December 20, 2022
Executive Order 2022-24
Executive Order to Continue the Illinois Cybersecurity Commission
WHEREAS, the State of Illinois recognizes that Information Technology is central to national and state security, the economy, and public health and safety; and,
WHEREAS, businesses, governments, academia, and individuals are all increasingly dependent upon Information Technology systems, including information systems, networks and critical infrastructure, for essential services and daily life; and,
WHEREAS, it is the expectation of the general public, as well as the public and private sectors, that these Information Technology systems remain secure and resilient in the face of increasing threats from sophisticated cyber-attacks that pose personal, professional, and financial risks to the citizens of the State of Illinois and threaten the security and economy of our State; and,
WHEREAS, securing Information Technology systems within Illinois is beyond the reach of any single entity, and requires a collaborative public-private partnership that encourages unity of effort;
WHEREAS, in order to protect the security and economy of the State, it is appropriate and necessary for state government to establish and lead a collaborative effort involving government, private sector, military, research, and academic stakeholders to develop and recommend a whole-of-state approach to enhancing Illinois’ cybersecurity;
WHEREAS, in recognition of the foregoing, on March 25, 2022, I issued Executive Order 2022-08 to establish the Illinois Cybersecurity Commission (“Commission”);
WHEREAS, since the issuance of Executive Order 2022-08 and the appointment of Voting Members and Non-Voting Members to the Commission, the Commission has been meeting and working diligently to carry out the objectives of Executive Order 2022-08, but such members have advised the Office of the Governor that they require additional time to complete their work and prepare the Commission’s report; and,
WHEREAS, in view of the significance of the myriad issues relating to cybersecurity in Illinois and the need for thorough consideration of these issues by multiple stakeholders through a collaborative public-private partnership, I find it appropriate to extend the deadline for submission of the Commission’s report to the Governor by six months;
THEREFORE, I, JB Pritzker, Governor of Illinois, by virtue of the executive authority vested in me by Article V of the Constitution of the State of Illinois, hereby order as follows:
- Continuation of the Illinois Cybersecurity Commission
- The term of the Illinois Cybersecurity Commission is hereby extended for six months, until June 30, 2023. The Commission shall carry out its functions in accordance with the terms of this Executive Order.
- The Commission shall be composed of Voting, Non-Voting and Advisory Members as provided in Executive Order 2022-08, and the previously appointed Voting Members and Non-Voting Members are hereby reappointed by the Governor.
- As provided in Executive Order 2022-08, the Commission may also include Non-Voting Members, as selected by the relevant federal agency with the permission and approval of said agency:
- A cybersecurity expert from the Chicago or Springfield field office of the Federal Bureau of Investigation.
- Two cybersecurity experts from the United States Department of Homeland Security, as follows:
- One cybersecurity advisor from the Region 5 Office of the Cybersecurity and Infrastructure Security Agency; and
- One cybersecurity expert from the Chicago field office of the United States Secret Service.
- The Commission shall include a representative of the Statewide Terrorism and Intelligence Center (STIC) as an Advisory Member, as designated by the Director of the Illinois State Police. The Commission also may appoint other Advisory Members representing both public and private sector interests. Such other Advisory Members shall be selected and approved by a majority of Voting Members of the Commission. The purpose of Advisory Members is to support Commission decision-making by providing subject-matter expertise and specialized insight.
- The Governor’s Homeland Security Advisor, or designee, shall continue to serve as chairperson of the Commission.
- The Commission shall continue to develop and recommend an implementation plan for accomplishing the following objectives:
- Building and enhancing cyber awareness and training for private sector critical infrastructure entities, including educating stakeholders on ways to prevent cybersecurity attacks and protect personal information; and conducting, supporting, and attending cyber security trainings to improve technical capabilities;
- Developing practices, processes and the overall planning required to protect valuable information, resources, and services, including by identifying and disrupting cyber-attacks to minimize adverse impact; improving and expanding statewide security incident response capabilities; and promoting and facilitating cross sector and community training and exercise scenarios for private sector critical infrastructure partners to secure critical systems that serve the public;
- Maturing cyber competencies through the utilization of best practices to help private sector critical infrastructure organizations make risk-based decisions for improving cybersecurity, including by promoting a risk-based approach to cybersecurity; establishing regional critical infrastructure cyber response teams; and developing and disseminating best practices and tools to advance cyber maturity; and
- Creating and expanding partnerships to foster continual learning and information sharing to ensure the safety and resiliency of digital infrastructure, including by forging and nurturing partnerships with critical infrastructure sectors to ensure the resiliency of critical systems; and identifying, evaluating, and sharing information on the threats and vulnerabilities impacting the state.
- The Commission may adopt a charter, consistent with the provisions of this Executive Order and applicable law, setting forth how the Commission shall conduct itself and carry out the responsibilities provided in this Executive Order. The charter may address such matters as Commission meetings, creation of committees and working groups, and other matters as the Commission deems appropriate.
- The Illinois Emergency Management Agency shall continue to provide administrative support for, and maintain the records of, the Commission.
- Report to the Governor
The chairperson of the Commission shall submit a report to the Governor by June 30, 2023. The report shall detail the activities, accomplishments and recommendations of the Commission. Upon submission of the report, the Commission shall disband.
- Ethical and Other Requirements
The Commission shall be subject to the provisions of applicable law, including without limitation the Illinois Open Meetings Act, 5 ILCS 120/, and the Illinois Freedom of Information Act, 5 ILCS 140/. Members of the Commission shall be subject to the provisions of applicable law, including without limitation the Illinois State Officials and Employees Ethics Act, 5 ILCS 430/.
- Savings Clause
Nothing in this Executive Order shall be construed to contravene any federal or State law or regulation. Nothing in this Executive Order shall affect or alter existing statutory powers of any State agency or be construed as a reassignment or reorganization of any State agency.
- Prior Executive Orders
This Executive Order supersedes any contrary provision of any other prior Executive Order, including but not limited to Executive Order 2022-08.
- Severability Clause
If any part of this Executive Order is found to be invalid by a court of competent jurisdiction, the remaining provisions shall remain in full force and effect. The provisions of this Executive Order are severable.
- Effective Date
This Executive Order shall take effect upon filing with the Secretary of State.
JB Pritzker, Governor
Issued by the Governor December 20, 2022
Filed with the Secretary of State December 20, 2022