2022 -- H 6668 | |
======== | |
LC003427 | |
======== | |
STATE OF RHODE ISLAND | |
IN GENERAL ASSEMBLY | |
JANUARY SESSION, A.D. 2022 | |
____________ | |
A N A C T | |
RELATING TO ELECTIONS -- SECRETARY OF STATE | |
| |
Introduced By: Representatives Ruggiero, Donovan, Abney, Hull, Morales, Shallcross | |
Date Introduced: January 06, 2022 | |
Referred To: House Innovation, Internet, & Technology | |
(Secretary of State) | |
It is enacted by the General Assembly as follows: | |
1 | SECTION 1. Section 17-6-1 of the General Laws in Chapter 17-6 entitled "Secretary of |
2 | State" is hereby amended to read as follows: |
3 | 17-6-1. General powers and duties. |
4 | (a) The secretary of state shall have those functions, powers, and duties relating to elections |
5 | that may be provided by this title or any other law not inconsistent with this chapter. The secretary |
6 | of state shall maintain a central roster of all elected and appointed officers of the state, including |
7 | for each officer the nature of the officer's tenure and the date of expiration of the officer's term of |
8 | office. The secretary of state shall maintain a central register of all persons registered to vote in the |
9 | several cities and towns and shall add, amend, delete, and cancel any names appearing on the |
10 | register as certified to the secretary by the several local boards and by the state board. |
11 | (b) The secretary of state may compile and publish a complete edition of the election law |
12 | that the secretary shall make available to all election officials and candidates upon request and |
13 | without charge. The secretary of state shall receive and file certificates of election results as |
14 | provided by this title. |
15 | (c) Notwithstanding any provisions of the general laws to the contrary, the office of the |
16 | secretary of state shall have the authority to submit and approve the specifications used by the |
17 | department of administration in procuring voting systems, voting system-related services, and |
18 | accessible voting equipment on behalf of the state. |
19 | (d) The secretary of state, with the assistance of the board of elections shall conduct a |
| |
1 | cybersecurity assessment of election systems and facilities. The cybersecurity assessment shall |
2 | include an assessment of the voter registration system, voting equipment, mechanisms to transmit |
3 | election results, electronic poll books, and security of facilities. |
4 | SECTION 2. Chapter 17-6 of the General Laws entitled "Secretary of State" is hereby |
5 | amended by adding thereto the following sections: |
6 | 17-6-1.4. Election systems cybersecurity review board. |
7 | (a) The secretary of state shall establish an election systems cybersecurity review board. |
8 | The review board shall be comprised of the secretary of state or designee, executive director of the |
9 | board of elections or designee, executive director of the Rhode Island League of Cities and Towns |
10 | or designee, a representative from the Rhode Island national guard, a representative from the Rhode |
11 | Island state police, and a representative from the Rhode Island division of information technology. |
12 | (b) The secretary of state or designee shall serve as chairperson of the review board. |
13 | (c) It shall be the duty of the election systems' cybersecurity review board to review the |
14 | assessments conducted by the board of elections and department of state and also to procure a third- |
15 | party assessment of the election systems. The review board will provide a security analysis of the |
16 | election systems and election facilities and shall issue a report based on its assessment with any |
17 | recommendations to improve the cybersecurity of the election systems and election facilities. |
18 | (d) The secretary of state shall adopt rules defining classes of protected election data and |
19 | establish best practices for identifying and reducing risk to the electronic use, storage, and |
20 | transmission of election data and the security of election systems. |
21 | (e) The cybersecurity review board shall issue a report no later than two (2) months prior |
22 | to a statewide primary election referenced in ยง 17-15-1. |
23 | 17-6-14. Cybersecurity training for local boards of canvassers. |
24 | The secretary of state shall offer training annually regarding cybersecurity best practices |
25 | to local boards of canvassers. |
26 | SECTION 3. Chapter 42-7 of the General Laws entitled "Executive Department" is hereby |
27 | amended by adding thereto the following section: |
28 | 42-7-9. Cybersecurity incident response group. |
29 | (a) The governor shall establish a cybersecurity incident response group, which shall |
30 | include the superintendent of the Rhode Island state police or designee, adjutant general of the |
31 | Rhode Island national guard or designee, director of the Rhode Island division of information |
32 | technology or designee, director of the Rhode Island emergency management agency or designee |
33 | and the secretary of state or designee. |
34 | (b) The cybersecurity incident response group shall: |
| LC003427 - Page 2 of 4 |
1 | (1) Establish communication protocols in the event of a breach of cybersecurity in any |
2 | agency or public body. The protocols shall include, but not be limited to: |
3 | (i) A list of potential cybersecurity breaches that would require reporting; |
4 | (ii) State and local entities covered within the communication plan; |
5 | (iii) Mechanisms to communicate a cybersecurity breach in a timely manner to members |
6 | of the public and other relevant parties who may be affected by the breach; and |
7 | (iv) Primary contact at each agency or public body. |
8 | (c) The cybersecurity incident response group shall also establish long-term policy |
9 | planning and goals for the state regarding evolving cybersecurity threats and how to address them |
10 | in a coordinated manner. |
11 | (d) The cybersecurity incident response group shall be subject to chapter 46 of title 42, |
12 | ("open meetings"), and chapter 2 of title 38, ("access to public records"). |
13 | SECTION 4. This act shall take effect upon passage. |
======== | |
LC003427 | |
======== | |
| LC003427 - Page 3 of 4 |
EXPLANATION | |
BY THE LEGISLATIVE COUNCIL | |
OF | |
A N A C T | |
RELATING TO ELECTIONS -- SECRETARY OF STATE | |
*** | |
1 | This act would authorize the secretary of state and board of elections to conduct an |
2 | extensive cybersecurity assessment of our election systems and facilities and to establish a |
3 | cybersecurity review board to review and assess our election system. It also creates a cybersecurity |
4 | incident response group to adopt protocols in the event of any agency or public body breaches of |
5 | cybersecurity. |
6 | This act would take effect upon passage. |
======== | |
LC003427 | |
======== | |
| LC003427 - Page 4 of 4 |