Colorado lawmakers pass cyber bill, clearing the way for new research center

Colorado lawmakers have signed off on an expansive cybersecurity initiative for the state that includes funding for a new cyber education and research center championed by Gov. John Hickenlooper.

The state’s Senate passed H.B. 1453 last week, allocating roughly $8 million for the University of Colorado, Colorado Springs to build a new “National Cybersecurity Intelligence Center,” and establishes a cybersecurity council to advise Hickenlooper as he works to set policy on the subject. The bill now heads to Hickenlooper’s desk for his signature, and it seems likely he’ll put pen to paper on the legislation — after all, state Sen. Kent Lambert told StateScoop that he’s worked with the governor’s office on the bill from the day he first drafted it back in January.

“He mentions this in almost every speech he gives around the state, he’s really hot about it,” Lambert said. “There was overwhelming support for it in the Legislature … It’s one of those things that I think is just very bipartisan.”

Indeed, the bill’s attracted the support of Republicans like Lambert and Democrats like Hickenlooper. The governor has spent the last few months advocating for the creation of the cyber center, first mentioning the project in his “state of the state” address in January.

Hickenlooper envisions the new center working in conjunction with the cybersecurity program at UCCS, containing a cyber academy for students and government officials, a research facility to help encourage investments in cybersecurity companies and a “rapid response” program to help private sector firms respond to breaches and other cyberattacks. Lambert’s bill codifies many of those provisions into law, and gives the university the money it needs to make the center a reality.

“At UCCS, they’ve been pretty well connected to the military and space community in the Colorado Springs area for decades, and I think cyber is a natural growth area for that,” Lambert said. “Within the region there’s a high demand both within industry and the military to increase knowledge and expertise.”

[Read more: Colorado governor presses elected officials to get educated on cybersecurity]

While Lambert noted the university has been able to start making some of these changes without his legislation, he added that the infusion of funding would be a key element in establishing a formal base of operations for the center by renovating a university facility once used as a “top secret building” by a defense contractor.

Once the center can put the finishing touches on the new facility, Lambert anticipates that cybersecurity education will be the “biggest portion” of the group’s mission. Not only will it support the university’s existing cyber curricula, but it will also a contain a “public policy think tank as an academic research center of excellence” on the issue and “establish education, training and academic symposia for government leaders at all levels” on cybersecurity.

Lambert even hopes that the center can start to develop cybersecurity education standards for elementary and high schools, so that they can eventually serve as “feeder institutions” for the university.

“It’s becoming a ubiquitous part of our culture, so getting those good fundamental principles of safety and good practices into our education system is a big part of this,” Lambert said.

But he also sees cyber research as a key part of the center’s mission, and his bill would set up a secure development facility at the center that researchers could use to work with federal government agencies and private firms on the latest innovations in the field.

Yet Lambert said the center’s “rapid response” capabilities would a huge part of building strong ties with the private sector. He envisions it mainly helping smaller banks or utility providers (without robust network defenses) respond to cyberattacks, and he could even see the facility developing the capability to work with the military at some point down the line.

“It’s just a place where industry can meet in a secure environment, they can meet to discuss what’s going on and how do they quickly react to that,” Lambert said.

Though Lambert expects that his legislation’s initial appropriation would go a long way toward funding the new center, he admits he hasn’t heard anything from the governor or the university about what kind of money it might need to sustain its operations in the future. However, he expects that the private sector and federal government will have plenty of motivation to keep the program going through donations or grants.

“They know they need to partner with higher ed to get the personnel to run their businesses,” Lambert said.

He also thinks the new cybersecurity council — which would include state IT officials and public safety leaders, among other members of Hickenlooper’s administration — could help advise the governor on how to best spend money on cyber programs of all shapes and sizes, including the center.

But before the state tackles those problems, Hickenlooper has to actually sign the legislation into law, though Lambert believes that’s merely a formality — he predicts the governor will give his blessing to the bill in the next “two or three weeks,” though Hickenlooper’s office didn’t respond to a request for comment on the bill from StateScoop.

Should he indeed follow through and sign the bill, Lambert feels UCCS is ready to hit the ground running.

“Things will start moving relatively quickly, they’re ready to go on this type of thing,” Lambert said.

Contact the reporter who wrote this story at alex.koma@statescoop.com, or follow him on Twitter at @AlexKomaSNG.