Bill > A6178

Introduced Session

This bill requires public agencies and certain government contractors in this State to report cybersecurity incidents to the New Jersey Office of Homeland Security and Preparedness. Reporting will be done through cyber incident reporting system established by the office for submission of cybersecurity incident notifications in a secure and confidential manner. This bill applies to all State agencies and all agencies of the political subdivisions of the State. This bill applies only to certain government contractors. The bill also permits private entities to submit reports to the officer. The office is required to develop privacy and protection procedures, which will be based on procedures outlined in the federal Cybersecurity Information Sharing Act of 2015 (6 U.S.C. s.1501 et seq.). The reports will be confidential and exempt from the provisions of the law commonly called the open public records act, as well as from evidentiary and subpoena purposes except legislative subpoenas. However, the office may anonymize and share cyber threat indicators and relevant defensive measures to help prevent additional or future attacks and share cybersecurity incident notifications with relevant law enforcement authorities. The office is required to submit an annual report to the Attorney General that will include, at a minimum, information on the number of notifications received and a description of the incident types and associated mitigating measures taken during the one-year period preceding the publication of the report; the categories of public agencies and government contractors that submitted cybersecurity repots; and the types of cybersecurity incidents and other information required in the submission of a cybersecurity incident notification, noting any changes from the report published in the previous year. This bill will facilitate the development of a central database of cyber threats across the State and enable the sharing of actionable cyber threat intelligence that can be used to mitigate risk, while enhancing the overall preparedness, protection, and response to a cyberattack perpetrated against the citizens, public and private institutions, and the critical infrastructure of New Jersey.

AI Summary

Committee Categories

Daniel Benson (D)*,  Carol Murphy (D)*, 

Introduced, Referred to Assembly Homeland Security and State Preparedness Committee (on 12/09/2021)

Official Document