Senate
File
2391
S-5086
Amend
Senate
File
2391
as
follows:
1
1.
By
striking
everything
after
the
enacting
clause
and
2
inserting:
3
<
Section
1.
NEW
SECTION
.
8H.1
Requirement
to
report
a
4
ransomware
attack.
5
If
the
state
or
a
political
subdivision
of
the
state
is
6
subject
to
a
ransomware
attack,
the
state
or
the
political
7
subdivision
shall
provide
notice
of
the
ransomware
attack
to
8
the
office
of
the
chief
information
officer
following
discovery
9
of
the
ransomware
attack.
The
notice
shall
be
provided
in
10
the
most
expeditious
manner
possible
and
without
unreasonable
11
delay.
The
office
of
the
chief
information
officer
shall
adopt
12
rules
establishing
notification
procedures
pursuant
to
this
13
section.
For
purposes
of
this
chapter,
“ransomware
attack”
14
means
carrying
out
until
payment
is
made,
or
threatening
to
15
carry
out
until
payment
is
made,
any
of
the
following
actions:
16
an
act
declared
unlawful
pursuant
to
section
715.4;
a
“breach
17
of
security”
as
defined
in
section
715C.1;
or
the
use
of
any
18
form
of
software
that
results
in
the
unauthorized
encryption
of
19
data,
the
denial
of
access
to
data,
the
denial
of
access
to
a
20
computer,
or
the
denial
of
access
to
a
computer
system.
21
Sec.
2.
RANSOMWARE
TASK
FORCE.
22
1.
The
office
of
the
chief
information
officer
and
the
23
department
of
homeland
security
and
emergency
management
shall
24
convene
a
task
force
to
meet
during
the
2020
legislative
25
interim
to
study
the
threat
of
ransomware.
26
2.
The
voting
members
of
the
task
force
shall
consist
27
of
representatives
of
the
office
of
the
chief
information
28
officer,
the
department
of
homeland
security
and
emergency
29
management,
the
department
of
administrative
services,
30
political
subdivisions,
school
boards,
municipal
utilities,
31
county
associations,
city
associations,
the
Iowa
association
of
32
school
boards,
the
university
of
Iowa
hospitals
and
clinics,
33
and
Broadlawns
medical
center.
34
3.
Four
legislative
members
shall
be
appointed
as
ex
35
-1-
SF2391.3750
(5)
88
ja/rn
1/
2
#1.
officio,
nonvoting
members
with
one
member
to
be
appointed
by
1
each
of
the
following:
the
majority
leader
of
the
senate,
2
the
minority
leader
of
the
senate,
the
speaker
of
the
house
3
of
representatives,
and
the
minority
leader
of
the
house
of
4
representatives.
A
representative
from
the
office
of
the
5
governor
shall
serve
as
a
fifth
ex
officio,
nonvoting
member.
6
4.
The
task
force
shall
study
issues
related
to
ransomware
7
and
how
to
best
mitigate
the
risks
associated
with
ransomware.
8
The
task
force
shall
submit
a
report,
including
findings
and
9
recommendations
for
policy
changes,
to
the
general
assembly
by
10
December
31,
2020.
>
11
2.
Title
page,
by
striking
lines
1
through
3
and
inserting
12
<
An
Act
relating
to
ransomware
attacks
in
connection
with
the
13
state
and
political
subdivisions
of
the
state.
>
14
3.
By
renumbering
as
necessary.
15
______________________________
ERIC
GIDDENS
-2-
SF2391.3750
(5)
88
ja/rn
2/
2
#2.
#3.