HB 239: Training State Employees to Avoid Cyber Attacks

This bill passed the House unanimously. Review our tracker for more information.

The last decade has seen an increase in sophisticated cybersecurity attacks on both the information held by state and local government agencies as well as critical infrastructure like power plants, water treatment plants, and more. Unfortunately, as an audit of the state of Utah revealed this summer, state and local agencies are unprepared to keep up with the growing complexity of cyberattackers. 

As we have written, the problem boils down to the basics of cybersecurity: training, incident protocols, and policies for responding to attackers. As the audit showed, cybersecurity training among employees at state agencies was well below what it needed to be. Clear policies to prevent cybersecurity vulnerabilities were either missing or vague, with the holder of the best policy being the Judiciary – a vague policy not updated since 2014. 

Fortunately, with the findings of the audit, Utah is taking action. HB 239, introduced by Rep. Carl Albrecht, would require training for state executive agency employees. While more should be done to enhance Utah’s cybersecurity resilience, HB 239 is a much-needed first step.