Existing law creates the Nevada Office of Cyber Defense Coordination within the Department of Public Safety, which is headed by an Administrator appointed by the Director of the Department of Public Safety. (NRS 480.920) Existing law sets forth the duties of the Office of Cyber Defense Coordination which include: (1) various duties relating to the security of information systems of state agencies; (2) establishing partnerships with local governments, the Nevada System of Higher Education, private entities and the Federal Government relating to the security of information systems; (3) to prepare and maintain a statewide strategic plan regarding the security of information systems in this State; (4) submitting certain quarterly and annual reports relating to cybersecurity and the progress of the Office; and (5) maintaining certain cybersecurity incident response plans filed by a political subdivision. (NRS 480.924-480.935) Existing law creates the Office of the Chief Information Officer within the Office of the Governor, consisting of certain units, offices and other units, groups, divisions or departments, including the Office of Information Security. (NRS 242.080) Sections 2, 3, 5-16, 26 and 27 of this bill move the Nevada Office of Cyber Defense Coordination to the Office of the Chief Information Officer. Section 17 of this bill merges the Nevada Office of Cyber Defense Coordination and the Office of Information Security and renames the offices the Office of Information Security and Cyber Defense. Sections 20-22, 28 and 29 of this bill make conforming changes by applying various provisions of existing law relating to the Office of Information Security to the Office of Information Security and Cyber Defense. Existing law requires the Chief Information Officer to appoint a Deputy Chief of the Office of Information Security who is in the classified service of this State. (NRS 242.101) Section 18 renames the position of Deputy Chief of the Office of Information Security the Deputy Director of the Office of Information Security and Cyber Defense and places the Deputy Director of the Office in the unclassified service of this State. Section 31 of this bill provides that the person who is in the position of Deputy Chief of the Office of Information Security on July 1, 2025, is in the classified service and must remain in the classified service until he or she vacates that position. Existing law requires the Chief Information Officer to adopt regulations necessary for the administration of laws relating to information services for state agencies, elected state officers and, under certain circumstances, agencies not under the control of the Governor and local governmental agencies. (NRS 242.111) Section 19 of this bill requires the Chief Information Officer to adopt by regulation the policies and procedures necessary to coordinate the cybersecurity activities of state agencies and local governments. Existing law provides that certain plans and records of a state agency or local government relating to a threat or attack on the security of an information system is not a public record. (NRS 480.935, 480.940) Sections 1, 15 and 16 of this bill similarly provide that such plans and records are not public records and may be disclosed only by the Deputy Director only under certain circumstances. Section 35 of this bill repeals the provisions of law creating and providing for the powers and duties of the Nevada Office of Cyber Defense Coordination within the Department of Public Safety. Sections 23-25 of this bill make conforming changes to revise references to provisions that are repealed by section 35.

Statutes affected:
As Introduced: 239.010, 239C.120, 239C.160, 242.080, 242.101, 242.111, 242.181, 242.183, 205.4765, 293.0635, 293.104, 293.870, 480.130, 480.140, 603A.210, 603A.215
BDR: 239.010, 239C.120, 239C.160, 242.080, 242.101, 242.111, 242.181, 242.183, 205.4765, 293.0635, 293.104, 293.870, 480.130, 480.140, 603A.210, 603A.215