Bill > A1983

Introduced Session

This bill requires municipalities, counties, and school districts, to report cybersecurity incidents. Under the bill, the Attorney General, in consultation with the New Jersey Cybersecurity and Communications Integration Cell, would develop an online cybersecurity incident reporting form on the New Jersey Cybersecurity and Communications Integration Cell's Internet website, specific for a designated employee of (1) a governing body of a municipality; (2) a governing body of a county; and (3) a school district; to report a cybersecurity incident. The bill provides that the online form would be used promptly after the designated employee of a municipality, county, or school district has been made aware of a cybersecurity incident and that cybersecurity incident has: (1) compromised the confidentiality, integrity, availability, or privacy of the billing, communications, data management or information systems, or the information resources thereon, of a municipality, county, or school district where the employee works; or (2) compromised a municipality's, county's, or school district's industrial control system, if applicable, including monitoring operations, and centralized control systems, that adversely impacted, disabled, or manipulated infrastructure, resulting in loss of service or damage to infrastructure. Under the bill, no later than 30 days after receiving a cybersecurity incident that has been submitted through the online form, the New Jersey Cybersecurity and Communications Integration Cell would require an audit of the cybersecurity program of a municipality, county, or school district, and any actions a municipality, county, or school district took in response to the cybersecurity incident. The bill provides that the audit of a municipality, county, or school district, would identify: (1) cyber threats and vulnerabilities to a municipality, county, or school district; (2) weaknesses in a municipality's, county's, or school district's cybersecurity program; and (3) strategies to address those weaknesses as to protect a municipality, county, or school district from the threat of future cybersecurity incidents. Under the bill, the audit established would be conducted by a qualified and independent cybersecurity company and would be paid for by the Department of Law and Public Safety. The bill provides that after the audit is conducted, a governing body of a municipality or county, or a school district, would submit the audit and any corrective action plans derived from the audit to the New Jersey Cybersecurity and Communications Integration Cell.

AI Summary

Committee Categories

Bill Moen (D)*,  Raj Mukherji (D)*,  Reginald Atkins (D),  Annette Chaparro (D), 

Reported out of Asm. Comm. with Amendments, and Referred to Assembly Appropriations Committee (on 06/09/2022)

Official Document