(TNS) — In response to a foreign cyberattack that crippled the state’s online court system for months, Kansas lawmakers are taking steps to enhance digital security measures. Last year’s attack on the state’s judicial branch exposed vulnerabilities in the state’s cybersecurity.
The Kansas House passed a bill on Monday that aims to bolster cybersecurity and IT protocols across all branches of government.
Earlier this year, Kansas State University also fell victim to a cyberattack, causing certain systems to go offline. A legislative audit conducted in July 2023 revealed that more than half of the 15 state-controlled entities assessed did not adhere to best practices for IT and cybersecurity.
Speaker Pro Tem Blake Carpenter, a Derby Republican and sponsor of the legislation, stressed the importance of addressing cyberattacks due to their costly and data-compromising nature.
“We are witnessing an increase in government cyberattacks resulting in substantial financial losses,” Carpenter said. “This legislation aims to find solutions to fortify our defenses.”
The bill establishes deadlines for state agencies to adhere to rigorous national cybersecurity standards and benchmarks. It mandates audits of these agencies and imposes a 5% budget reduction on those failing to meet data security criteria.
Under the legislation, each branch of government would appoint a chief information security officer to oversee the enforcement of these security protocols. However, four elected offices under the executive branch would maintain their individual security measures.
Rep. Barb Wasinger, a Hays Republican and Chair of the Committee on Legislative Modernization, labeled the bill as a significant milestone in combatting foreign cyber threats but emphasized the need for periodic revisions.
“Cybersecurity is a rapidly evolving field, requiring annual updates to address new challenges,” Wasinger remarked.
Kansas Governor Laura Kelly signed a bill last year to enhance cybersecurity training, response protocols, and security assessments, along with modernizing the state’s security systems and raising public awareness of potential threats.
The House bill also mandates the transition of all state government websites to .gov domains, authorizes the Kansas National Guard to conduct test hackings on executive systems, and necessitates annual cybersecurity training for legislators and government staff.
Carpenter underscored that these measures aim to foster a cultural shift within the state government to prioritize digital security and data protection.
“The human element remains the weakest link in any cyber scenario,” Carpenter added. “Regardless of how robust our IT and security become through this legislation, addressing the human factor is crucial.”
Rep. Nikki McDonald, an Olathe Democrat, voiced support for the bill but raised concerns about the lack of provision for municipalities and school districts. She feared that these entities might struggle financially to implement heightened security measures, especially while already grappling with budget constraints for programs like special education.
©2024 The Kansas City Star. Visit kansascity.com.