State Procurement/ Cybersecurity

Bill: HB 3934 (HB 5396 & SB 2778 are companion bills)
Sponsor: Rep. Willis
Status: House, 2nd Reading
Position: Neutral
Description: IEMA – Disaster – Cyber Attack
House Bill 3934 as amended would include “Cyber Attack” to the list of events and disasters to which the Governor, to the greatest extent practicable, may delegate or assign authority to the Director of IEMA to manage, coordinate, and direct all resources by orders issued at the time of a disaster.

Bill: HB 4442 (SB 3348 is a companion bill)
Sponsor: Rep. Andrade
Status: House Rules Committee
Position: Neutral
Description: Dept. of Innovation & Technology
House Bill 4442 updates the Department of Innovation and Technology Act. DoIT was established by Executive Order 2016-001 and this act provides for the implementation of the EO. The amendments to the act in HB 4442 expand the powers and duties of DoIT, particularly regarding the procurement of IT for state agencies:

  • Requires DoIT to develop and implement standards, policies and procedures to protect state data
  • Requires DoIT to provide the Governor with timely, comprehensive and meaningful information for IT fiscal policy. For this responsibility, the legislation provides DoIT with the power to do the following:
    • Control procurement for IT equipment
    • Establish standards for IT reporting
    • Establish pricing and charges for IT related services and reports
    • Instructs all state agencies to report to DoIT their usage of IT, costs incurred, information produced, and procedures followed
    • Instructs all state agencies to request assistance and consultation from DoIT when securing IT
    • Requires DoIT to examine accounts and IT data of any organization, body or agency receiving state appropriations from the General Assembly
    • Requires DoIT to analyze and present future need and requirements of IT and related equipment by the State and to formulate a master plan and engage in a continuing analysis of the master plan

Bill: HB 4443
Sponsor: Rep. Andrade
Status: House Rules Committee
Position: Neutral
Description: Cybersecurity – Information Technology – DoIT
House Bill 4443 does several things:

  • Adds cybersecurity vulnerabilities to the list of items exempted under certain circumstances under the Freedom of Information Act.
  • The legislation establishes a Technology, Education and Cybersecurity Fund to be used by DoIT to promote and effectuate IT activities. It allows DoIT to accept grants and donations of services, equipment, supplies, materials or funds from the federal government or from any person or business to be used to promote IT or IT education and exempts the donations from the Procurement Code.
  • Requires every local government with a population of 35,000 or greater to designate a local official or employee as the primary point of contact for cybersecurity issues
  • Provides DoIT shall establish a cybersecurity liaison program to advise and assist local governments and school districts in identifying cyber threats, performing risk assessments, sharing best practices and responding to cyber incidents
  •  Requires every employee of a county, municipality and school district to annually complete cybersecurity training. DoIT will make a training program available, which the entities may use.

Bill: HB 5204
Sponsor: Rep. Wheeler
Status: House Commercial Law Subcommittee, Judiciary – Civil Committee
Position: Neutral
Description: Cybersecurity – Legal Defense
House Bill 5024 creates the Cybersecurity Compliance Act. The legislation creates an affirmative defense for every covered entity that creates, maintains, and complies with a written cybersecurity program that contains administrative, technical, and physical safeguards for the protection of either personal information or both personal information and restricted information and that reasonably conforms to an industry-recognized cybersecurity framework.

Bill: HB 5396 (HB 5396 & SB 2778 are companion bills)
Sponsor: Rep. Wheeler
Status: House Rules Committee
Position: Neutral
Description: IEMA – Cyber Attack
House Bill 5396 amends the Illinois Emergency management Agency Act to include “Cyber Attack” to the list of events and disasters to which the Governor, to the greatest extent practicable, may delegate or assign command authority to the Director of IEMA by orders issued at the time of a disaster.

Bill: HB 5398
Sponsor: Rep. Wehrli
Status: House Rules Committee
Position: Neutral
Description: Cyber Reserve
House Bill 5398 creates the Illinois Cyber Reserve Act and establishes the Illinois Cyber Reserve, to be administered by the Illinois Emergency Management Agency. The bill allows IEMA to accept volunteers by invitation of IEMA to serve in the Illinois Cyber Reserve and to deploy volunteers upon the occurrence of a cybersecurity incident. The bill establishes volunteer requirements regarding confidentiality and conflicts of interest, and it requires criminal history checks for volunteers. Volunteers are not liable for civil damages. Requires volunteers to provide assistance for 6 years from the time of deployment or for the time required under the Agency's record retention policies, whichever is longer, and assistance to be for 7 days unless a different period is specified in writing. The bill allows IEMA to enter into contracts with clients, provide training to individuals, and establish a fee schedule for clients.

Bill: SB 2778 (HB 3934 & HB 5396 are companion bills)
Sponsor: Sen. Hastings
Status: Senate Assignments Committee
Position: Neutral
Description: IEMA – Disaster – Cyber Attack
Senate Bill 2778 amends the Illinois Emergency management Agency Act to include “Cyber Attack” to the list of events and disasters to which the Governor, to the greatest extent practicable, may delegate or assign command authority to the Director of the IEMA by orders issued at the time of a disaster.

Bill: SB 3348 (HB 4442 is companion bill)
Sponsor: Sen. Sims
Status: Senate Floor – 2nd Reading
Position: Neutral
Description: Dept. of Innovation & Technology
Senate Bill 3348 updates the Department of Innovation and Technology Act. DoIT was established by Executive Order 2016-001 and this act provides for the implementation of the EO. The amendments to the act in SB 3348 expand the powers and duties of DoIT, particularly regarding the procurement of IT for state agencies:

  • Requires DoIT to develop and implement standards, policies and procedures to protect state data
  • Requires DoIT to provide the Governor with timely, comprehensive and meaningful information for IT fiscal policy. For this responsibility, the legislation provides DoIT with the power to do the following:
    • Control procurement for IT equipment
    • Establish standards for IT reporting
    • Establish pricing and charges for IT related services and reports
    • Instructs all state agencies to report to DoIT their usage of IT, costs incurred, information produced, and procedures followed
    • Instructs all state agencies to request assistance and consultation from DoIT when securing IT
    • Requires DoIT to examine accounts and IT data of any organization, body or agency receiving state appropriations from the General Assembly
    • Requires DoIT to analyze and present future need and requirements of IT and related equipment by the State and to formulate a master plan and engage in a continuing analysis of the master plan

Bill: SB 3518 (HB 4443 is companion bill)
Sponsor: Sen. Sims
Status: Senate Telecommunications & Information Technology Committee
Position: Neutral
Description: Cybersecurity – Information Technology – DoIT
Senate Bill 3518 does several things:

  • Adds cybersecurity vulnerabilities to the list of items exempted under certain circumstances under the Freedom of Information Act.
  • The legislation establishes a Technology, Education and Cybersecurity Fund to be used by DoIT to promote and effectuate IT activities. It allows DoIT to accept grants and donations of services, equipment, supplies, materials or funds from the federal government or from any person or business to be used to promote IT or IT education and exempts the donations from the Procurement Code.
  • Requires every local government with a population of 35,000 or greater to designate a local official or employee as the primary point of contact for cybersecurity issues
  • Provides DoIT shall establish a cybersecurity liaison program to advise and assist local governments and school districts in identifying cyber threats, performing risk assessments, sharing best practices and responding to cyber incidents
  • Requires every employee of a county, municipality and school district to annually complete cybersecurity training. DoIT will make a training program available, which the entities may use.