Published on February 9, 2024, 5:07 pm
In recent months, Pennsylvania has faced a series of data-related incidents, including cyberattacks and accidental data deletions. To address these growing threats and bolster the state’s cybersecurity measures, lawmakers are proposing legislation that would elevate the state’s chief information officer (CIO) to a cabinet-level position. This move aims to streamline decision-making processes and enhance the protection of sensitive data.
Senator Kristin Phillips-Hill, one of the bill’s co-sponsors, believes that elevating the CIO’s position will not only safeguard data but also secure the future of Pennsylvania’s technological landscape. By empowering the CIO with greater authority, the state can ensure resilience and efficiency in its IT services. Senator Phillips-Hill emphasizes that relying on the status quo is no longer acceptable and that it is time for Pennsylvania to take proactive steps in confronting cyber threats.
If this bill passes, Pennsylvania would join over half of states nationwide that have already elevated their CIOs to gubernatorial cabinets. This move would grant CIOs direct approval authority over technology plans throughout their respective states. Tracy Pennycuick, another sponsor of the bill, highlights the expanding responsibilities placed on CIOs and asserts that evaluating their elevation to cabinet-level positions is warranted. This change would enable them to stay at the forefront of information technology advancements, service delivery, and cybersecurity protection.
The Senate Communication and Technology Committee in Pennsylvania recently conducted a public hearing involving state officials and IT experts to discuss data loss incidents earlier this year. During this hearing, it was revealed that a state employee accidentally deleted records from various important databases within Pennsylvania’s infrastructure.
To aid in recovery efforts, Pennsylvania CIO Amaya Capellan approved an emergency procurement by Governor Shapiro’s administration. This involved hiring an IT crisis firm under a 30-day contract worth $530,000.
In addition to elevating the CIO position within Governor Shapiro’s Cabinet, this proposed bill also aims to improve sensitive data management across the state. This includes records such as birth and death records, tax information, criminal lab and evidence data, and health records. Pennsylvania’s Republican state senators recognize the need for stronger safeguards to protect these critical datasets stored on state servers.
By taking these steps to increase the authority of the CIO and improve sensitive data management, Pennsylvania aims to fortify its cybersecurity measures and ensure better protection against cyber threats. As other states have recognized, elevating the CIO position to a cabinet-level role is an effective way to enhance decision-making capabilities and respond swiftly to urgent cyber incidents.