By Erica Young
The WV Press Association
CHARLESTON, W.Va. — The W.Va. House of Delegates’ Committee on Technology and Infrastructure held discussion Monday on HB 2452: Creation of the West Virginia Cybersecurity Office.
The bill was introduced by House Speaker Roger Hanshaw, R-Clay, and involves the creation of the West Virginia Cybersecurity Office. The office would be “under the supervision and control of a Chief Information Security Officer appointed by the Chief Technology Officer” and would “be staffed appropriately.”
During the initial questioning of counsel, some basics of the bill were clarified, including that there is a fiscal note that goes along with it and that it is not mandatory for certain agencies (such as the legislature) to participate.
To answer more specific questions, Joshua Spence, the Chief Technology officer for the West Virginia Office of Technology, addressed the delegates.
One of the main points of questioning regarding the potential new office was the cost. Delegate Tony Paynter, R-Wyoming, asked Spence if the Office of Technology would absorb additional costs following the startup of the new office or if it would require additional appropriations. Spence said that the fiscal note request was “about getting the program up and running quickly” and that additional costs would be “aligned to those critical risk identifiers and not the program itself.”
Delegate Evan Hansen, D-Monongalia, also questioned the bill’s financial aspects, asking for data on how much similar programs have cost other cities or states that have been “subject to cyber attacks.”
Spence cited the South Carolina data breach of 2012 and said that it cost the state a total of $14 million, as well as a Colorado Department of Transportation breach last year that lasted over 32 days. The initial response of this breach cost $1.5 million but $7 million is being projected. Atlanta was victim to a similar attack that is reported to have cost $9.5 million dollars, but is expected to be more than $17 million.
The other big topic of the meeting was whether or not West Virginia would truly need this new office. Delegate Paynter even asked Spence this directly.
Spence said that he does believe that the state would benefit from the new office because it would provide services that the Office of Technology currently does not offer, mainly protection.
He also said “We don’t give [citizens] a choice when it comes to going to the DMV. The state has a higher level of responsibility in protecting that information given that we’re not giving the citizens a choice.”
After a vote, the motion was approved to be reported to the floor with the recommendation that it pass and be referred to the Committee on Government Organization.
