Sponsored by:
Senator LINDA R. GREENSTEIN
District 14 (Mercer and Middlesex)
Senator ANGELA V. MCKNIGHT
District 31 (Hudson)
 
 
 
 
SYNOPSIS
Requires certain State employees to receive training in cybersecurity best practices.
 
CURRENT VERSION OF TEXT
As introduced.
An Act concerning State cybersecurity and supplementing Title 52 of the Revised Statutes.
 
Be It Enacted by the Senate and General Assembly of the State of New Jersey:
 
1. As used in this act:
a. "State agency" means any of the principal departments in the Executive Branch of the State Government, and any division, board, bureau, office, commission or other instrumentality within or created by such department, the Legislature of the State and any office, board, bureau or commission within or created by the Legislative Branch, and, to the extent consistent with law, any interstate agency to which New Jersey is a party and any independent State authority, commission, instrumentality or agency. A county or municipality shall not be deemed an agency or instrumentality of the State.
b. "State employee" means any person holding an office or employment in a State agency, including a member of the Legislature.
 
2. Every State employee who has access to a State agency computer shall annually undergo cybersecurity training incorporating best practices as presented by the New Jersey Cybersecurity and Communications Integration Cell, established pursuant to Executive Order No. 178 (2015) in the New Jersey Office of Homeland Security and Preparedness. The office may, in its discretion, make the training available as an online course. The training shall include, but need not be limited to, updating passwords; detecting phishing scams; preventing ransomware, spyware infections, and identity theft; and preventing and responding to data breaches.
The Director of the Office of Homeland Security and Preparedness shall adopt guidelines to implement the requirements of this section.
 
3. This act shall take effect immediately.
 
 
STATEMENT
 
This bill requires State employees to receive training regarding using best safety practices while utilizing State computers.
The bill requires the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) in the New Jersey Office of Homeland Security and Preparedness, to establish the cybersecurity training program for all State employees in the Executive and Legislative Branch of government who have access to a State computer. The bill requires the Director of the Office of Homeland Security and Preparedness to adopt guidelines to implement the program.
The training should include a review of best practices for using State computers including updating passwords; detecting phishing scams; preventing ransomware, spyware infections, and identity theft; and preventing and responding to data breaches.
The NJCCIC provides cybersecurity information sharing, threat analysis, and incident reporting. Located at the Regional Operations Intelligence Center (ROIC), the NJCCIC promotes Statewide awareness of local cyber threats and widespread adoption of best practices.
Cybersecurity is a growing concern for State government and the private sector. It has enormous implications for government security, economic prosperity, and public safety.