The Senate Political Subdivisions Committee heard testimony on Senate Bill 2110, which would define cybersecurity in state law and give responsibility to the state Information Technology Department to "advise, oversee and regulate cybersecurity strategy" for state agencies and public entities such as higher education, cities, counties and school districts.
Testimony on the bill was generally in support of the concept, but snagged on words in the bill and what public entities would be included or affected, with concerns for park districts, the judiciary and small local governments.
Dan Sipes, ITD's chief operating officer, said more than 400 organizations are connected to the state's network, each responsible for their cybersecurity, while the state defends against more than 5 million cyber attacks a month. The bill would seek a "shared vision" for cybersecurity.
"I think the hope of this bill is that we take the collaborative work we've been doing, extend that to a broader set of people and try to create common standards, guidelines, tool sets, practices and have this singular strategy everybody can grab on to and then figure out how they get to meeting that standard and that strategy," Sipes told the committee.
Blake Crosby, executive director of the North Dakota League of Cities, voiced support for the bill in the face of ransomware and other threats faced by the state's 357 cities — many of which are small or manned by a city auditor who works 10 to 15 hours a week on a personal computer.
"We need to all be singing from the same page of the hymnal here because this is a very serious issue," Crosby said.
Larry Zubke, director of technology for the judiciary, agreed with the concept of shared cybersecurity but opposed language in the bill that could be interpreted to include the judiciary's information as controlled by the executive branch.
Sen. Howard Anderson, R-Turtle Lake, questioned the intent of "regulate" in the bill's wording. Sen. Judy Lee, R-West Fargo, also questioned wording and what the legislation could mean for different-sized governments.
"I realize we're all marching to the same direction, but some people have longer legs than others," Lee said.
Sipes said cybersecurity is seen as "a top priority" by ITD and the governor's office, and noted general support among public entities so far.
"I think we all want the same thing," Lee said.
SB2110, introduced at ITD's request, will be set for another hearing before the Senate Political Subdivisions Committee this month.
Burgum, a former software executive, has proposed $16.4 million to create a centralized approach to cybersecurity for 17 cabinet agencies.
©2019 The Bismarck Tribune (Bismarck, N.D.) Distributed by Tribune Content Agency, LLC.