The bill amends the Cybersecurity Act to enhance the structure and responsibilities of the Cybersecurity Office and the Cybersecurity Advisory Committee in New Mexico. It establishes the "office of cybersecurity," which will be managed by the state chief information security officer, and outlines its duties, including overseeing cybersecurity and information security functions for state agencies, developing minimum security standards, and creating a centralized cybersecurity reporting process. The bill also introduces new definitions related to cybersecurity, such as "state-operated or state-owned telecommunications network," and expands the scope of the office's responsibilities to include collaboration with local governments and the development of cybersecurity training services.

Additionally, the bill modifies the membership and duties of the Cybersecurity Advisory Committee, which will now be directly associated with the office of cybersecurity. The committee will assist in developing a statewide cybersecurity plan and guidelines for best practices, while also having authority over the hiring and supervision of the security officer. Changes to the committee's composition include the appointment of members by various state officials and organizations, ensuring representation from diverse governmental agencies experienced in cybersecurity. The committee is required to meet regularly and report on the status of cybersecurity preparedness to legislative committees and the governor, with provisions for per diem and mileage for its members.

Statutes affected:
introduced version: 9-27A-3, 9-27A-5
RU substitute: 9-27A-2, 9-27A-3, 9-27A-5