Volume 40 - Issue 29 - July 22, 2021
State of Kansas
Office of the Governor
Executive Order No. 21-25
Establishing the Governor’s Cybersecurity Task Force
WHEREAS, critical infrastructure, information systems, and networks in Kansas and around the globe face a barrage of increasingly sophisticated cyber-attacks perpetrated by foreign and domestic actors;
WHEREAS, protecting Kansas’ digital infrastructure is vital to ensuring continued access to critical services provided by both the public and private sectors;
WHEREAS, ransomware attacks in 2019 cost government agencies, academic institutions, and healthcare providers more than $7.5 billion in information loss and operations disruption;
WHEREAS, based on an assessment by the U.S. Department of Justice, 2020 was the worst year on record for ransomware and extortion-related cyber-attacks;
WHEREAS, significant disruptions to economic activity, citizens’ privacy, public safety, and the consistent delivery of services have occurred and will continue to occur as a direct result of cyber-attacks on critical infrastructure;
WHEREAS, healthcare facilities, water treatment plants, local governments, small businesses, and other entities across Kansas have been the targets of cyber-attacks in recent years;
WHEREAS, cyber-attacks pose a persistent threat to confidence in public institutions;
WHEREAS, an effective response to escalating and rapidly evolving cybercrime requires a sustained and coordinated partnership between state government, the private sector, local governments, law enforcement agencies, and other entities that embraces a “whole-of-state” approach to cybersecurity;
WHEREAS, the increasing frequency, severity, and complexity of cyber-attacks necessitates enhanced levels of incident management, information sharing, coordination, and emergency response between state government, local government, the private sector, law enforcement agencies, academic institutions, federal agencies, and other entities to best protect Kansans and their digital assets;
WHEREAS, Kansas is well-positioned to benefit from lessons learned by other states that have implemented cybersecurity initiatives and the U.S. Department of Homeland Security;
WHEREAS, this Administration will do whatever it can to improve Kansas’ cybersecurity posture and resilience.
NOW, THEREFORE, pursuant to the authority vested in me as Governor of the State of Kansas, I hereby establish the Governor’s Cybersecurity Task Force (“Task Force”):
- Membership. The Governor shall appoint the following to serve as members of the Task Force:
- The State Chief Information Technology Officer, or designee (ex officio)
- The State Chief Information Security Officer, or designee (ex officio)
- The Adjutant General of the Kansas National Guard, or designee (ex officio)
- The Attorney General, or designee (ex officio)
- The Secretary of State, or designee (ex officio)
- The Director of the Kansas Criminal Justice Information System (ex officio)
- The Director of the Kansas Intelligence Fusion Center (ex officio)
- A representative from the Kansas Division of Emergency Management
- A representative of county governments
- A representative of municipal governments
- A representative from a Regents institution
- Two representatives of critical infrastructure sectors such as energy, healthcare, or transportation
- Two representatives from the Joint Committee on Information Technology
- Additional individuals the Governor determines have relevant experience or qualifications; if appropriate, the Governor may determine that any such individual should serve in an advisory, non-voting capacity.
- Organization. The Governor shall select a chair and vice-chair, or co-chairs, from the Task Force’s membership, and the Task Force may establish rules for the Task Force’s meetings and conduct of business.
- Terms. Members shall serve at the pleasure of the governor.
- Members shall receive no compensation or reimbursements for expenses and shall serve voluntarily. Officers or employees of state agencies who are appointed to the Task Force as part of their duties shall be authorized to participate on the Task Force and may claim subsistence, allowance, mileage, or associated expenses from their respective agency budgets as permitted by law.
- The Task Force shall be subject to the Kansas Open Records Act and the Kansas Open Meetings Act.
- Plans, reports, or recommendations of any nature adopted by the Task Force shall be considered advice to the Governor, and shall not be construed as official policies, positions, or interpretations of laws, rules, or regulations by any department or agency of state government, nor shall any such department or agency be bound in any manner to consider such advice when conducting their advisory and regulatory affairs.
- The Task Force shall:
- Facilitate cross-industry and cross-government collaboration to share best practices and mitigate cybersecurity risks related to critical infrastructure and protected systems;
- Identify opportunities to improve the overall cyber security posture across all levels of government within Kansas;
- Identify partnerships and avenues to maximize and leverage existing cybersecurity resources within the state;
- Develop a framework for coordinated information sharing, response, simulation, testing, and mutual assistance between the government and private sectors;
- Develop a coordinated and collaborative State of Kansas Cyber Response Plan;
- Recommend appropriate and cost-effective safeguards to reduce, eliminate, or recover from identified threats to data;
- Recommend resources and possible methods to accomplish the recommendations identified above; and
- Within 90 days of the date of this order, submit to the Governor an initial report detailing recommendations and proposals for the Task Force’s future work. By December 5, 2021, the Task Force shall submit a comprehensive report and recommendations to the Governor.
- The Task Force shall meet as determined by the chairs in order to meet the obligations set forth by this order.
- The Task Force shall be staffed by the Kansas Information Security Office.
This document shall be filed with the Secretary of State as Executive Order 21-25. It shall become effective immediately and remain in force until June 30, 2022.
Dated July 13, 2021.
Doc. No. 049299