Jeneil Bamberg

The subcommittee discussed the cybersecurity posture of small and medium-sized utilities, proposing initiatives such as resource mapping, mentorship programs with larger utilities, and the creation of a resource database. For the future policy agenda, members explored cybersecurity risks in the food processing, finance, transportation, and telecommunication sectors. Additionally, the meeting addressed the security implications of agentic AI and quantum computing on critical infrastructure, as well as potential collaboration with the NSA for research resources.

The Subcommittee on State and Local Government Cybersecurity and Emerging Technology held a virtual public meeting. The agenda included opening remarks by the chair, introductions of members, and the facilitation of a discussion involving invited presenters from the National Association of State CIOs.

The council hosted a virtual meeting featuring a Subject Matter Expert presentation by John Gilligan, CEO of the Center for Internet Security, regarding cybersecurity considerations for State, Local, Tribal, and Territorial (SLTT) organizations.

The subcommittee meeting focused on establishing the policy agenda for 2026. Key discussions included reviewing EPIC's model state law on chatbots, which covers transparency requirements, disclosures, risk assessments, and liability provisions, and analyzing its potential standing against federal executive orders. The subcommittee also considered studying California's DELETE Act as a potential regulatory initiative to enhance PII deletion mechanisms across the data broker ecosystem. Furthermore, the discussion addressed concerns raised regarding state data access through the Nlets system by DHS, in conflict with Maryland's warrant requirements. Finally, the merits of broadly regulating deepfakes as a form of counterfeit representation were debated, referencing recent federal and state legislative efforts.

The subcommittee was briefed on the distributed energy resource (DER) cybersecurity regulations under consideration by the Public Service Commission (PSC). Key discussion points included the PSC's authority to regulate DERAs, enforcement mechanisms for cybersecurity requirements, and concerns from electric companies regarding compliance and potential impacts on rates. The subcommittee also considered forming a healthcare ecosystem workgroup to examine ecosystem resilience, discussing objectives such as identifying minimum functional requirements, defining interdependencies, exploring coordinated crisis management, and addressing barriers to strengthening resilience.