Posted: | May 4, 2023 04:29 PM |
---|---|
From: | Senator Kristin Phillips-Hill |
To: | All Senate members |
Subject: | Utilizing NIST Standards in State Contracts for IT |
In the near future I will be introducing legislation aimed at protecting our state’s information technology (IT). Cyber security attacks cost businesses and governments trillions of dollars every year. Often, governments consider security in terms of preventing ‘a PC’ from being infected. The reality is that attacks are becoming much more destructive and at a larger scale. It’s not uncommon to see attacks take down hundreds or thousands of machines in a single incident.
Right here within our own state government we have seen attacks and breaches across almost every agency. From the Department of Labor and Industry, to the Department of Human Services, to the Department of Education, and the Department of Health, we have seen incidents involving our state’s IT system and the valuable data of virtually every single Pennsylvanian at risk.
In this environment, it’s critical to understand that every PC or printer purchase decision our state government makes should include cyber security as a critical procurement requirement and utilize best practices. The National Institute of Standards and Technology (NIST) guidelines consist of standards, guidelines, and best practices to manage cybersecurity-related risk. This is a flexible and cost-effective approach that helps to promote the protection and resilience of our IT. These standards have also been adopted by the U.S. Government in all of their IT procurements.
This legislation will require that any state government purchase of computer hardware shall meet NIST standards and best practices for computer security. Pennsylvania must demonstrate the capability to fight these adversaries who are perpetually launching cyberattacks and to do that, we must utilize the best tools and procedures that are on the market. Please join me in cosponsoring this important legislation. |
Introduced as SB745