2022 -- H 7732 | |
======== | |
LC004935 | |
======== | |
STATE OF RHODE ISLAND | |
IN GENERAL ASSEMBLY | |
JANUARY SESSION, A.D. 2022 | |
____________ | |
A N A C T | |
RELATING TO ELECTIONS -- SECRETARY OF STATE | |
| |
Introduced By: Representatives Ruggiero, Abney, Speakman, Bennett, Potter, Serpa, | |
Date Introduced: March 02, 2022 | |
Referred To: House State Government & Elections | |
(Secretary of State) | |
It is enacted by the General Assembly as follows: | |
1 | SECTION 1. Section 17-6-1 of the General Laws in Chapter 17-6 entitled "Secretary of |
2 | State" is hereby amended to read as follows: |
3 | 17-6-1. General powers and duties. |
4 | (a) The secretary of state shall have those functions, powers, and duties relating to elections |
5 | that may be provided by this title or any other law not inconsistent with this chapter. The secretary |
6 | of state shall maintain a central roster of all elected and appointed officers of the state, including |
7 | for each officer the nature of the officer's tenure and the date of expiration of the officer's term of |
8 | office. The secretary of state shall maintain a central register of all persons registered to vote in the |
9 | several cities and towns and shall add, amend, delete, and cancel any names appearing on the |
10 | register as certified to the secretary by the several local boards and by the state board. |
11 | (b) The secretary of state may compile and publish a complete edition of the election law |
12 | that the secretary shall make available to all election officials and candidates upon request and |
13 | without charge. The secretary of state shall receive and file certificates of election results as |
14 | provided by this title. |
15 | (c) Notwithstanding any provisions of the general laws to the contrary, the office of the |
16 | secretary of state shall have the authority to submit and approve the specifications used by the |
17 | department of administration in procuring voting systems, voting system-related services, and |
18 | accessible voting equipment on behalf of the state. |
19 | (d) The secretary of state, with the assistance of the board of elections shall conduct a |
| |
1 | cybersecurity assessment of election systems and facilities. The cybersecurity assessment shall |
2 | include an assessment of the voter registration system, voting equipment, mechanisms to transmit |
3 | election results, electronic poll books, and security of facilities. |
4 | SECTION 2. Chapter 17-6 of the General Laws entitled "Secretary of State" is hereby |
5 | amended by adding thereto the following sections: |
6 | 17-6-1.4. Election systems cybersecurity review board. |
7 | (a) The secretary of state shall establish an election systems cybersecurity review board. |
8 | The review board shall be comprised of the secretary of state, or designee, the executive director |
9 | of the board of elections, or designee, the executive director of the Rhode Island League of Cities |
10 | and Towns, or designee, a representative from the Rhode Island national guard, a representative |
11 | from the Rhode Island state police, and a representative from the Rhode Island division of |
12 | information technology. |
13 | (b) The secretary of state, or designee, shall serve as chairperson of the review board. |
14 | (c) It shall be the duty of the election systems cybersecurity review board to review the |
15 | assessments conducted by the board of elections and department of state and also to procure a third- |
16 | party assessment of the election systems. The review board will provide a security analysis of the |
17 | election systems and election facilities and shall issue a report based on its assessment with any |
18 | recommendations to improve the cybersecurity of the election systems and election facilities. |
19 | (d) The secretary of state shall adopt rules defining classes of protected election data and |
20 | establish best practices for identifying and reducing risk to the electronic use, storage, and |
21 | transmission of election data and the security of election systems. |
22 | (e) The cybersecurity review board shall issue a report no later than two (2) months prior |
23 | to a statewide primary election referenced in ยง 17-15-1. |
24 | 17-6-14. Cybersecurity training for local boards of canvassers. |
25 | The secretary of state shall offer training annually regarding cybersecurity best practices |
26 | to local boards of canvassers. |
27 | SECTION 3. Chapter 42-7 of the General Laws entitled "Executive Department" is hereby |
28 | amended by adding thereto the following section: |
29 | 42-7-9. Cybersecurity incident response group. |
30 | (a) The governor shall establish a cybersecurity incident response group, which shall |
31 | include the superintendent of the Rhode Island state police, or designee, the adjutant general of the |
32 | Rhode Island national guard, or designee, the director of the Rhode Island division of information |
33 | technology, or designee, the director of the Rhode Island emergency management agency, or |
34 | designee, executive director of the Rhode Island League of Cities and Towns, or designee and the |
| LC004935 - Page 2 of 4 |
1 | secretary of state, or designee. |
2 | (b) The cybersecurity incident response group shall: |
3 | (1) Establish communication protocols in the event of a breach of cybersecurity in any |
4 | agency or public body. The protocols shall include, but not be limited to: |
5 | (i) A list of potential cybersecurity breaches that would require reporting; |
6 | (ii) State and local entities covered within the communication plan; |
7 | (iii) Mechanisms to communicate a cybersecurity breach in a timely manner to members |
8 | of the public and other relevant parties who may be affected by the breach; and |
9 | (iv) Primary contact at each agency or public body. |
10 | (c) The cybersecurity incident response group shall also establish long-term policy |
11 | planning and goals for the state and municipalities regarding evolving cybersecurity threats and |
12 | how to address them in a coordinated manner. |
13 | (d) The cybersecurity incident response group shall be subject to chapter 46 of title 42, |
14 | ("open meetings"), and chapter 2 of title 38, ("access to public records"). |
15 | SECTION 4. This act shall take effect upon passage. |
======== | |
LC004935 | |
======== | |
| LC004935 - Page 3 of 4 |
EXPLANATION | |
BY THE LEGISLATIVE COUNCIL | |
OF | |
A N A C T | |
RELATING TO ELECTIONS -- SECRETARY OF STATE | |
*** | |
1 | This act would authorize the secretary of state and board of elections to conduct an |
2 | extensive cybersecurity assessment of our election systems and facilities and to establish a |
3 | cybersecurity review board to review and assess our election system. It would also create a |
4 | cybersecurity incident response group to adopt protocols in the event of any agency or public body |
5 | breaches of cybersecurity. |
6 | This act would take effect upon passage. |
======== | |
LC004935 | |
======== | |
| LC004935 - Page 4 of 4 |