Illinois Makes Cybersecurity Training Mandatory For State Employees


A new bill signed into law yesterday, in Illinois, will require all state employees to undergo annual cybersecurity training. According to a statement from Governor Rauner, the program will help safeguard the information systems that support the delivery of critical state services and contain the personal information of taxpayers by facilitating a more cyber-aware state workforce.

“Employees are our first line of defense,” Gov. Rauner said. “Ensuring that our staff is properly trained against cyber threats is vital to protect Illinois’ services and information. Cybersecurity is no longer just an IT issue. It is a public safety issue, and we will do all we can to protect the residents and infrastructure of our state.”

The Department of Innovation & Technology (DoIT) is charged with implementing the training program and recently released the State of Illinois Cybersecurity Strategy. Key objectives include protecting state of Illinois information and systems, reducing cyber risk, providing best-in-class cybersecurity capabilities and ensuring an enterprise approach to cybersecurity. Cyber-awareness training is a key component of the strategy.

With this legislation, Illinois becomes the 15th state to adopt a mandatory cybersecurity awareness training for state employees. States are increasingly the targets of attacks, and security threats pose a daily risk in the state’s ability to serve taxpayers and protect critical and confidential information.

Cybersecurity is a key focus area for the National Governor’s Association which is pushing a mix of policies like the one passed in Illinois as well as skills training and workforce development. As CivSource has previously reported, NGA Chair, Governor McAuliffe has created a list of deliverables states can work towards on cybersecurity. The NGA plans to assess the progress of those efforts at the end of the year.