State Bill of the Month — February 2024: Utah HB 239

HB 239 – Introduced by State Rep. Carl Albrecht (UT-101) and State Sen. Evan Vickers (UT-28).

The importance of promoting best cybersecurity practices cannot be overstated. Cyberattacks have become increasingly prominent across federal, state, and local governments. They are not just limited to corporations and private companies. According to the National Association of State Chief Intelligence Officers (NASCIO), increased funding for cybersecurity efforts has been the top priority for the past decade.[1] Any entity that handles a significant amount of taxpayer’s personal information should be taking steps to improve their cybersecurity measures.

Cyber-attacks have continued to increase in frequency and severity over the years. They are likely to further surge in the future, according to Google Cloud’s latest Cybersecurity Forecast. In 2023, “ there were many hacks perpetrated against governments, universities, the biggest corporations, and the biggest casinos.”[2] Even worse, the SEC had their X account hacked and a tweet was sent which disrupted the market. Effective cybersecurity policy and training is needed within all layers of government.

It is for these reasons, among others, that the Taxpayers Protection Alliance (TPA) is proud to make HB 239, a bill to require cybersecurity training for executive branch state employees, introduced by State Rep. Carl Albrecht (UT-101) and State Sen. Evan Vickers (UT-28), its State Bill of the Month for February 2024.

Background:

Online platforms and services have grown from startups into essential everyday products for the average American taxpayer and consumer. This rise also means sensitive information is put out into the web at unprecedented rates.

With an ever-increasing shift to keep records and information online, state and non-state entities alike have seen an increase in cyber-attacks by adversarial bodies. In May 2023, Russian cyber gang Clop infiltrated MOVEit, a file transfer product. MOVEit issued a patch on May 31^st following the reported vulnerability. The Department of Energy, multiple states, state-run retirement funds, broadcasting companies, and many universities had their data compromised.[3] Cybersecurity needs to be taken more serious at every level of government throughout the country.

Utah legislators are fighting to protect taxpayer information and to make sure bad actors are not getting their hands on that data. Cybersecurity training for state employees is a great start. Hopefully, elected officials add additional steps to safeguarding sensitive information online in the future.

HB 239 passed both chambers in Utah’s Legislature. It is currently awaiting delivery to Governor Spencer Cox’s desk, where we urge it to be promptly signed into law.

HB 239:

HB 239 would require state employees to get cybersecurity training. This would include recognizing and responding to cyberthreats, protecting sensitive data and information, password management, and other secure computing practices. Utah is taking steps to improve their cybersecurity, and this will pay dividends in the future.

This is why TPA is proud to make HB 239, introduced by State Rep. Carl Albrecht (UT-101) and State Sen. Evan Vickers (UT-28), its Bill of the Month for February 2024.