Requiring sufficient cybersecurity protections for critical infrastructure and technology projects.
By implementing this statutory standard, HB 1728 is anticipated to improve the cybersecurity posture of critical infrastructure systems across the state. It seeks to address vulnerabilities that could disrupt essential services and threaten public health and safety. Although the bill does not provide direct funding for enforcement, local municipalities may face indeterminable costs associated with upgrading their systems to comply with the new standards. The ongoing discussions highlight a collective recognition of the necessity for enhanced cybersecurity measures in an era of increasing digital threats.
House Bill 1728 aims to establish a legally recognized standard of care for operators of critical infrastructure technology systems in New Hampshire. The bill mandates that these operators, serving populations exceeding 10,000 people or 3,300 households, must take reasonable precautions to secure their operational technology against foreseeable risks. This includes risks associated with public internet exposure, inadequate authentication protocols, and failure to maintain cybersecurity measures. If operators fail to adhere to these standards and cause harm, they may be held liable for resulting damages, thereby emphasizing the importance of robust cybersecurity practices in safeguarding essential services like water supply, electricity, and communications.
The sentiment surrounding HB 1728 appears largely positive, as stakeholders acknowledge the pressing need for better cybersecurity in critical infrastructure. However, some concerns have been raised regarding the financial implications for municipalities and the potential challenges associated with implementing the required technological upgrades. While most parties agree on the importance of safeguarding essential services, discussions also reflect a cautious approach towards the cost burdens that may arise from compliance with the bill’s stipulations.
Notable points of contention primarily center on the bill's economic implications for local governments. The New Hampshire Municipal Association has indicated that compliance could incur significant costs, suggesting that smaller municipalities could be disproportionately affected. The lack of provided funding for these upgrades presents a challenge, raising questions about the balance between necessary cybersecurity measures and the financial feasibility for local jurisdictions. Additionally, there remains a discussion about the effectiveness of enforcing liability in cases where cybersecurity failures occur, particularly in the context of the evolving landscape of technology and threats.