WeVote

Bill

Bill

HB 1666

TO AMEND THE LAW CONCERNING THE ARKANSAS SELF-FUNDED CYBER RESPONSE PROGRAM.

2025 Regular Session Introduced by Kim Hammer and 1 co-sponsor

Act 656 strengthens Arkansas' cyber defenses by reimbursing local governments up to $50,000 for cyberattack losses and establishing minimum cybersecurity standards.

Notification that HB1666 is now Act 656
0
WeVote Research Nonpartisan
Bill Summary · HB 1666

Summary of House Bill 1666 (Act 656)

Purpose and Intent

House Bill 1666, now known as Act 656, aims to amend the existing laws governing the Arkansas Self-Funded Cyber Response Program. The primary goal of this legislation is to enhance the state's ability to respond to cyberattacks affecting governmental entities, thereby improving cybersecurity measures and support for local governments.

Key Provisions

The bill introduces several significant changes to the Arkansas Self-Funded Cyber Response Program, including:

Definitions

  • Cyber Response Contact: A designated individual or entity responsible for initial contact during a cyberattack.
  • Cyber Response Panel: A group of entities approved by the Arkansas Cyber Response Board that can be activated to assist affected governmental entities with forensic analysis and recovery efforts.

Program Coverage

  • The program will now reimburse participating governmental entities for losses incurred due to cyberattacks, secondary to any existing insurance coverage.
  • The maximum reimbursement amount is set at $50,000 for entities that do not meet minimum cybersecurity standards established by the board.

Cyber Response Board Responsibilities

  • The board is tasked with defining what constitutes a cyberattack based on industry standards, with an annual review of this definition.
  • Establishing minimum cybersecurity standards for participating entities.
  • Creating a cyber response panel and designating cyber response contacts to facilitate rapid response to cyber incidents.

Legal Liability Changes

  • The bill repeals previous provisions that held participating governmental entities liable for damages resulting from civil rights violations or tortious conduct by public officials or employees in the context of cyberattacks.

Affected Parties

The legislation impacts:
- Participating Governmental Entities: This includes counties, municipalities, and school districts within Arkansas that may experience cyberattacks.
- Arkansas Cyber Response Board: The board will have expanded responsibilities and authority under the amended provisions.

Procedural Timeline

  • Introduced: March 4, 2025
  • Passed by House: March 10, 2025
  • Passed by Senate: April 10, 2025 (with amendments)
  • Signed into Law: April 16, 2025

Conclusion

Act 656 represents a proactive approach by the state of Arkansas to bolster its cybersecurity framework for local governments. By establishing clear definitions, responsibilities, and reimbursement mechanisms, the legislation aims to enhance the resilience of governmental entities against cyber threats.

Compiled from official sources — confirm details with the bill’s official record.

Sign in to ask a question.