MISSISSIPPI LEGISLATURE

2024 Regular Session

To: Technology

By: Senator(s) Williams, Blackmon, Barnett, Parker, Butler, Brumfield

Senate Bill 2698

(COMMITTEE SUBSTITUTE)

AN ACT TO CREATE THE CYBER SECURITY REVIEW BOARD; TO STIPULATE THAT THE BOARD SHALL BE RESPONSIBLE FOR ENSURING A COLLABORATIVE EFFORT TO ADDRESS CYBERSECURITY THREATS TO THE STATE OF MISSISSIPPI; TO NAME THE VOTING MEMBERS OF THE BOARD; TO NAME THE EX OFFICIO NONVOTING MEMBERS OF THE BOARD; TO ALLOW THE VOTING MEMBERS OF THE BOARD TO ADD EX OFFICIO NONVOTING MEMBERS OF THE BOARD AS NECESSARY; TO ALLOW THE BOARD TO ADOPT RULES WHICH GOVERN THE TIME AND PLACE OF MEETINGS ACCORDING TO CERTAIN REQUIREMENTS; TO REQUIRE THE BOARD TO PRODUCE A CYBERSECURITY REPORT AND PRESENT IT TO THE GOVERNOR, LIEUTENANT GOVERNOR, SPEAKER OF THE HOUSE OF REPRESENTATIVES, AND CHAIRMEN OF TECHNOLOGY COMMITTEES OF THE MISSISSIPPI SENATE AND THE MISSISSIPPI HOUSE OF REPRESENTATIVES; TO REQUIRE THE BOARD TO CREATE A LIST OF BEST CYBERSECURITY PRACTICES FOR DISTRIBUTION; TO CREATE THE CYBER SECURITY REVIEW BOARD FUND; AND FOR RELATED PURPOSES.

     BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF MISSISSIPPI:

     SECTION 1.  There is hereby created the "Cyber Security Review Board," which shall be responsible for ensuring a collaborative effort is made to address the cybersecurity threat posed to the State of Mississippi.  Responsibilities of the board include creating a system of reporting cybersecurity attacks within the state, researching and implementing best practices to mitigate cybersecurity risks, and connecting individuals and entities with federal and industry partners.

     SECTION 2.  The Cyber Security Review Board, hereafter referred to as the "board," shall consist of the following seven (7) members:

          (a)  The Executive Director of the Mississippi Office of Homeland Security, or his or her designee, as chairman of the board;

          (b)  The Executive Director of the Mississippi Department of Information Technology Services, or his or her designee, as vice chairman of the board;

          (c)  The Commissioner of the Department of Public Safety, or his or her designee;

          (d)  The Executive Director of the Mississippi Emergency Management Agency, or his or her designee;

          (e)  The Adjutant General of the Mississippi National Guard, or his or her designee;

          (f)  The State Superintendent of Education, as appointed by the Mississippi Board of Education, or his or her designee; and

          (g)  The Attorney General of Mississippi, or his or her designee.

     SECTION 3.  (1)  Ex officio nonvoting members of the board include:

          (a)  The President of the Mississippi Municipal League, or his or her designee;

          (b)  The Executive Director of the Mississippi Association of Supervisors staff, or his or her designee; and

          (c)  The Chairmen of the Technology Committees of the Mississippi Senate and the Mississippi House of Representatives, or their designees.

     (2)  The voting members of the Cyber Security Review Board may vote to expand the board with additional ex officio nonvoting members deemed necessary to provide expertise or access to resources involving cybersecurity.

     SECTION 4.  Within forty-five (45) days of passage of this act, the Executive Director of the Mississippi Office of Homeland Security shall call a meeting of the board.  The board shall adopt rules which govern the time of meetings, place of meetings, and the manner of conducting the business of the board.  The board shall meet at least monthly and select one (1) of the ex officio nonvoting members of the board to serve as secretary, whose role it shall be to maintain minutes of each meeting of the board.  After the conclusion of each meeting, the board shall send the minutes of the meeting to the Governor, Lieutenant Governor and the Chairmen of the Technology Committees of the Mississippi Senate and the Mississippi House of Representatives.

     A quorum shall be a majority of the voting members of the board.

     After twelve (12) consecutive monthly meetings, the board may vote to meet less frequently; however, the board shall meet at least once quarterly.

     SECTION 5.  The board shall produce a statewide cybersecurity report, which shall be presented to the Governor, Lieutenant Governor, Speaker of the House, and the Chairmen of the Technology Committees of the Mississippi Senate and Mississippi House of Representatives by December 15 each year.  The board shall also develop a list of best practices in cybersecurity to disburse throughout the state to various parties as deemed necessary by the board.

     SECTION 6.  (1)  There is created in the State Treasury a special fund to be known as the "Cyber Security Review Board Fund."  Any funds which may be needed for administrative and travel expenses shall be deposited in this special fund by the Department of Public Safety from the department's regular support appropriation.  The Cyber Security Review Board Fund is a special trust fund, and the interest earned thereon shall be credited to the fund.

     (2)  The Department of Public Safety shall adopt regulations for the administration of the fund.  The commissioner shall administer the fund, and expenditures may be made from the fund upon requisition by the commissioner.  The department shall spend monies in the fund by an annual appropriation approved by the Legislature.

     SECTION 7.  This act shall take effect and be in force from and after July 1, 2024.