House Status:
Senate Status:
Senate Status:
Minutes for HB2292 - Committee on Judiciary
Short Title
Creating exemptions in the open records act for cyber security assessments, plans and vulnerabilities.
Minutes Content for Wed, Feb 17, 2021
Chairperson Patton opened the hearing on HB2292. Natalie Scott provided an overview of the bill. (Attachment 1) Ms. Scott stood for questions.
Proponent
Ellen Parker (Attachment 2) explained due to the nature of WaterOne’s operations and as mandated by the Federal Government, it has participated in security assessments which included cybersecurity assessments. Additionally, WaterOne has an Emergency Operations Plan which includes cybersecurity elements that is continuously updated in order to protect its facilities from threats. There are many examples, but the recent hack into a water treatment system in Florida highlights the unfortunate fact that utilities are targets of bad actors and would benefit from added protection of sensitive cybersecurity information.
Amanda Stanley (Attachment 3) stated that unfortunately, our municipalities are increasingly subject to cyber threats, and need to be able to protect their security protocols from attack. Making available information about what defensive measures were used to detect, prevent, or mitigate cyber security attacks can expose systems to additional attacks and result in increased vulnerabilities to the system. This increase in risk is substantial and justifies an explicit exemption for disclosure under the Kansas Open Records Act (KORA). They do believe current law already allows these records to be withheld under K.S.A. 45-22l(a)(l2) and K.S.A. 45-22l(a)(lO), by explicitly adding cybersecurity records to the list of exemptions, HB2292 removes any question regarding this state's public policy position on cybersecurity.
Written Proponent
- Emily Bradbury, Kansas Press Association (Attachment 4)
Chairperson Patton asked if there were any additional testimony. Being none, he closed the hearing on HB2292.
