STAND. COM. REP. NO. 340

 

Honolulu, Hawaii

                   

 

RE:     S.B. No. 1478

        S.D. 1

 

 

 

Honorable Ronald D. Kouchi

President of the Senate

Thirty-Second State Legislature

Regular Session of 2023

State of Hawaii

 

Sir:

 

     Your Committee on Labor and Technology, to which was referred S.B. No. 1478 entitled:

 

"A BILL FOR AN ACT RELATING TO OFFENSIVE CYBERSECURITY,"

 

begs leave to report as follows:

 

     The purpose and intent of this measure is to:

 

     (1)  Establish an offensive cybersecurity program within the Office of Enterprise Technology Services to analyze and evaluate cybersecurity threats and increase cybersecurity awareness and education;

 

     (2)  Establish a goal for all state and county agencies to identify and address vulnerabilities having a benchmark score exceeding 3.9 on the Common Vulnerability Scoring System by January 1, 2025;

 

     (3)  Authorize the Office of Enterprise Technology Services to enter into memoranda of understanding and mutual aid agreements with other governments; and

 

     (4)  Appropriate funds and authorize the establishment of positions.

 

     Your Committee received testimony in support of this measure from the Judiciary, Office of Enterprise Technology Services, and one individual.  Your Committee received comments on this measure from Department of Human Services.

 

     Your Committee finds that the State requires dedicated resources that specialize in cybersecurity to combat the growing state of cyber threats and the speed at which cyber criminals target government entities.

 

     Your Committee has amended this measure by:

 

     (1)  Adopting recommendations from the Office of Enterprise Technology Services that:

 

          (A)  Delete redundant language regarding the definitions of established industry terms, authority to enter memoranda of understanding and mutual aid agreements, and authority to adopt administrative rules;

 

          (B)  Establish the Offensive Cybersecurity Program and disclosure requirements for cybersecurity incidents in section 27-43.5, Hawaii Revised Statutes, relating to the duties of the chief information officer rather than in a new part; and

 

          (C)  Extend the timeline for the Office of Enterprise Technology to identify and address the vulnerabilities of the state and county information technology systems that have a benchmark score exceeding 3.9 on the Common Vulnerability Scoring System to January 1, 2026;

 

     (2)  Inserting an effective date of January 1, 2050, to encourage further discussion; and

 

     (3)  Making technical, nonsubstantive amendments for the purposes of clarity and consistency.

 

     Your Committee notes that the Senate Draft 1 of this measure contains unspecified appropriation amounts for software, services, and an unspecified number of positions to establish the Offensive Cybersecurity Program.  Should your Committee on Ways and Means choose to deliberate on this measure, your Committee respectfully requests that it considers inserting an appropriation amount of $500,000 dollars and the number of three positions.

 

     As affirmed by the record of votes of the members of your Committee on Labor and Technology that is attached to this report, your Committee is in accord with the intent and purpose of S.B. No. 1478, as amended herein, and recommends that it pass Second Reading in the form attached hereto as S.B. No. 1478, S.D. 1, and be referred to your Committee on Ways and Means.

 

Respectfully submitted on behalf of the members of the Committee on Labor and Technology,

 

		________________________________ SHARON MORIWAKI, Chair