The bill amends the Cybersecurity Act to enhance the structure and responsibilities of the Cybersecurity Office and the Cybersecurity Advisory Committee in New Mexico. It establishes the "office of cybersecurity," which will be managed by the state chief information security officer, and outlines its duties, including overseeing cybersecurity functions for state agencies, developing minimum security standards, and creating a centralized reporting process for cybersecurity incidents. The bill also introduces new definitions related to cybersecurity, such as "state-operated or state-owned telecommunications network," and expands the scope of information technology to include various systems and processes.

Additionally, the bill modifies the composition and responsibilities of the Cybersecurity Advisory Committee. It reduces the number of appointed members from various governmental agencies and introduces new requirements for the committee's operations, including the authority to hire and supervise the security officer. The committee is tasked with developing a statewide cybersecurity plan and providing recommendations for responding to cybersecurity threats. It is also required to report on the status of cybersecurity preparedness to legislative committees and the governor, with specific timelines for these reports. Overall, the bill aims to strengthen New Mexico's cybersecurity framework and improve coordination among state agencies.

Statutes affected:
introduced version: 9-27A-3, 9-27A-5
RU substitute: 9-27A-2, 9-27A-3, 9-27A-5