Illinois Gov. Bruce Rauner held a public signing Monday in Chicago for a law that requires annual cyber security training for executive branch employees.
The new law says all executive branch employees are required to take the annual training starting next year. It says it does not include employees in the legislative and judicial branches or in public universities.
“We’ve found that an attacker starts to use a stolen password within five minutes after receiving it, so not only must we serve as a first line of defense, we have to move quickly,” Kirk Lonbom, with the state’s innovation and technology department, said during the event.
The governor’s office says Illinois is the 15th state to adopt mandatory cyber security training for certain state employees.
“Nearly 50 percent of Americans do not receive cyber security training in the workplace,” Lonbom said. “House Bill 2371 ensures that will not be the case here in Illinois.”
Rauner says the law’s passage was a bi-partisan effort. Lonbom says other departments, like the Board of Elections, opted for the training voluntarily.
“Not only will this bill help save as much as $9 million annually in cost avoidance, [but] it will drastically reduce the number of successful attacks that take down critical information systems,” Lonbom said.
The governor’s office did not answer requests from WNIJ for additional comment on why a public signing was held for a law that doesn’t apply to all state employees.
Rauner also criticized the General Assembly during the question and answer portion of the event for cutting technology funds in their recently passed state budget. He says modern technology is necessary to run a state government effectively and that the state has "computer systems that are woeful."