The Science and Technology Committee heard a presentation on the legislature’s new cybersecurity training program designed for legislators and legislative staff.
Shauna Casebeer, director of the Legislative Council Service, told the committee the legislature has a large, evolving cybersecurity apparatus but that people remain ‘‘the front line’’ for network safety. "This is not a 1 and done training but is ongoing training that keeps user skills sharp," Casebeer said, describing the program as Arctic Wolf’s Managed Security Awareness Program.
The program delivers brief (about 3–5 minute) microlearning modules roughly every one to two weeks and runs automated phishing simulations aimed at helping users recognize social‑engineering attacks. Committee members were told simulations are nonpunitive: if a user clicks a simulated phishing link they receive guidance on what to look for in future messages.
Why it matters: the legislature’s network holds confidential constituent and policy information, and staff said reducing human error is a key part of preventing account or network compromises. Casebeer said the program “focuses on reducing human related cyber risks by educating employees and legislators to recognize and neutralize social engineering attacks” and that Legislative Information Services (LIS) will get analytics to identify users who need extra support.
Committee discussion, follow-ups: lawmakers asked whether the training had reached members in both chambers and how to find the modules. Casebeer said training should go to every account on the legislative network and promised to confirm distribution to House accounts and to double-check that legislators who had not yet received invitations are included. Representative Little and other members asked about where to locate Arctic Wolf materials and about the program’s tone and time commitment; the director described the content as "creative" and brief so it can fit into schedules.
What was not decided: the committee did not take formal action. Staff said they would verify delivery and report back to any legislators who did not receive the initial rollout.
Looking ahead: committee members emphasized ongoing threats such as AI‑enabled phishing and asked staff to keep the committee informed if distribution or vendor arrangements change.