Sponsored by:
Assemblywoman CLAIRE S. SWIFT
District 2 (Atlantic)
Co-Sponsored by:
Assemblyman Simonsen, Assemblywoman Fantasia, Assemblyman McClellan and Assemblywoman Matsikoudis
SYNOPSIS
Establishes Cyber Security Reserve Corps; appropriates $500,000.
CURRENT VERSION OF TEXT
As introduced.
An Act establishing the Cyber Security Reserve Corps, supplementing Title 52 of the Revised Statutes, and making an appropriation.
Be It Enacted by the Senate and General Assembly of the State of New Jersey:
1. a. As used in this section:
Office means the Office of Information Technology established pursuant to section 9 of P.L.2007, c.56 (C.52:18A-227).
Officer means the Chief Technology Officer of the Office of Information Technology.
Reserve corps means the Cyber Security Reserve Corps established pursuant to this section.
Reserve corps member means a person who volunteers for the Cyber Security Reserve Corps.
b. There is established in the Office of Information Technology for purposes of developing expertise and preparing for cyber security emergencies a volunteer force to be known as the Cyber Security Reserve Corps. The purpose of the reserve corps shall be to develop expertise in and prepare for cyber security emergencies and risk management, and to provide response assistance to the State in the event of a critical cyber incident. The Cyber Security Reserve Corps shall be overseen and administered by the Chief Technology Officer of the Office of Information Technology, or a designee. The officer shall establish the necessary procedures and standards for the successful development and utilization of the reserve corps and ensure that all volunteers of the reserve corps meet the requirements established pursuant to this section.
c. The Cyber Security Reserve Corps shall be headquartered in a satellite office in the City of Atlantic City as approved by the officer. There shall be at least two full-time personnel stationed at the headquarters to effectively manage the recruitment, operations, and purchasing for the reserve corps.
d. The officer shall create an application to ensure that all reserve corps members can demonstrate sufficient qualifications and technical expertise. Participation in the reserve corps shall be limited to persons who meet the following criteria:
(1) have at least two years of direct involvement with information security, preferably with security operations, incident response, or digital or network forensics;
(2) possess a basic security certification;
(3) provide evidence of employer support; and
(4) pass a background screening and sign a confidential disclosure agreement.
The office shall also be responsible for establishing a series of tests that shall be used as part of the application process to demonstrate basic knowledge and competency of networking and security concepts, as well as incident response and forensics skills. All members of the reserve corps shall be required to pass the series of tests in order to be considered qualified.
Upon qualifying as a reserve corps member, volunteers shall commit to no less than 10 days per calendar year for cyber security and incident response training and exercises, as deemed appropriate by the officer. Qualified members of the Cyber Security Reserve Corps shall also be expected to respond and provide assistance to the State, a county, a municipality, or a public school system in the event of a critical cyber incident, as determined by the officer.
e. Reserve corps members shall serve without compensation, however, members shall be reimbursed for necessary and reasonable expenses incurred in the performance of their duties within the limits of funds appropriated or otherwise made available for purposes of this section.
f. The officer shall establish a framework of cooperation between the reserve corps and counties, municipalities, public school systems, the National Guard, and military reserve organizations. A separate framework of cooperation may be established for each organization or entity. The frameworks of cooperation shall include, but need not be limited to:
(1) cyber security risk management protocols;
(2) established points and methods of contact;
(3) a step-by-step plan in the event of a critical cyber incident; and
(4) coordinated efforts to address cyber security concerns.
g. There is established in the Office of Information Technology a special dedicated, non-lapsing fund to be known as the Cyber Security Reserve Corps Fund. The fund shall consist of all monies appropriated by the Legislature for inclusion in the fund, monies received from federal grants, investment earnings of the fund, and monies contributed to the fund by private sources. The Office of Information Technology shall be authorized to raise funds, through direct solicitation or other fundraising events, alone or with other groups, and may accept monetary donations, gifts, grants, and bequests from individuals, corporations, foundations, governmental agencies, public and private organizations, and institutions, to defray the offices administrative expenses and for the purposes of this section. The monies in the fund shall be invested and reinvested by the Department of the Treasury.
Monies in the Cyber Security Reserve Corps Fund shall be used by the office to manage and provide support to the Cyber Security Reserve Corps, which may include, but need not be limited to:
(1) management of the volunteer network;
(2) recruitment of volunteers;
(3) purchasing equipment and technology;
(4) training for volunteers; and