FISCAL NOTE
Date Requested: February 13, 2020
Time Requested: 12:28 PM |
| Agency: |
Technology, WV Office of |
|---|
| CBD Number: |
Version: |
Bill Number: |
Resolution Number: |
| 3170 |
Introduced |
HB4846 |
|
|---|
| CBD Subject: |
Elections |
|---|
|
FUND(S):
2220
Sources of Revenue:
Special Fund
Legislation creates:
Fiscal Note Summary
Effect this measure will have on costs and revenues of state government.
The definitions of “online election system” and “penetration test” are too vague to provide a precise cost estimate. The Cybersecurity Office has no visibility or authority into the Secretary of State’s current network to appropriately scope out a penetration test. There are multiple pieces in an election system including but not limited to, internal Secretary of State databases, vendor-owned applications, citizen end-user interfaces, and 3rd party auditing systems. Each of those areas could have a different type of penetration test performed either internally or externally.
There is not enough information for the Office of Technology to determine the total fiscal impact.
Fiscal Note Detail
| Effect of Proposal |
Fiscal Year |
2020
Increase/Decrease
(use"-") |
2021
Increase/Decrease
(use"-") |
Fiscal Year
(Upon Full
Implementation) |
| 1. Estmated Total Cost |
0 |
300,000 |
300,000 |
| Personal Services |
0 |
0 |
0 |
| Current Expenses |
0 |
300,000 |
300,000 |
| Repairs and Alterations |
0 |
0 |
0 |
| Assets |
0 |
0 |
0 |
| Other |
0 |
0 |
0 |
| 2. Estimated Total Revenues |
0 |
0 |
0 |
Explanation of above estimates (including long-range effect):
The above is the estimated cost to perform penetration testing with a quick turnaround.
Memorandum
The one-month time constraint will substantially raise the cost of a penetration test. It would not be feasible to perform penetration testing one month before an election and fix any noted deficiencies by the election. It can take 1-2 weeks to perform some penetration tests. Depending on who owns which parts of the system, there could be legal issues to overcome. There needs to be a contract review to see if the State can run these tests on an already established contract. All parties would need to agree on the scope of a penetration test to avoid violating federal laws.
Person submitting Fiscal Note: Justin T McAllister
Email Address: Justin.t.mcallister@wv.gov