WeVote

Bill

Bill

HB 2672

An Act amending the act of April 9, 1929 (P.L.177, No.175), known as The Administrative Code of 1929, in organization of departmental administrative boards and commissions and of advisory boards and commissions, providing for Cybersecurity Coordination Board.

2025-2026 Regular Session Introduced by Danilo Burgos and 7 co-sponsors

Creates a centralized Cybersecurity Coordination Board to lead statewide cybersecurity strategy, standards, incident response, and interagency coordination.

Referred to Communications & Technology
0
WeVote Research Nonpartisan
Bill Summary · HB 2672

Summary of HB 2672 (Session 2025-2026) – Pennsylvania

Purpose and intent

HB 2672 proposes amendments to the Administrative Code of 1929 (24 P.S. Chapter 5, previously known as the act of April 9, 1929, P.L.177, No.175) to establish and define a Cybersecurity Coordination Board within the Commonwealth’s administrative framework. The bill aims to formalize cybersecurity coordination across state agencies by creating a dedicated board responsible for strategy, oversight, and prioritization of cybersecurity initiatives.

Key provisions and changes

  • Creation/ designation of a Cybersecurity Coordination Board: The bill establishes a new board intended to centralize leadership and coordination of cybersecurity efforts across Pennsylvania state government.
  • Organization within the Administrative Code: The board is to be organized under the framework of departmental administrative boards and commissions and advisory boards, as referenced in the Administrative Code, aligning with existing governance structures.
  • Roles and responsibilities (likely provisions):
    • Develop statewide cybersecurity strategy and standards.
    • Coordinate incident response planning and information sharing among agencies.
    • Recommend budget and resource implications for cybersecurity across state government.
    • Oversee implementation of cybersecurity policies, best practices, and compliance with applicable laws.
  • Advisory and interagency collaboration: The board would facilitate collaboration among state agencies, potentially including law enforcement, emergency management, IT operations, and statutory boards, to ensure a unified approach to cyber threat management.
  • Reporting and oversight provisions (likely): The board may have reporting duties to the General Assembly or relevant oversight bodies, detailing progress, risk assessments, and recommended legislation or funding.

Who or what would be affected

  • State agencies and departments: The new Cybersecurity Coordination Board would oversee and coordinate cybersecurity activities across Pennsylvania’s executive branch, affecting IT governance, security policies, and incident response.
  • Administrative code framework: The bill integrates the board within the existing structure of departmental and advisory boards, ensuring compatibility with current governance processes.
  • Policy and funding decisions: Agencies would respond to prioritization, standards, and resource allocation guidance issued by the board.

Procedural and timeline aspects

  • Legislative process: As a bill amending the Administrative Code, HB 2672 would follow standard PA legislative procedures, including committee referral, potential hearings, passage by both chambers, and gubernatorial action.
  • Effective date (to be determined): The act’s provisions would take effect on a date specified within the bill or upon publication as enacted, with potential phased implementation depending on appropriations and transition planning.
  • Sponsorship: The bill has multiple co-sponsors, indicating cross-party or cross-chamber support dynamics. Notable co-sponsors include Melissa Shusterman, La'Tasha Mayes, Maureen Madden, Malcolm Kenyatta, Danilo Burgos, and Ben Sanchez.

Potential impact and considerations

  • Strengthened cybersecurity governance: A centralized board could enhance consistency of policies, standards, and incident response across state government.
  • Resource implications: Establishing and operating the board may require new funding, staffing, and IT resources; the bill may include budgetary considerations.
  • Policy alignment: Could influence procurement, risk management, data protection, and collaboration with critical infrastructure sectors.
  • Implementation challenges: Success depends on clear authority, defined scope, measurable performance metrics, and effective coordination with agency Chief Information Security Officers (CISOs) and IT leaders.

If you’d like, I can add a section outlining potential questions for committees (e.g., scope of authority, funding mechanism, interaction with federal cybersecurity programs) or compare with similar cybersecurity governance structures in other states.

Compiled from official sources — confirm details with the bill’s official record.

Sign in to ask a question.