(HARRISBURG) – Senator Ryan Aument (R-Lancaster) and Reps. Seth Grove (R-Dover), Kristin Phillips-Hill (R-York Township) and Jason Ortitay (R-Washington/Allegheny) announced today they intend to introduce legislation to increase cybersecurity and to comprehensively overhaul Pennsylvania state government’s information technology (IT) systems.
“It is well past time state government modernize how it manages all facets of information technology,” said Aument, who chairs the Senate Communications and Technology Committee. “From identifying needs, developing solutions, procuring technologies and applications, to how we are prepared to respond to cyber-attacks, we must move Pennsylvania’s aging, inadequate and costly IT infrastructure into a 21st century model.”
Legislation authored by Aument, Grove, Ortitay and Phillips-Hill would codify the Office of Information created by Gov. Tom Wolf through a 2016 executive order and includes additional components to improve how state government would meet important IT goals. The bill would consolidate all IT functions, powers, duties, infrastructure and support services in the executive agencies into one office – the Office of Information Technology (OIT) – which would centrally manage those functions.
The legislation also addresses the increased threats of cyber-attacks against IT systems. Private industry, personal computers, and all levels of government have been victims of attacks.
“State government IT systems are home to extremely sensitive, important information which we are entrusted to keep safe,” Grove said. “Every day we read about another catastrophic attack crippling systems and exposing confidential information. We have a duty to protect against these threats, and by working together using best practices, we stand a much better chance of success.”
Rep. Kristin Phillips-Hill, who has been a leading advocate in addressing cyber-security issues and threats, echoed Grove’s comments. “We must guard against and close potential points of entry for cyber attackers. Their disruptive actions shut down the progress of government, waste taxpayer time and money, and imperil the safety and security of every Pennsylvanian,” she said.
To promote best cybersecurity practices, the bill would require all state agencies to adopt new security standards created by the OIT director, mandates the director develop a two-year schedule to test cybersecurity capabilities, and creates a first-of-its-kind cybersecurity committee to include representation from all branches of government, who would issue an annual report regarding cybersecurity preparedness.
“Too many times government is the last to respond to the rapidly changing world around us,” said Ortitay, who believes the comprehensive IT overhaul is long overdue. “Nowhere has this been proven truer than in how we have fallen woefully behind in IT management, which has resulted in costing taxpayers billions. By centralizing management of IT systems, we can ensure state government agencies are working toward common standards, compatible systems and applications, and interchangeable infrastructure,” he said.
The lawmakers specifically cited the recent audit of Pennsylvania’s unemployment compensation call centers, which revealed the state mismanaged hundreds of millions of dollars in IT upgrades, which are yet to be completed.
Since 2003, Pennsylvania state government has spent over $2.55 billion on IT projects from the General Fund alone. Given the significant costs and the importance of IT to manage state government and the services provided to the people of the Commonwealth, additional oversight is necessary to ensure projects are timely delivered within the budgeted allocations.
The director of the OIT would be tasked with developing schedules for the replacement or modification of IT systems, reviewing IT reports from each state agency, establishing standards for projects, developing a biennial strategic plan for handling state government IT needs and overseeing each agency’s IT disaster recovery plans.
Also under the proposal, the OIT director would be able to approve IT contracts based on money available for projects and an agency’s current IT capabilities. The director could suspend any project which does not meet standards for quality or has exceeded its estimated cost.
“I am hopeful we can work in a thoughtful, bi-partisan way to advance significant changes in one of the most important aspects of how state government manages from day to day,” said Aument.
“This legislation is what people expect their lawmakers to promote – meaningful reform in how we manage government systems, accountability in how we spend scarce taxpayer money, and proactive protection of sensitive information held by the state.”