Bill Text: NJ A3379 | 2022-2023 | Regular Session | Introduced


Bill Title: Requires public institutions of higher education to establish plans concerning cyber security and prevention of cyber attacks.

Spectrum: Partisan Bill (Republican 2-0)

Status: (Introduced - Dead) 2022-03-07 - Introduced, Referred to Assembly Higher Education Committee [A3379 Detail]

Download: New_Jersey-2022-A3379-Introduced.html

ASSEMBLY, No. 3379

STATE OF NEW JERSEY

220th LEGISLATURE

 

INTRODUCED MARCH 7, 2022

 


 

Sponsored by:

Assemblyman  GREGORY P. MCGUCKIN

District 10 (Ocean)

Assemblyman  JOHN CATALANO

District 10 (Ocean)

 

 

 

 

SYNOPSIS

     Requires public institutions of higher education to establish plans concerning cyber security and prevention of cyber attacks.

 

CURRENT VERSION OF TEXT

     As introduced.

  


An Act concerning higher education cyber security and supplementing chapter 3B of Title 18A of the New Jersey Statutes.

 

     Be It Enacted by the Senate and General Assembly of the State of New Jersey:

 

     1.    a.   A public institution of higher education shall establish plans and procedures to enhance cyber security and prevent cyber attacks against the institution's information technology systems.  The plans and procedures, at a minimum, shall address: system monitoring to identify potential cyber security risks and vulnerabilities; cyber threat assessment; techniques for mitigating risk and preventing cyber breaches; and response and recovery for cyber security incidents.

     b.    In developing its cyber security plans and procedures, an institution of higher education may consult with the New Jersey Cybersecurity and Communications Integration Cell, established pursuant to Executive Order No. 178 (2015) in the New Jersey Office of Homeland Security and Preparedness, regarding information and best practices on cyber security and data protection.

     c.     A public institution of higher education shall, as appropriate and on a regular basis, update its cyber security plans and procedures to reflect current technologies and information security techniques.

     d.    A public institution of higher education shall notify the New Jersey Office of Homeland Security and Preparedness of any cyber attack against the institution's information technology systems within 24 hours of becoming aware of the incident.

 

     2.    This act shall take effect immediately.

 

 

STATEMENT

 

     This bill requires public institutions of higher education to establish plans and procedures to enhance cyber security and prevent cyber attacks against the institution's information technology systems.  Under the bill, the plans and procedures are required to address, at a minimum: system monitoring to identify potential cyber security risks and vulnerabilities; cyber threat assessment; techniques for mitigating risk and preventing cyber breaches; and response and recovery for cyber security incidents.  The bill requires public institutions of higher education to regularly update their cyber security plans and procedures in order to reflect current technologies and information security techniques.

     In connection with developing their cyber security plans, public institutions of higher education may consult with the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) regarding information and best practices on cyber security and data protection.  The NJCCIC was established in 2015 by executive order as the State's central organization for cyber security information sharing and threat analysis.

     Lastly, the bill requires a public institution of higher education to notify the New Jersey Office of Homeland Security and Preparedness of any cyber attack against the institution's information technology systems within 24 hours of becoming aware of the incident.

feedback