WeVote

Bill

Bill

HB 5638

Relating to the requirements of the state’s cyber security program and responsibilities and authority of the state chief information security officer

2026 Regular Session Introduced by Daniel Linville

West Virginia formalizes state cybersecurity program requirements and establishes Chief Information Security Officer authority to protect government systems and data from cyber threats.

Chapter 192, Acts, Regular Session, 2026
0
WeVote Research Nonpartisan
Bill Summary · HB 5638

Legislative bill overview

HB 5638 establishes and defines the requirements for West Virginia's state cybersecurity program and formally designates the State Chief Information Security Officer (CISO) role with specific responsibilities and authority. The bill clarifies the CISO's duties in protecting state information systems, data, and critical infrastructure from cyber threats.

Why is this important

State government systems handle sensitive citizen data, manage critical services, and control infrastructure that affects public safety. A formalized cybersecurity program with clear CISO authority helps prevent breaches, ransomware attacks, and system failures that could compromise services and expose personal information. This reflects a nationwide shift toward stronger cybersecurity governance following increased attacks on state and local governments.

Potential points of contention

  • Resource allocation: Establishing a comprehensive cybersecurity program requires funding for staff, technology, and training that may compete with other state priorities
  • Authority scope: Defining CISO power over various agencies and departments could create jurisdictional disputes or resistance from entities wanting operational independence
  • Compliance burden: New cybersecurity requirements may impose costs and operational changes on state agencies, particularly smaller ones with limited IT capacity

Compiled from official sources — confirm details with the bill’s official record.

Sign in to ask a question.