Committee backs bill to set baseline cybersecurity standards and require recovery cost reimbursement

Summary

Senate Bill 75, carried by Senator Hodges and presented by Brig. Gen. Jason Mafous (GOSEP), would authorize baseline cybersecurity standards in state administrative code and require publicly funded entities that ignore standards to reimburse the state for recovery costs; the committee adopted technical amendments and reported the bill as amended.

Senator Hodges presented Senate Bill 75 to the Committee on Judiciary B on March 17, saying cyber attacks remain a persistent threat to state and local governments. Brigadier General Jason Mafous, director of GOSEP, told the committee the bill provides two tools: codified baseline cybersecurity standards (aligned with NIST guidance) and a mechanism requiring publicly funded entities that ignore those standards to reimburse the state for recovery costs after an incident.

Mafous said Louisiana’s interagency teams have repeatedly responded to ransomware and data breaches across parishes and urged that a codified minimum standard and accountability will reduce taxpayer-funded recovery costs. “Proactive defense is always more cost effective than reactive recovery,” he said. The committee adopted a set of technical amendments (set 471,878) explained by Mr. Miller, and Senator McMath moved to report SB75 as amended. With no objection, the committee reported the bill favorably.

Ending: The committee approved technical corrections and reported SB75 as amended; the bill will proceed with the adopted baseline and reimbursement provisions for further action.