North Dakota Statewide Cybersecurity Laws: A Model Worth Watching
North Dakota, one of the least populated states in the country with 755,000 residents, is hit with nearly six million cyber attacks each month, a troubling number but not a lot compared to more populous states. Yet the state is among only three nationwide that have enacted at least two new cybersecurity laws so far this year, according to the National Conference of State Legislatures.
At least 36 states and Puerto Rico have considered some 160 bills related to cybersecurity in 2019. Only 21 of those have either been enacted or sent to their respective governors. Among those, two of the four bills proposed in North Dakota have been signed and another two are on Governor Doug Burgum’s desk for signature.
In terms of the number of cybersecurity proposals that became statewide law, last year wasn’t much better. In 2018, of the 265 cybersecurity bills proposed by 35 state legislatures, including Washington, D.C. and Puerto Rico, less than 20 percent became law. Certainly more populous states with many more cybersecurity-associated laws introduced or proposed will surpass North Dakota this year, but still the point remains: A small state by population is helping to lead the charge to protect its systems and its people from hackers.
North Dakota Cybersecurity Law
North Dakota’s latest cybersecurity law SB 2110 establishes a unified approach to cybersecurity across the state’s various agencies, including cities, counties, school districts and higher education. In the prior setup, the state’s entities made their own cybersecurity practices and standards. Burgam is asking the state for an additional $16 million through 2021 to fund the new process and structure. He also wants to move 145 employees from 17 different agencies into one shared IT organization to manage the state’s security risks.
The new law follows earlier legislation signed by the Governor that requires the state’s information technology department to investigate using distributed ledger technologies such as blockchain to improve internal data security and identify external hacking threats.
“This important investment in 21st-century critical infrastructure recognizes the increasingly digital world in which we live and the growing nature of cybersecurity threats. A unified approach to cybersecurity strengthens our ability to protect the state network’s 252,000 daily users and more than 400 entities from cyberattacks,” said Burgum, the former president of Great Plains Software and head of Microsoft’s Business Solutions unit. If any sitting governor would know about technology’s role in government it would be him.
Last year, new state laws in the nation focused on improving government security practices, funding programs, data security and workforce training. This year, the list has tightened up a bit, adding in security for connected devices, cybersecurity standards, elections security and creating task forces.