Lifetime Citizen Portal Access — AI Briefings, Alerts & Unlimited Follows
State IT leaders: keep SB 291 consolidation and expand enforcement authority to secure executive-branch systems
Loading...
Summary
Jeff Max (state CTO) and John Godfrey (chief information security officer) told the panel that Senate Bill 291—s IT consolidation work is underway and that rolling back the statute—s consolidation and mandatory cybersecurity participation would weaken statewide defenses and raise costs.
Jeff Max, Kansas chief information technology officer, and John Godfrey, state chief information security officer, briefed the Joint Committee on Kansas Security about IT governance changes, a consolidation plan under House Substitute for Senate Bill 291, and the Kansas Information Security Office—s (KISO) expanded enterprise services.
Max described a year-long planning effort with a Gartner consulting engagement to build a target state and road map for executive-branch IT integration. He said the legislation requires monthly ITEC (information-technology executive council) meetings and makes the executive-branch CTO the permanent ITEC chair, measures he said have accelerated policy adoption. Max told the committee agencies still operate in disparate environments, that economies of scale for enterprise tools (endpoint detection and response, endpoint management, log aggregation) produce cost savings, and that voluntary nonparticipation by agencies reduces statewide visibility.
John Godfrey reviewed KISO—s operational expansion: 42 FTEs, an approximately $11 million annual budget, a 24/7 security operations center, enterprise endpoint and patching deployments, privileged-access management, enhanced external-attack-surface monitoring, and a cyber-preparedness outreach program including a small but growing internship pipeline. He said KISO now provides enterprise cybersecurity tools without per-agency fees to increase baseline adoption and reduce friction.
On SB 291—s sunset, presenters warned the committee that removing the statutory consolidation authority (sunset currently set for 07/01/2026) would reduce oversight, fragment purchases, and make the state less secure. Max and Godfrey recommended continuing consolidation authority and giving the executive-branch governance tangible enforcement mechanisms for agencies that use executive-branch networks.
Ending: Committee members asked clarifying questions; presenters said they would deliver the final integration roadmap to the Legislature and urged lawmakers to consider retaining or codifying consolidation measures with clear authority to compel agency compliance when required for statewide security and interoperability.
