Utah Code 63A-16-1102. Utah Cyber Center — Creation — Duties
Current as of: 2024 | Check for updates
|
Other versions
(1)
Terms Used In Utah Code 63A-16-1102
- Agency: means a board, commission, institution, department, division, officer, council, office, committee, bureau, or other administrative unit of the state, including the agency head, agency employees, or other persons acting on behalf of or under the authority of the agency head, the Legislature, the courts, or the governor, but does not mean a political subdivision of the state, or any administrative unit of a political subdivision of the state. See Utah Code 63A-1-103
- Cyber Center: means the Utah Cyber Center created in Section
63A-16-1102 . See Utah Code 63A-16-1101 - Data breach: means the unauthorized access, acquisition, disclosure, loss of access, or destruction of:(2)(a) personal data affecting 500 or more individuals; or(2)(b) data that compromises the security, confidentiality, availability, or integrity of the computer systems used or information maintained by the governmental entity. See Utah Code 63A-16-1101
- Department: means the Department of Government Operations. See Utah Code 63A-1-103
- Division: means the Division of Technology Services. See Utah Code 63A-16-102
- Governmental entity: means the same as that term is defined in Section
63G-2-103 . See Utah Code 63A-16-1101- Information technology: means all computerized and auxiliary automated information handling, including:
(8)(a) systems design and analysis;(8)(b) acquisition, storage, and conversion of data;(8)(c) computer programming;(8)(d) information storage and retrieval;(8)(e) voice, video, and data communications;(8)(f) requisite systems controls;(8)(g) simulation; and(8)(h) all related interactions between people and machines. See Utah Code 63A-16-102- Partnership: A voluntary contract between two or more persons to pool some or all of their assets into a business, with the agreement that there will be a proportional sharing of profits and losses.
- Person: means :
(24)(a) an individual;(24)(b) an association;(24)(c) an institution;(24)(d) a corporation;(24)(e) a company;(24)(f) a trust;(24)(g) a limited liability company;(24)(h) a partnership;(24)(i) a political subdivision;(24)(j) a government office, department, division, bureau, or other body of government; and(24)(k) any other organization or entity. See Utah Code 68-3-12.5- State: when applied to the different parts of the United States, includes a state, district, or territory of the United States. See Utah Code 68-3-12.5
(1)(a) There is created within the division the Utah Cyber Center.(1)(b) The chief information security officer appointed under Section63A-16-210 shall serve as the director of the Cyber Center.(2) The division shall operate the Cyber Center in partnership with the following entities within the Department of Public Safety created in Section53-1-103 :(2)(a) the Statewide Information and Analysis Center;(2)(b) the State Bureau of Investigation created in Section53-10-301 ; and(2)(c) the Division of Emergency Management created in Section53-2a-103 .(3) In addition to the entities described in Subsection (3), the Cyber Center shall collaborate with:(3)(a) the Cybersecurity Commission created in Section63C-27-201 ;(3)(b) the Office of the Attorney General;(3)(c) the Utah Education and Telehealth Network created in Section53B-17-105 ;(3)(d) appropriate federal partners, including the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency;(3)(e) appropriate information sharing and analysis centers;(3)(f) information technology directors, cybersecurity professionals, or equivalent individuals representing political subdivisions in the state; and(3)(g) any other person the division believes is necessary to carry out the duties described in Subsection (4).(4) The Cyber Center shall, within legislative appropriations:(4)(a) by June 30, 2024, develop a statewide strategic cybersecurity plan for governmental entities;(4)(b) with respect to executive branch agencies:(4)(b)(i) identify, analyze, and, when appropriate, mitigate cyber threats and vulnerabilities;(4)(b)(ii) coordinate cybersecurity resilience planning;(4)(b)(iii) provide cybersecurity incident response capabilities; and(4)(b)(iv) recommend to the division standards, policies, or procedures to increase the cyber resilience of executive branch agencies individually or collectively;(4)(c) at the request of a governmental entity, coordinate cybersecurity incident response for a data breach affecting the governmental entity in accordance with Section63A-19-405 ;(4)(d) promote cybersecurity best practices;(4)(e) share cyber threat intelligence with governmental entities and, through the Statewide Information and Analysis Center, with other public and private sector organizations;(4)(f) serve as the state cybersecurity incident response repository to receive reports of breaches of system security, including notification or disclosure under Section13-44-202 and data breaches under Section63A-16-1103 ;(4)(g) develop incident response plans to coordinate federal, state, local, and private sector activities and manage the risks associated with an attack or malfunction of critical information technology systems within the state;(4)(h) coordinate, develop, and share best practices for cybersecurity resilience in the state;(4)(i) identify sources of funding to make cybersecurity improvements throughout the state;(4)(j) develop a sharing platform to provide resources based on information, recommendations, and best practices; and(4)(k) partner with institutions of higher education and other public and private sector organizations to increase the state’s cyber resilience.