Read the full stored bill text
PRINTER'S NO. 3711
THE GENERAL ASSEMBLY OF PENNSYLVANIA
HOUSE BILL
No. 2672
Session of
2026
INTRODUCED BY KENYATTA, MAYES, SANCHEZ, SHUSTERMAN, MADDEN AND
BURGOS, JUNE 25, 2026
REFERRED TO COMMITTEE ON COMMUNICATIONS AND TECHNOLOGY,
JUNE 26, 2026
AN ACT
Amending the act of April 9, 1929 (P.L.177, No.175), entitled
"An act providing for and reorganizing the conduct of the
executive and administrative work of the Commonwealth by the
Executive Department thereof and the administrative
departments, boards, commissions, and officers thereof,
including the boards of trustees of State Normal Schools, or
Teachers Colleges; abolishing, creating, reorganizing or
authorizing the reorganization of certain administrative
departments, boards, and commissions; defining the powers and
duties of the Governor and other executive and administrative
officers, and of the several administrative departments,
boards, commissions, and officers; fixing the salaries of the
Governor, Lieutenant Governor, and certain other executive
and administrative officers; providing for the appointment of
certain administrative officers, and of all deputies and
other assistants and employes in certain departments, boards,
and commissions; providing for judicial administration; and
prescribing the manner in which the number and compensation
of the deputies and all other assistants and employes of
certain departments, boards and commissions shall be
determined," in organization of departmental administrative
boards and commissions and of advisory boards and
commissions, providing for Cybersecurity Coordination Board.
The General Assembly of the Commonwealth of Pennsylvania
hereby enacts as follows:
Section 1. The act of April 9, 1929 (P.L.177, No.175), known
as The Administrative Code of 1929, is amended by adding a
section to read:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
Section 480. Cybersecurity Coordination Board.--(a) The
following apply regarding establishment and purposes:
(1) The Cybersecurity Coordination Board is established
within the Office of Administration.
(2) The Cybersecurity Coordination Board shall:
(i) Collect, study and share information about cybersecurity
issues and initiatives and provide advice to the Governor with
respect to developing uniform cybersecurity techniques,
standards, policies, procedures and best practices.
(ii) Coordinate efforts with Federal, State and local
government agencies, academic institutions and the private
sector to promote effective cybersecurity measures for the
benefit of the residents, businesses, government entities and
other entities within this Commonwealth.
(b) The Cybersecurity Coordination Board shall consist of
the following members:
(1) The Secretary of Administration or a designee.
(2) The Attorney General or a designee.
(3) The Auditor General or a designee.
(4) The State Treasurer or a designee.
(5) The Director of the Pennsylvania Emergency Management
Agency or a designee.
(6) The Commonwealth's Chief Information Security Officer
under the Office of Administration.
(7) The Director of the Governor's Office of Homeland
Security or a designee.
(8) One member of the Senate to be appointed by the
President pro tempore of the Senate or a designee.
(9) One member of the House of Representatives to be
appointed by the Speaker of the House of Representatives or a
20260HB2672PN3711 - 2 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
designee.
(10) One member of the Senate to be appointed by the
Minority Leader of the Senate or a designee.
(11) One member of the House of Representatives to be
appointed by the Minority Leader of the House of Representatives
or a designee.
(12) The Executive Director of the County Commissioners
Association of Pennsylvania or a designee.
(13) The Executive Director for the Pennsylvania Municipal
League or a designee.
(14) The Executive Director for the Pennsylvania State
Association of Township Supervisors or a designee.
(15) The Executive Director for the Pennsylvania State
Association of Boroughs or a designee.
(16) The Executive Director for the Pennsylvania State
Association of Township Commissioners or a designee.
(c) The Cybersecurity Coordination Board shall also include
three cybersecurity experts that shall be appointed by and serve
at the pleasure of the Governor. The cybersecurity experts must
have professional experience in cybersecurity or information
technology.
(d) If a member of the Cybersecurity Coordination Board
sends a designee in the member's place, the designee must have a
background in cybersecurity or be the cybersecurity expert of
the designating board member.
(e) The Governor shall invite the following representatives
of Federal agencies to serve as advisory members to the
Cybersecurity Coordination Board:
(1) The United States Secretary of Defense or a designee.
(2) The United States Secretary of Homeland Security or a
20260HB2672PN3711 - 3 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
designee.
(3) The Director of the National Institute of Standards and
Technology or a designee.
(4) The Director of the Defense Information Systems Agency
or a designee.
(5) The Director of the Intelligence Advanced Research
Projects Activity or a designee.
(6) The Director of the Federal Bureau of Investigation or a
designee.
(f) The voting members of the Cybersecurity Coordination
Board shall elect a chairperson, vice chairperson and secretary
of the Cybersecurity Coordination Board.
(g) The Cybersecurity Coordination Board shall, with the
approval of the Governor, appoint an executive director to carry
out the duties of the Cybersecurity Coordination Board. The
following apply to the executive director:
(1) The executive director shall serve at the pleasure of
the Cybersecurity Coordination Board. The selection and removal
of the executive director shall be made by a simple majority of
the voting members of the Cybersecurity Coordination Board that
constitute a quorum.
(2) The executive director shall be qualified for the duties
of the position, as determined by the Cybersecurity Coordination
Board.
(3) The executive director shall conduct the work of the
Cybersecurity Coordination Board under the direction and
supervision of the Cybersecurity Coordination Board.
(4) The executive director shall provide a report to the
Governor of the final determination of any action or inaction
that the Cybersecurity Coordination Board recommends, including
20260HB2672PN3711 - 4 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
any advice or information in support of or in addition to any
final determination of the Cybersecurity Coordination Board.
(5) A current member of the Cybersecurity Coordination Board
may not serve as the executive director.
(6) The executive director's appointment shall not continue
beyond the expiration of this section.
(7) The executive director shall be subject to the same
policies and procedures as employees of the Office of
Administration.
(8) The Cybersecurity Coordination Board shall fix the
compensation of the executive director, subject to the approval
of the executive director.
(h) The Office of Administration shall acquire staff, office
space, office equipment and supplies and obtain the services of
cybersecurity subject matter experts to assist the Cybersecurity
Coordination Board and the executive director of the
Cybersecurity Coordination Board in fulfilling the duties under
this section.
(i) The Cybersecurity Coordination Board and the executive
director of the Cybersecurity Coordination Board may be
supported by the Office of Administration's designated staff in
furtherance of the Cybersecurity Coordination Board fulfilling
the duties under this section.
(j) The Cybersecurity Coordination Board shall meet no fewer
than four times a year to review and assess cybersecurity,
including risks, protective measures, laws, regulations,
governances, technologies, standards and best practices that
affect the Federal, State, county and local governments,
international government, businesses and other entities.
Additional meetings shall be at the discretion of the
20260HB2672PN3711 - 5 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
Commonwealth's Chief Information Security Officer under the
Office of Administration, until an executive director of the
Cybersecurity Coordination Board is appointed, after which any
additional meetings shall be held at the discretion of the
executive director of the Cybersecurity Coordination Board.
(k) Meetings of the Cybersecurity Coordination Board shall
not be held using video conferencing technology. Members of the
board may use teleconferencing technology, as necessary.
(l) The Cybersecurity Coordination Board may establish
committees, as needed, to formulate recommended positions or
actions.
(m) The Cybersecurity Coordination Board, through the
executive director of the Cybersecurity Coordination Board,
shall provide the Governor an annual report summarizing the
Cybersecurity Coordination Board's findings and assessments. The
following apply:
(1) The report shall include an overview of the
cybersecurity landscape, changes since the prior report, issues
and risks affecting the protection of information,
recommendations to resolve and mitigate the issues and risks and
any other relevant information deemed appropriate by the
Cybersecurity Coordination Board with respect to cybersecurity.
(2) The report shall be confidential and exempt from
disclosure as provided under subsection (n) .
(n) Deliberations, documentation, records, correspondence
and all work of the Cybersecurity Coordination Board and its
committees, including any actions or reports of the
Cybersecurity Coordination Board, shall be confidential and
shall be exempt from the requirements of the following:
(1) The act of February 14, 2008 (P.L.6, No.3), known as the
20260HB2672PN3711 - 6 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
"Right-to-Know Law."
(2) 65 Pa.C.S. Ch. 7 (relating to open meetings).
(o) Members of the Cybersecurity Coordination Board and its
committee members shall serve without compensation except for
payment of necessary and actual expenses incurred in attending
meetings and in performing duties and responsibilities as
members.
(p) The Cybersecurity Coordination Board and its committee
members, including advisory members, shall not use their
position to sell products or services to the Commonwealth or
benefit financially or enable their immediate family members or
employers to benefit financially, whether directly or
indirectly, from Commonwealth initiatives that result from
recommendations or advice provided by the Cybersecurity
Coordination Board under this section.
(q) This section shall expire four years after the effective
date of this subsection.
Section 2. This act shall take effect in 60 days.
20260HB2672PN3711 - 7 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18