Washington Gov. Jay Inslee last week signed a bill that will add several new layers of governance to the state’s cybersecurity practices, including new advisory boards and giving the state’s Department of Commerce greater authorities over infrastructure security.
The bill, which lawmakers in Olympia passed unanimously earlier this year, creates two new subcommittees to advise the governor’s office and the state chief information officer on cyber policy and incident response strategies, with an emphasis on reactions to ransomware attacks.
The first subcommittee will be made up of members of the state Emergency Management Council, responsible for identifying the statewide, local, tribal and infrastructure sectors that are at greatest risk of compromise. That group will also be tasked with applying federal guidance to state incident response practices and finding inconsistencies between federal and state laws.
The other new subcommittee will be housed in state’s Technology Services Board, which is run out of the Washington Technology Solutions agency. This group — which will be comprised of members appointed by the board’s chair, state CIO Bill Kehoe — is responsible for evaluating emerging cyber threats, identifying gaps in state policies, creating tabletop exercises simulating data breaches and other incidents and developing new best practices for state agencies.
The new law also requires WaTech and the Washington Military Department to deliver an annual report on statewide cybersecurity, beginning this December.
“This new law is about starting the process of integrating cybersecurity into our emergency processes the same way we do with floods, fires, and other emergencies across the state,” the bill’s lead sponsor, state Sen. Matt Boehnke, said in a press release. “We have to look at our infrastructure, look at how we would respond, what are those contingency plans – how do we close the gaps within our agency plans.” (Boehnke is a member of the Technology Services Board, as well.)
The law is set to go into effect July 23.
Under the terms of the new law, the two new subcommittees will meet quarterly and also hold an annual joint meeting. Any reports the panels file will be exempted from Washington’s public-records disclosure law.