oversight of major IT projects. Membership is composed of legislators and representatives from state and local government and the private sector.

Public Records Act. Under the Public Records Act (PRA), all state and local agencies must make all public records available for public inspection and copying, unless a specific exemption in the PRA or another statute applies. The PRA must be liberally construed and its exemptions narrowly construed to promote a general public policy favoring disclosure.

Advisory Committee. The Cybersecurity Advisory Committee (committee) is established within the EMC to provide advice and recommendations that strengthen cybersecurity in both industry and public sectors across all critical infrastructure sectors. The committee must bring together organizations with expertise and responsibility for cybersecurity and incident response. The committee must meet quarterly.

With regards to critical infrastructure, the committee must work with relevant federal agencies, institutions of higher education, industry experts, and technical specialists for specified purposes such as assessing critical infrastructure not covered by federal law to identify which sectors are at the greatest risk and examining the inconsistencies between state and federal law regarding cybersecurity.

Security Subcommittee. The TSB Security Subcommittee (subcommittee) is created. Membership of the subcommittee is comprised of a subset of members appointed to the TSB. The chair may make additional appointments to ensure relevant technology sectors are represented. The subcommittee must meet quarterly.

The specified powers and duties of the subcommittee include reviewing emergent cyberattacks and threats to critical infrastructure sectors in order to identify existing gaps in state agency cybersecurity policies and assessing emerging risks to state agency IT. When providing staff support, WaTech must work with certain entities representing technology and government sectors to ensure a holistic approach to cybersecurity in state government.

Collaboration and Joint Report.  When fulfilling the duties specified in the bill, the Military Department, the committee, WaTech, and the subcommittee must collaborate with each other. Once a year, the committee and subcommittee must hold a joint meeting.

By December 1, 2023, and each December 1st thereafter, the Military Department and WaTech are jointly responsible for providing a state of cybersecurity report to the Governor and the appropriate committees of the Legislature specifying recommendations considered necessary to address cybersecurity in the state. 

Confidentiality. In order to discuss sensitive security topics and information, the committee and subcommittee may hold a portion of its agendas in executive session closed to the public. The reports produced and information compiled by the committee and subcommittee are confidential and may not be disclosed under the PRA.