2024 Bills

HB 239: Training State Employees to Avoid Cyber Attacks

To track the status of this bill, find it on our Legislation Tracker. Click here to contact the sponsor of the bill to share your thoughts, or click here to email your Senator and Representative about it.

Libertas Institute supports this bill

Staff review of this legislation finds that it aligns with our principles and should therefore be passed into law.

The last decade has seen an increase in sophisticated cybersecurity attacks on both the information held by state and local government agencies as well as critical infrastructure like power plants, water treatment plants, and more. Unfortunately, as an audit of the state of Utah revealed this summer, state and local agencies are unprepared to keep up with the growing complexity of cyberattackers. 

As we have written, the problem boils down to the basics of cybersecurity: training, incident protocols, and policies for responding to attackers. As the audit showed, cybersecurity training among employees at state agencies was well below what it needed to be. Clear policies to prevent cybersecurity vulnerabilities were either missing or vague, with the holder of the best policy being the Judiciary – a vague policy not updated since 2014. 

Fortunately, with the findings of the audit, Utah is taking action. HB 239, introduced by Rep. Carl Albrecht, would require training for state executive agency employees. While more should be done to enhance Utah’s cybersecurity resilience, HB 239 is a much-needed first step.