State legislators busy writing security laws

At least 34 states are considering bills or have enacted laws about security for computers and networks, according to a new report.

Since fall 2001, at least 24 states have introduced bills and 10 states have passed laws addressing information security, according to the report released Tuesday by the National Conference of State Legislatures. Among the states with new statutes are Florida, Michigan, California, Illinois, Kansas, Nevada, South Carolina, Tennessee, Texas and Virginia.

The Task Force on Protecting Democracy released the report during the legislature association's annual conference last week in San Francisco. Massachusetts state senator and co-chairman of the task force Richard Moore said recent attention has shifted to improving information system security across state governments because legislators understand that critical services, such as water facilities and transportation, rely heavily on computers.

The legislature group is working with representatives from Fortune 300 companies to ensure that states don't develop a medley of security policies and systems that would hinder economic development.

Better collaboration with the federal government and the private sector has helped state chief information officers improve security, said Patrick O'Donnell, task force co-chairman and the Nebraska Legislature's clerk. "I think [we're] better prepared today than in fall 2001," he said, though he noted that no system can be 100 percent secure.

Tuesday's report also states that since 2001, several states have passed laws to combat driver's license counterfeiting. Although state-issued licenses have become, in essence, de facto national identification cards, Moore said that the group doesn't support that tag. But legislatures are willing to impose certain standards nationwide that will make them less vulnerable to counterfeits, he added. Currently, seven states — California, Colorado, Florida, Georgia, Hawaii, Texas and West Virginia — collect fingerprints when individuals apply for a license, but only Georgia uses fingerprint scans to certify an applicant's identity when issuing a replacement license.

West Virginia is the only state to use facial recognition software to verify applicants' identities when they renew or replace their licenses, although Colorado officials are considering a similar system. "It's a trend we're going to see continuing," Moore said. Tuesday's report is the second from the legislature group's Task Force on Democracy. n

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected