Requires certain procedures and training for municipalities, counties, and school districts in response to cybersecurity incidents.
Impact
The bill requires all county and municipal officers and school district employees to complete a cybersecurity awareness training program developed by the Office, ensuring that personnel are adequately equipped to handle possible cyber threats. The education component emphasizes the importance of ongoing training, occurring at least once a year, to keep staff up-to-date with the latest security practices. This initiative is expected to significantly boost awareness and readiness against cyber threats across various governmental tiers.
Summary
Bill S1176, introduced in the New Jersey Legislature, mandates specific procedures and training for municipalities, counties, and school districts in response to cybersecurity incidents. It aims to enhance the cybersecurity posture of public entities by requiring them to undergo independent audits following a cybersecurity event. Within 30 days of a reported incident, the New Jersey Office of Homeland Security and Preparedness must engage an independent cybersecurity company to assess the affected entity’s cybersecurity measures and responses.
Contention
A notable aspect of S1176 is its provision that any information shared during the necessary audits and engagements with cybersecurity companies will be exempt from public disclosure under the Open Public Records Act. This has raised concerns about transparency and the potential for public oversight being limited in cases of cybersecurity breaches involving public funds. Critics may argue that while the intent is to safeguard sensitive information, it could also hinder accountability and the public's right to know about cybersecurity vulnerabilities in government systems.
Carry Over
Requires certain procedures, reports, and training for municipalities, counties, and school districts in response to cybersecurity incidents.