The bill, approved on Wednesday by the senate, establishes a separate office inside the Chief Information Officer’s Office. For review, the bill now goes to the Senate.
The office will set security standards and create centralised procedures for handling the state’s information technology properties if approved by the full Legislature and signed by Gov. Jay Inslee.
The state auditor’s office said earlier this month that the violation involved third-party applications used to transmit files by the auditor’s office. Last month, the tech provider, Accellion, announced it had been targeted in December.
The bill would direct all state departments to implement systems that incorporate cybersecurity requirements set by the office and to disclose any significant cybersecurity incident within 24 hours, such as higher education institutions, the Legislature, the courts, and state agencies.
The new office would be the contact centre for all data privacy and confidentiality measures and would be responsible for reviewing all significant cybersecurity accidents.