Bill > HB283

This bill requires political subdivisions (such as counties, townships, and municipal corporations) to establish and maintain comprehensive cybersecurity programs to protect their digital infrastructure and data. The legislation defines key terms like "cybersecurity incident" and "ransomware incident" and mandates that political subdivisions develop a cybersecurity program that safeguards their information technology resources, ensuring data availability, confidentiality, and integrity. The program must align with nationally recognized best practices, such as the National Institute of Standards and Technology (NIST) cybersecurity framework, and include provisions for identifying cybersecurity risks, detecting potential threats, establishing communication channels for incident response, and implementing employee training. Notably, the bill prohibits political subdivisions from paying ransom demands without formal legislative approval and requires them to report any cybersecurity or ransomware incidents to state authorities within specific timeframes. The legislation also classifies certain cybersecurity-related documents and procurement records as non-public or security records, protecting sensitive information from public disclosure. Overall, the bill aims to enhance the digital resilience and security of local government entities in Ohio.

Business and Industry

https://www.legislature.ohio.gov/legislation/136/hb283