Senator Tony Hwang Touts Advancement of Key Cybersecurity Legislation
May 1, 2019State Senator Tony Hwang (R-28) released the following statement following the Senate’s unanimous and bipartisan passage of SB 709, An Act to Establish a Cybersecurity Task Force, as amended.
Senator Hwang proposed Senate Bill 709 this legislative session to create a task force dedicated to a comprehensive and cooperative approach to cybersecurity 1) within and across state government including military, judicial and administrative services, 2) through relationships with neighboring states and with the federal government, 3) in coordination with the corporate community and broader business sector, and 4) to protect individual data privacy and application security for Connecticut residents.
On February 13th, the Public Safety Committee held a public hearing on SB 709, where Senator Hwang had the opportunity to speak with DESPP Commissioner James Rovella and Connecticut’s Chief Cybersecurity Risk Officer Arthur House, who both offered important testimony, about the current state of affairs as well as what needs to be done to achieve a more secure cyber environment in the state. The bill was amended and created a task force comprised of a nationally recognized membership from government, business, military, academia, judiciary and other cybersecurity related sectors to research, evaluate and propose legislation to best prepare and protect Connecticut against cyber attacks.
“This is an absolutely critical issue for the State of Connecticut and for our nation as a whole. We are constantly under attack, make no mistake about that. We need to create a team of people who are entirely dedicated to the pursuit of a comprehensive cybersecurity ecosystem that includes state and federal government, corporations and small businesses, and our constituents,” said Senator Hwang. “It is in everybody’s best interest to protect our data, proprietary information and national security documents, and the new language in Senate Bill 709 will allow us to study how best to do so. This is new territory. Neither state nor federal government nor the vast majority of the private sector have figured out the best way to protect ourselves from cyber attack in a comprehensive and cooperative manner, and we are on the forefront of that effort.”
“In the digital age we live in, cybersecurity is essential in both the public and private sector,” said DESPP Commissioner James Rovella. “I look forward to bringing as many of the stakeholders together, including DAS/BEST, to improve the state’s cyber security posture and make our state more resilient to cyber attacks.”
In both the public hearing and the following meeting, Commissioner Rovella summarized some of the cybersecurity initiatives currently in place, including a monthly meeting to discuss incursions and protection and a group of state police officers assigned to the state’s Joint Terrorism Task Force doing cybersecurity work alongside the FBI. Commissioner Rovella remarked, however, that incident response and protection is left to each individual agency.
Arthur House formerly served as chairman of the Public Utilities Regulatory Authority, at the National Geospatial Intelligence Agency, the Office of the Director of National Intelligence, and as Chief of Staff to two U.S. Senators. House has made the point clear that despite its considerable efforts, Connecticut like other states is vulnerable to cyber attacks and that state government experiences almost five billion probes each month, with 2 billion being rejected by our current systems.
“SB 709 is important and valuable, because it raises key issues such as centralization versus decentralization and what our priorities and management capacity should be,” said House at the public hearing. “Connecticut has a cybersecurity strategy and an action plan, but we do not have a management structure to facilitate them.”
House also noted that some CT agencies are relatively secure when it comes to cyber security while others are disturbingly vulnerable. Connecticut’s challenge, according to House, is to construct effective defenses against threats that are becoming more sophisticated every day. In his opinion, Connecticut does not necessarily have to create a new agency, but SB 709 can be used to create a management structure that the state currently lacks in order to confront and control threats the state faces now and will continue to face in the future.
According to a recent SafeWise report, 62% of Connecticuters said that digital security is their top safety concern, with 73% rating identity theft as their top digital security concern. In fact, 16% of residents have personally been a victim of a digital security crime in the last year. As stated previously, one of the charges of the management structure would be to help individuals protect themselves via application security and data privacy.
The Senate passed SB709, as amended, on the consent calendar on Wednesday, April 26th. The full file copy is now available on the CGA website.