CHAPTER 373

FORMERLY

HOUSE BILL NO. 429

AS AMENDED BY

HOUSE AMENDMENT NO. 3

AN ACT TO AMEND TITLE 29 OF THE DELAWARE CODE RELATING TO THE DEPARTMENT OF TECHNOLOGY AND INFORMATION.

BE IT ENACTED BY THE GENERAL ASSEMBLY OF THE STATE OF DELAWARE:

Section 1. Amend Chapter 90C, Title 29 of the Delaware Code by making deletions as shown by strike through and insertions as shown by underline as follows:

Subchapter III. Cyber Security

§ 9030C. Delaware Cyber Security Advisory Council.

(a) There is hereby established a Delaware Cyber Security Advisory Council hereinafter referred to as the “DCSAC”. The DCSAC shall consist of 17 members to include the following:

(1) State Chief Information Officer, who shall serve as chair;

(2) State Chief Security Officer;

(3) Secretary of the Delaware Department of Safety and Homeland Security;

(4) Director of the Delaware Emergency Management Agency;

(5) Adjutant General of the Delaware National Guard;

(6) President of the League of Local Governments;

(7) President of the Delaware State Chamber of Commerce;

(8) President of the Delaware Association of School Administrators;

(9) Director of Consumer Protection of the Department of Justice;

(10) Chief Justice of the Supreme Court;

(11) President of the Delaware Healthcare Association:

(12) 4 private sector representatives appointed by the Governor; and

(13) 2 representatives of Higher Education appointed by the Governor.

(b) Members serving by virtue of position may appoint a designee to serve.

(c) Members appointed by the Governor shall serve at the pleasure of the Governor.

(d) The duties of the DCSAC are to do all of the following:

(1) Facilitate cross-industry collaboration to share best practices and mitigate cyber security risks related to critical infrastructure and protected systems;

(2) Develop recommendations for improving the overall cyber security posture across all sectors in Delaware;

(3) Develop recommendations for increasing information sharing between all sectors in Delaware;

(4) Recommend resources and possible methods to accomplish the recommendations identified in subsection (d)(3);

(5) Provide recommendations to the Office of the Governor regarding the interoperability of equipment, technologies, and software infrastructure related to the cyberattacks and cybersecurity;

(6) Identify and participate in appropriate federal, multi-state, or private sector programs and efforts that support or complement its cybersecurity mission;

(7) Liaise with the National Cybersecurity and Communications Integration Center within the United States Department of Homeland Security, other state and federal agencies, and other public and private sector entities on issues relating to cybersecurity.

(e) The DCSAC may establish a subcommittee.

(1) The purpose and scope of the subcommittee will be the exchange of information about cybersecurity vulnerabilities and response plans with entities who do not wish to be publicly identified.

(2) The chair of the DCSAC will chair the subcommittee.

(3) The subcommittee will include at least three members of the DCSAC.

(4) The subcommittee will provide updates to the DCSAC as determined by DCSAC.

(5) The records of the subcommittee, including its summary information, findings, and recommendations, are not public records or subject to public inspection, except if shared with DCSAC.

(6) This subcommittee is not a public body subject to Chapter 100, Title 29 of the Delaware Code.

(f) The Delaware Department of Technology and Information shall provide staff and fiscal support to the DCSAC as part of the Department's ongoing responsibility.

Approved August 10, 2018