(1) The secretary of state must annually consult with the Washington state fusion center, state chief information officer, and each county auditor to identify instances of security breaches of election systems or election data.
(2) To the extent possible, the secretary of state must identify whether the source of a security breach, if any, is a foreign entity, domestic entity, or both.
(3) By December 31st of each year, the secretary of state must submit a report to the governor, state chief information officer, Washington state fusion center, and the chairs and ranking members of the appropriate legislative committees from the senate and house of representatives that includes information on any instances of security breaches identified under subsection (1) of this section and options to increase the security of the election systems and election data, and to prevent future security breaches. The report, and any related material, data, or information provided pursuant to subsection (1) of this section or used to assemble the report, may only be distributed to, or otherwise shared with, the individuals specifically mentioned in this subsection (3).
(4) For the purposes of this section:
(a) "Foreign entity" means an entity that is not organized or formed under the laws of the United States, or a person who is not domiciled in the United States or a citizen of the United States.
(b) "Security breach" means a breach of the election system or associated data where the system or associated data has been penetrated, accessed, or manipulated by an unauthorized person.
[ 2020 c 101 § 2.]
NOTES:
Findings—Intent—2020 c 101: "The legislature finds that public confidence in state elections systems and election data are of paramount consideration to the integrity of the voting process. The legislature also finds that recent events have revealed an intentional and persistent effort by foreign entities to influence election systems and other cybernetworks. Therefore, the legislature intends to review the state's electoral systems and processes and take appropriate measures to identify whether foreign entities were responsible for the intrusions." [ 2020 c 101 § 1.]