State legislators busy writing security laws

At least 34 states are considering bills or have enacted laws about security for computers and networks, according to a new report.

Since fall 2001, at least 24 states have introduced bills and 10 states have passed laws addressing information security, according to the report released Tuesday by the National Conference of State Legislatures. Among the states with new statutes are Florida, Michigan, California, Illinois, Kansas, Nevada, South Carolina, Tennessee, Texas and Virginia.

The Task Force on Protecting Democracy released the report during the legislature association's annual conference last week in San Francisco. Massachusetts state senator and co-chairman of the task force Richard Moore said recent attention has shifted to improving information system security across state governments because legislators understand that critical services, such as water facilities and transportation, rely heavily on computers.

The legislature group is working with representatives from Fortune 300 companies to ensure that states don't develop a medley of security policies and systems that would hinder economic development.

Better collaboration with the federal government and the private sector has helped state chief information officers improve security, said Patrick O'Donnell, task force co-chairman and the Nebraska Legislature's clerk. "I think [we're] better prepared today than in fall 2001," he said, though he noted that no system can be 100 percent secure.

Tuesday's report also states that since 2001, several states have passed laws to combat driver's license counterfeiting. Although state-issued licenses have become, in essence, de facto national identification cards, Moore said that the group doesn't support that tag. But legislatures are willing to impose certain standards nationwide that will make them less vulnerable to counterfeits, he added. Currently, seven states — California, Colorado, Florida, Georgia, Hawaii, Texas and West Virginia — collect fingerprints when individuals apply for a license, but only Georgia uses fingerprint scans to certify an applicant's identity when issuing a replacement license.

West Virginia is the only state to use facial recognition software to verify applicants' identities when they renew or replace their licenses, although Colorado officials are considering a similar system. "It's a trend we're going to see continuing," Moore said. Tuesday's report is the second from the legislature group's Task Force on Democracy. n

Featured

  • People
    Federal CIO Suzette Kent

    Federal CIO Kent to exit in July

    During her tenure, Suzette Kent pushed on policies including Trusted Internet Connection, identity management and the creation of the Chief Data Officers Council

  • Defense
    Essye Miller, Director at Defense Information Management, speaks during the Breaking the Gender Barrier panel at the Air Space, Cyber Conference in National Harbor, Md., Sept. 19, 2017. (U.S. Air Force photo/Staff Sgt. Chad Trujillo)

    Essye Miller: The exit interview

    Essye Miller, DOD's outgoing principal deputy CIO, talks about COVID, the state of the tech workforce and the hard conversations DOD has to have to prepare personnel for the future.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.