In the past few months, Pennsylvania has suffered several data-related mishaps: a cyberattack on the Aliquippa water authority in October, an accidental data deletion in early January, and a cyberattack on Monday is still disrupting the state’s court system.
To combat the growing threat of cyberattacks and strengthen the state’s cybersecurity, lawmakers plan to introduce legislation that would elevate the state’s chief information officer to a cabinet-level position, a move that could streamline the decision-making process and better protect sensitive data.
“We believe that by elevating the CIO to a cabinet-level position, we are not just protecting data, we are securing the future of the commonwealth’s technological landscape,” Sen. Kristin Phillips-Hill, one of the bill’s co-sponsors, said in a video posted to YouTube. “It is time to empower our CIO to lead with agility, ensuring the resilience and efficiency of our state’s IT services. For years, the Wolf administration and now the Shapiro administration tell us everything is fine, when the status quo is clearly not working.”
As a Cabinet member, Phillips-Hill said, Pennsylvania’s CIO would have more autonomy to make swift decisions needed to address urgent cyber incidents, reducing bureaucratic barriers that sometimes can block quick and efficient responses from the state.
If the bill passes, Pennsylvania would join more than half of states nationwide that have elevated their CIOs into gubernatorial cabinets, according to the National Association of State CIOs, which gives them direct approval authority over technology plans throughout their states.
“The sheer growing scope of responsibility that the Chief Information Officer is tasked with alone warrants evaluation to the cabinet-level,” Tracy Pennycuick, who is also sponsoring the bill, said in a similar video. “This move will give the officer more flexibility to ensure that state government is on the cutting edge of the latest information technology, delivery of services and protecting our systems from cybersecurity threats.”
Pennsylvania’s Senate Communication and Technology Committee, chaired by Pennycuick, held a public hearing with state officials and IT experts on Wednesday about the data lost earlier this year when a state employee accidentally deleted records from the Pennsylvania State Police’s evidence logs and the state’s employee retirement system.
Pennsylvania CIO Amaya Capellan late last month approved an emergency procurement by Shapiro’s administration to hire an IT crisis firm for a 30-day, $530,000 contract to help the state recover.
In addition to moving the CIO into Shapiro’s Cabinet, the bill would also improve the management of sensitive data stored on the state’s servers, including birth and death records, tax information, criminal lab and evidence data and health records, according to Pennsylvania’s Republican state senators.