| Chapter 059 |
| 2022 -- H 7732 Enacted 06/15/2022 |
| A N A C T |
| RELATING TO ELECTIONS -- SECRETARY OF STATE |
Introduced By: Representatives Ruggiero, Abney, Speakman, Bennett, Potter, Serpa, Azzinaro, Noret, Alzate, and Morales |
| Date Introduced: March 02, 2022 |
| It is enacted by the General Assembly as follows: |
| SECTION 1. Section 17-6-1 of the General Laws in Chapter 17-6 entitled "Secretary of |
| State" is hereby amended to read as follows: |
| 17-6-1. General powers and duties. |
| (a) The secretary of state shall have those functions, powers, and duties relating to elections |
| that may be provided by this title or any other law not inconsistent with this chapter. The secretary |
| of state shall maintain a central roster of all elected and appointed officers of the state, including |
| for each officer the nature of the officer's tenure and the date of expiration of the officer's term of |
| office. The secretary of state shall maintain a central register of all persons registered to vote in the |
| several cities and towns and shall add, amend, delete, and cancel any names appearing on the |
| register as certified to the secretary by the several local boards and by the state board. |
| (b) The secretary of state may compile and publish a complete edition of the election law |
| that the secretary shall make available to all election officials and candidates upon request and |
| without charge. The secretary of state shall receive and file certificates of election results as |
| provided by this title. |
| (c) Notwithstanding any provisions of the general laws to the contrary, the office of the |
| secretary of state shall have the authority to submit and approve the specifications used by the |
| department of administration in procuring voting systems, voting system-related services, and |
| accessible voting equipment on behalf of the state. |
| (d) The secretary of state, with the assistance of the board of elections, shall conduct a |
| cybersecurity assessment of election systems and facilities. The cybersecurity assessment shall |
| include an assessment of the voter registration system, voting equipment, mechanisms to transmit |
| election results, electronic poll books, and security of facilities. |
| SECTION 2. Chapter 17-6 of the General Laws entitled "Secretary of State" is hereby |
| amended by adding thereto the following sections: |
| 17-6-1.4. Election systems cybersecurity review board. |
| (a) The secretary of state shall establish an election systems cybersecurity review board. |
| The review board shall be comprised of the secretary of state, or designee,; the executive director |
| of the board of elections, or designee,; the executive director of the Rhode Island League of Cities |
| and Towns, or designee,; a representative from the Rhode Island national guard,; a representative |
| from the Rhode Island state police,; and a representative from the Rhode Island division of |
| information technology. |
| (b) The secretary of state, or designee, shall serve as chairperson of the review board. |
| (c) It shall be the duty of the election systems cybersecurity review board to review the |
| assessments conducted by the board of elections and department of state and also to procure a third- |
| party assessment of the election systems. The review board will provide a security analysis of the |
| election systems and election facilities and shall issue a report based on its assessment with any |
| recommendations to improve the cybersecurity of the election systems and election facilities. |
| (d) The secretary of state shall adopt rules defining classes of protected election data and |
| establish best practices for identifying and reducing risk to the electronic use, storage, and |
| transmission of election data and the security of election systems. |
| (e) The cybersecurity review board shall issue a report no later than two (2) months prior |
| to a statewide primary election referenced in ยง 17-15-1. |
| 17-6-14. Cybersecurity training for local boards of canvassers. |
| The secretary of state shall offer training annually regarding cybersecurity best practices |
| to local boards of canvassers. |
| SECTION 3. Chapter 42-7 of the General Laws entitled "Executive Department" is hereby |
| amended by adding thereto the following section: |
| 42-7-9. Cybersecurity incident response group. |
| (a) The governor shall establish a cybersecurity incident response group, which shall |
| include the superintendent of the Rhode Island state police, or designee,; the adjutant general of |
| the Rhode Island national guard, or designee,; the director of the Rhode Island division of |
| information technology, or designee,; the director of the Rhode Island emergency management |
| agency, or designee,; the executive director of the Rhode Island League of Cities and Towns, or |
| designee; and the secretary of state, or designee. |
| (b) The cybersecurity incident response group shall: |
| (1) Establish communication protocols in the event of a breach of cybersecurity in any |
| agency or public body. The protocols shall include, but not be limited to: |
| (i) A list of potential cybersecurity breaches that would require reporting; |
| (ii) State and local entities covered within the communication plan; |
| (iii) Mechanisms to communicate a cybersecurity breach in a timely manner to members |
| of the public and other relevant parties who may be affected by the breach; and |
| (iv) Primary contact at each agency or public body. |
| (c) The cybersecurity incident response group shall also establish long-term policy |
| planning and goals for the state and municipalities regarding evolving cybersecurity threats and |
| how to address them in a coordinated manner. |
| (d) The cybersecurity incident response group shall be subject to chapter 46 of this title 42, |
| ("open meetings"), and chapter 2 of title 38, ("access to public records"). |
| SECTION 4. This act shall take effect upon passage. |
| ======== |
| LC004935 |
| ======== |