Bill Text: NJ A817 | 2024-2025 | Regular Session | Introduced

NOTE: There are more recent revisions of this legislation. Read Latest Draft
Bill Title: Requires public institutions of higher education to establish plans concerning cyber security and prevention of cyber attacks.

Spectrum: Bipartisan Bill

Status: (Engrossed) 2024-04-11 - Received in the Senate, Referred to Senate Higher Education Committee [A817 Detail]

Download: New_Jersey-2024-A817-Introduced.html

ASSEMBLY, No. 817

STATE OF NEW JERSEY

221st LEGISLATURE

 

PRE-FILED FOR INTRODUCTION IN THE 2024 SESSION

 


 

Sponsored by:

Assemblyman  GREGORY P. MCGUCKIN

District 10 (Monmouth and Ocean)

 

 

 

 

SYNOPSIS

     Requires public institutions of higher education to establish plans concerning cyber security and prevention of cyber attacks.

 

CURRENT VERSION OF TEXT

     Introduced Pending Technical Review by Legislative Counsel.

  


An Act concerning higher education cyber security and supplementing chapter 3B of Title 18A of the New Jersey Statutes.

 

     Be It Enacted by the Senate and General Assembly of the State of New Jersey:

 

     1.    a.   A public institution of higher education shall establish plans and procedures to enhance cyber security and prevent cyber attacks against the institution's information technology systems.  The plans and procedures, at a minimum, shall address: system monitoring to identify potential cyber security risks and vulnerabilities; cyber threat assessment; techniques for mitigating risk and preventing cyber breaches; and response and recovery for cyber security incidents.

     b.    In developing its cyber security plans and procedures, an institution of higher education may consult with the New Jersey Cybersecurity and Communications Integration Cell, established pursuant to Executive Order No. 178 (2015) in the New Jersey Office of Homeland Security and Preparedness, regarding information and best practices on cyber security and data protection.

     c.     A public institution of higher education shall, as appropriate and on a regular basis, update its cyber security plans and procedures to reflect current technologies and information security techniques.

     d.    A public institution of higher education shall notify the New Jersey Office of Homeland Security and Preparedness of any cyber attack against the institution's information technology systems within 24 hours of becoming aware of the incident.

 

     2.    This act shall take effect immediately.

 

 

STATEMENT

 

     This bill requires public institutions of higher education to establish plans and procedures to enhance cyber security and prevent cyber attacks against the institution's information technology systems.  Under the bill, the plans and procedures are required to address, at a minimum: system monitoring to identify potential cyber security risks and vulnerabilities; cyber threat assessment; techniques for mitigating risk and preventing cyber breaches; and response and recovery for cyber security incidents.  The bill requires public institutions of higher education to regularly update their cyber security plans and procedures in order to reflect current technologies and information security techniques.

     In connection with developing their cyber security plans, public institutions of higher education may consult with the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) regarding information and best practices on cyber security and data protection.  The NJCCIC was established in 2015 by executive order as the State's central organization for cyber security information sharing and threat analysis.

     Lastly, the bill requires a public institution of higher education to notify the New Jersey Office of Homeland Security and Preparedness of any cyber attack against the institution's information technology systems within 24 hours of becoming aware of the incident.

feedback