Legislation signed by West Virginia Governor creates a new cybersecurity office within the Office of Technology to assess the vulnerabilities of state agencies and unify security policies.

The new office has the authority to set standards for cybersecurity and is charged with managing the cybersecurity framework. 

Aside from creating the Cybersecurity Office, the bill: 

• allows the Chief Information Security Officer to oversee the Cybersecurity Office
• authorizes the Chief Information Security Officer to create a cybersecurity framework, to assist and provide guidance to agencies in cyber risk strategy and setting forth other duties
• provides rule making authority
• requires agencies to undergo cyber risk assessments
• requires agencies to address any cybersecurity deficiencies
• requires annual reports to the Joint Committee on Government and Finance and to the Governor on the status of the cybersecurity program, including any recommended statutory changes

Chief Technology Officer Joshua Spence said in a statement that the legislation will serve as “a foundational step forward in cybersecurity protection of state information systems and data.”

“By leveraging a risk management approach, the state can ensure cybersecurity resources are applied to that which matters most,” he said.