Enhancing Cybersecurity Measures in Education and Local Governments

Cybersecurity is a state and national security issue, cybersecurity professionals and local government representatives alike emphasized during a recent House panel discussion. The Indiana Office of Technology already publishes cybersecurity best practices, but there is no requirement to follow them. This could change with legislation currently working its way through the General Assembly.

“They are connected to the state, they have critical infrastructure, they have a lot of data on individuals, as do schools,” said Bill author Sen. Liz Brown, R-Fort Wayne.

The proposed bill would require every unit of local government in the state, along with all school corporations and public universities, to follow cybersecurity rules and policies developed by the agency beginning in 2027. They would also need to carry cybersecurity insurance.

Cybersecurity expert Jeremy Miller, CEO of Lionfish Cyber Security, emphasized that critical municipal-level systems such as water, sewer, and gas systems are vulnerable to cyberattack. He noted that most Indiana counties lack the resources to adequately protect their systems and that the bill provides critical guidelines for local governments to follow.

Amy Krieg, representing Accelerate Indiana Municipalities, which represents municipal governments, viewed the bill as providing a healthy level of accountability for local governments.

The bill has already passed the Senate with near-unanimous support. The House Committee on Government and Regulatory Reform did not vote on the bill due to concerns over a provision requiring individual units of government to share their cybersecurity plans with the state, which some experts pointed out could make them vulnerable in the event of an external hack. Bill sponsors Sen. Brown and Rep. Matt Lehman, R-Berne, plan to work on language to either tighten or remove this provision.