HOUSE OF REPRESENTATIVES

149th GENERAL ASSEMBLY

HOUSE BILL NO. 429

AN ACT TO AMEND TITLE 29 OF THE DELAWARE CODE RELATING TO THE DEPARTMENT OF TECHNOLOGY AND INFORMATION.

BE IT ENACTED BY THE GENERAL ASSEMBLY OF THE STATE OF DELAWARE:

Section 1. Amend Chapter 90C, Title 29 of the Delaware Code by making deletions as shown by strike through and insertions as shown by underline as follows:

Subchapter III. Cyber Security

§ 9030C. Delaware Cyber Security Advisory Council.

(a) There is hereby established a Delaware Cyber Security Advisory Council hereinafter referred to as the “DCSAC”. The DCSAC shall consist of fourteen ( 14) members to include the following :

(1) State Chief Information Officer, who shall serve as chair;

(2) State Chief Security Officer;

(3) Secretary of the Delaware Department of Safety and Homeland Security;

(4) Director of the Delaware Emergency Management Agency;

(5) Adjutant General of the Delaware National Guard;

(6) President of the League of Local Governments;

(7) President of the Delaware State Chamber of Commerce;

(8) President of the Delaware Association of School Administrators;

(9) Director of Consumer Protection of the Department of Justice

(10) 3 private sector representatives appointed by the Governor; and

(11) 2 representatives of Higher Education appointed by the Governor.

(b) Members serving by virtue of position may appoint a designee to serve.

(c) Members appointed by the Governor shall serve at the pleasure of the Governor.

(d) The duties of the DCSAC are to do all of the following:

(1) Facilitate cross-industry collaboration to share best practices and mitigate cyber security risks related to critical infrastructure and protected systems;

(2) Develop recommendations for improving the overall cyber security posture across all sectors in Delaware;

(3) Develop recommendations for increasing information sharing between all sectors in Delaware;

(4) Recommend resources and possible methods to accomplish the recommendations identified in subsection (d)(3);

(5) Provide recommendations to the Office of the Governor regarding the interoperability of equipment, technologies, and software infrastructure related to the cyberattacks and cybersecurity;

(6) Identify and participate in appropriate federal, multi-state, or private sector programs and efforts that support or complement its cybersecurity mission;

(7) Liaise with the National Cybersecurity and Communications Integration Center within the United States Department of Homeland Security, other state and federal agencies, and other public and private sector entities on issues relating to cybersecurity.

(e) The DCSAC may establish a subcommittee.

(1) The purpose and scope of the subcommittee will be the exchange of information about cybersecurity vulnerabilities and response plans with entities who do not wish to be publicly identified.

(2) The chair of the DCSAC will chair the subcommittee.

(3) The subcommittee will include at least three members of the DCSAC.

(4) The subcommittee will provide updates to the DCSAC as determined by DCSAC.

(5) The records of the subcommittee, including its summary information, findings, and recommendations, are not public records or subject to public inspection, except if shared with DCSAC.

(6) This subcommittee is not a public body subject to Chapter 100, Title 29 of the Delaware Code.

(f) The Delaware Department of Technology and Information shall provide staff and fiscal support to the DCSAC as part of the Department 's ongoing responsibility.

SYNOPSIS

Cybersecurity attacks, including data breaches, corporate theft, and sabotage perpetrated by state and non-state actors throughout the world present unique threats to Delaware residents, governments, businesses, and critical infrastructure. Statewide coordination is required to effectively ensure cybersecurity protection.

Cyber-attacks have increased significantly, providing evidence that information security must be strengthened to guard against threats. The State must leverage every partnership and mechanism available to combat the growing number of cyber-attacks and breaches. Trends show attacks growing by 64% annually. 84% of organizations have experienced cyber-attacks in the last 12 months.

This bill strengthens Delaware’s defenses by facilitating multi-industry coordination among critical sectors such as communications, emergency services, energy, financial services, healthcare, water, and government. The primary objectives of the Council will be to focus on sharing and analyzing cyber threat intelligence in a collaborative manner.