104TH GENERAL ASSEMBLY
State of Illinois
2025 and 2026
SB1363
 
Introduced 1/28/2025, by Sen. Sally J. Turner
 
SYNOPSIS AS INTRODUCED:
 
5 ILCS 430/5-10.10 new
    Amends the State Officials and Employees Ethics Act. Requires each officer, member, and employee to complete, at least annually, a cybersecurity training program, with certain requirements. Requires each ultimate jurisdictional authority to submit to the applicable Ethics Commission, at least annually, a report regarding that training, with certain requirements.


LRB104 06502 BDA 16538 b

 
 
A BILL FOR
 
SB1363LRB104 06502 BDA 16538 b

1    AN ACT concerning government.
 
2    Be it enacted by the People of the State of Illinois, 
3represented in the General Assembly:
 
4    Section 5. The State Officials and Employees Ethics Act is 
5amended by adding Section 5-10.10 as follows:
 
6    (5 ILCS 430/5-10.10 new)
7    Sec. 5-10.10. Cybersecurity training.
8    (a) Each officer, member, and employee must complete, at 
9least annually, a cybersecurity training program. A person who 
10fills a vacancy in an elective or appointed position that 
11requires training under this Section must complete the initial 
12cybersecurity training program within 30 days after 
13commencement of office or employment. The training shall 
14include, at a minimum, information concerning: (i) the types 
15of cybersecurity threats, including malware, phishing, social 
16engineering, and ransomware; (ii) the creation of strong 
17passwords and the proper use of passwords and multi-factor 
18authentication; (iii) the applicability of data privacy 
19regulations and best practices for proper data handling, and 
20secure file sharing; (iv) the recognition and avoidance of 
21suspicious links, attachments, and unsafe websites; and (v) 
22the actions that should be taken to secure personal and 
23government devices and report lost or stolen devices. Proof of 
 
 
SB1363- 2 -LRB104 06502 BDA 16538 b

1completion of the training required under this Section must be 
2submitted to the applicable ethics officer. Cybersecurity 
3training programs shall be overseen by the appropriate Ethics 
4Commission and Inspector General appointed under this Act.
5    (b) Each ultimate jurisdictional authority shall submit to 
6the applicable Ethics Commission, at least annually, or more 
7frequently as required by that Commission, a report that 
8summarizes the cybersecurity training program that was 
9completed during the previous year, and lays out the plan for 
10the training program in the coming year. The report shall 
11include the names of individuals that failed to complete the 
12required training program. An Ethics Commission shall not make 
13the reports available on its website.