Colorado Gov. Bill Owens today signed legislation to provide greater security for the state's computer systems and increase the oversight on large computer systems developed by state agencies.
House Bill 1157 officially creates the position of chief information security officer. Under the legislation, this officer will have control over the state's cyber security policies and procedures to protect computer systems in state agencies and the citizen information on those computers. The governor had made cyber security one of his priorities in the State of the State.
"Protecting sensitive information and infrastructure is more critical than ever before. As the technology and tactics used by cyber criminals improves, we must work to stay a step ahead. We must be responsible stewards of citizen information," Owens said.
Pending passage of the legislation, the governor had assigned Mark Weatherford to oversee computer security for the state. Weatherford, who now assumes the post of chief information security officer created by HB 1157, has a long history in information security including high-level positions with the U.S. Navy and Raytheon.
HB 1157, sponsored by Rep. Fran Coleman and Sen. Ron May, provides state funding for the cyber security office beginning in fiscal year 07-08. Until then, Owens has directed federal funding to the office.
Owens also signed SB 149 giving expanded oversight authority to the Office of Information Technology in the Governor's Office, and SB 63, setting new standards for state agencies purchasing or developing information technology (IT) systems. SB 149, sponsored by Sen. May and Rep. Coleman, establishes that procurement of any state IT resource costing over $100,000 must first be reviewed and approved by the Office of Information Technology. That Office also will set standards for hardware and software obtained by state agencies.
SB 63, sponsored by Sen. Ron Teck, and Rep. Paul Weissmann, establishes an even higher standard of oversight for state computer systems costing over $5 million or taking multiple years to implement.
The bill requires that a state agency procuring such a system must have an OIT certified manager overseeing the project and that the project follows "best IT practices" as verified by the state controller. The bill also provides funding for three additional employees in the Office of Information Technology to assist state agencies with project management oversight.