2022 -- H 6668

========

LC003427

========

     STATE OF RHODE ISLAND

IN GENERAL ASSEMBLY

JANUARY SESSION, A.D. 2022

____________

A N   A C T

RELATING TO ELECTIONS -- SECRETARY OF STATE

     

     Introduced By: Representatives Ruggiero, Donovan, Abney, Hull, Morales, Shallcross
Smith, Fenton-Fung, McGaw, Shanley, and Serpa

     Date Introduced: January 06, 2022

     Referred To: House Innovation, Internet, & Technology

     (Secretary of State)

It is enacted by the General Assembly as follows:

1

     SECTION 1. Section 17-6-1 of the General Laws in Chapter 17-6 entitled "Secretary of

2

State" is hereby amended to read as follows:

3

     17-6-1. General powers and duties.

4

     (a) The secretary of state shall have those functions, powers, and duties relating to elections

5

that may be provided by this title or any other law not inconsistent with this chapter. The secretary

6

of state shall maintain a central roster of all elected and appointed officers of the state, including

7

for each officer the nature of the officer's tenure and the date of expiration of the officer's term of

8

office. The secretary of state shall maintain a central register of all persons registered to vote in the

9

several cities and towns and shall add, amend, delete, and cancel any names appearing on the

10

register as certified to the secretary by the several local boards and by the state board.

11

     (b) The secretary of state may compile and publish a complete edition of the election law

12

that the secretary shall make available to all election officials and candidates upon request and

13

without charge. The secretary of state shall receive and file certificates of election results as

14

provided by this title.

15

     (c) Notwithstanding any provisions of the general laws to the contrary, the office of the

16

secretary of state shall have the authority to submit and approve the specifications used by the

17

department of administration in procuring voting systems, voting system-related services, and

18

accessible voting equipment on behalf of the state.

19

     (d) The secretary of state, with the assistance of the board of elections shall conduct a

 

1

cybersecurity assessment of election systems and facilities. The cybersecurity assessment shall

2

include an assessment of the voter registration system, voting equipment, mechanisms to transmit

3

election results, electronic poll books, and security of facilities.

4

     SECTION 2. Chapter 17-6 of the General Laws entitled "Secretary of State" is hereby

5

amended by adding thereto the following sections:

6

     17-6-1.4. Election systems cybersecurity review board.

7

     (a) The secretary of state shall establish an election systems cybersecurity review board.

8

The review board shall be comprised of the secretary of state or designee, executive director of the

9

board of elections or designee, executive director of the Rhode Island League of Cities and Towns

10

or designee, a representative from the Rhode Island national guard, a representative from the Rhode

11

Island state police, and a representative from the Rhode Island division of information technology.

12

     (b) The secretary of state or designee shall serve as chairperson of the review board.

13

     (c) It shall be the duty of the election systems' cybersecurity review board to review the

14

assessments conducted by the board of elections and department of state and also to procure a third-

15

party assessment of the election systems. The review board will provide a security analysis of the

16

election systems and election facilities and shall issue a report based on its assessment with any

17

recommendations to improve the cybersecurity of the election systems and election facilities.

18

     (d) The secretary of state shall adopt rules defining classes of protected election data and

19

establish best practices for identifying and reducing risk to the electronic use, storage, and

20

transmission of election data and the security of election systems.

21

     (e) The cybersecurity review board shall issue a report no later than two (2) months prior

22

to a statewide primary election referenced in ยง 17-15-1.

23

     17-6-14. Cybersecurity training for local boards of canvassers.

24

     The secretary of state shall offer training annually regarding cybersecurity best practices

25

to local boards of canvassers.

26

     SECTION 3. Chapter 42-7 of the General Laws entitled "Executive Department" is hereby

27

amended by adding thereto the following section:

28

     42-7-9. Cybersecurity incident response group.

29

     (a) The governor shall establish a cybersecurity incident response group, which shall

30

include the superintendent of the Rhode Island state police or designee, adjutant general of the

31

Rhode Island national guard or designee, director of the Rhode Island division of information

32

technology or designee, director of the Rhode Island emergency management agency or designee

33

and the secretary of state or designee.

34

     (b) The cybersecurity incident response group shall:

 

LC003427 - Page 2 of 4

1

     (1) Establish communication protocols in the event of a breach of cybersecurity in any

2

agency or public body. The protocols shall include, but not be limited to:

3

     (i) A list of potential cybersecurity breaches that would require reporting;

4

     (ii) State and local entities covered within the communication plan;

5

     (iii) Mechanisms to communicate a cybersecurity breach in a timely manner to members

6

of the public and other relevant parties who may be affected by the breach; and

7

     (iv) Primary contact at each agency or public body.

8

     (c) The cybersecurity incident response group shall also establish long-term policy

9

planning and goals for the state regarding evolving cybersecurity threats and how to address them

10

in a coordinated manner.

11

     (d) The cybersecurity incident response group shall be subject to chapter 46 of title 42,

12

("open meetings"), and chapter 2 of title 38, ("access to public records").

13

     SECTION 4. This act shall take effect upon passage.

========

LC003427

========

 

LC003427 - Page 3 of 4

EXPLANATION

BY THE LEGISLATIVE COUNCIL

OF

A N   A C T

RELATING TO ELECTIONS -- SECRETARY OF STATE

***

1

     This act would authorize the secretary of state and board of elections to conduct an

2

extensive cybersecurity assessment of our election systems and facilities and to establish a

3

cybersecurity review board to review and assess our election system. It also creates a cybersecurity

4

incident response group to adopt protocols in the event of any agency or public body breaches of

5

cybersecurity.

6

     This act would take effect upon passage.

========

LC003427

========

 

LC003427 - Page 4 of 4