Senator Michael Moore (D-Millbury) can announce that today, his bill S.2088, an Act establishing a cybersecurity control and review commission, has been favorably reported out of the Joint Committee on State Administration and Regulatory Oversight.
“I think that given the severity of some of the cyberattacks we have witnessed throughout the rest of the country, we can count ourselves lucky in the Commonwealth,” said Senator Moore. “However, we are by no means immune to attacks that could threaten our technological and physical infrastructure or endanger the wellbeing and safety of our residents. This bill is a necessary step in improving our cybersecurity systems, and I thank Senator Pacheco and the other committee members for reporting this bill out favorably.”
“Cybersecurity is a critical priority for protecting the integrity of our public and private sector servers and the private information of internet users throughout the Commonwealth,” said Senator Marc R. Pacheco (D-Taunton), Senate Chair of the Joint Committee on State Administration & Regulatory Oversight. “The type of information that cyberattacks inherently target is simply too sensitive to leave unguarded. I am pleased that the Joint Committee on State Administration & Regulatory Oversight had the opportunity to advance this important legislation sponsored by Senator Moore that will identify threats and implement fundamental safeguards against cybercrime.”
This legislation comes at a critical time as the Commonwealth has been subject to several cyberattacks over the previous weeks and months. Earlier this spring, no one in the state was able to complete their vehicle inspection process due to a malware attack on the vendor who tracks these inspections. Just over a month ago the Massachusetts Steamship Authority suffered a ransomware attack that put a halt to the booking process for those trying to commute to and from Nantucket and Martha’s Vineyard. Additionally, according to FBI data, residents in Massachusetts lost approximately $100 million to cybercrimes in 2020. This legislation is also important giving the ever-growing threat of cyberattacks from foreign actors, such as those from Russia or China, who have already succeeded in stealing personal and sensitive pieces of data from various U.S. based companies and government agencies.
The bill would establish an expert commission to recommend cybersecurity standards for public agencies and private companies that contract with the Commonwealth. These standards would be based on best practices set forth by the National Institute of Standards and Technology Cybersecurity Framework. The commission would also work with private businesses that have a demonstrated track record of adhering to strong cybersecurity standards.
Having now been favorably reported out of committee, the bill will appear before the legislature for a first reading. The progress of the bill can be followed along here: https://malegislature.gov/Bills/192/S2088