Proposed Bill Would Create New Jersey Cybersecurity Commission – But is that enough?

Will we now have a New Jersey Cybersecurity Commission?

In the wake of the recent denial of service (DoS) attack that crippled Rutgers University, New Jersey lawmakers advanced legislation that would create the New Jersey Cybersecurity Commission. According to the bill, the purpose of the New Jersey Cybersecurity Commission is to “bring public and private sector experts together to make recommendations as to ways in which New Jersey may become both a leader in cybersecurity and improve its own cybersecurity infrastructure.”

The Senate State Government, Wagering, Tourism and Historic Preservation Committee unanimously voted in support of Senate Bill No. 2932, which is sponsored by Sen. Loretta Weinberg. The full Senate will now take up the legislation.

The creation of the New Jersey Cybersecurity Commission reflects the growing cyber threats facing both the public and private sectors. “Given the exponential progress of technology in recent years, threats to critical systems present a growing and complex challenge,” the bill states. “In order to protect New Jersey’s physical and informational infrastructure from unforeseen incidents and marshal necessary resources to meet potential threats, it is important to develop better policies and enhanced standards in the area of cybersecurity.”

Who would make up the New Jersey Cybersecurity Commission?

The New Jersey Cybersecurity Commission would be part of the Office of the Attorney General and consist of thirteen members. Six members would include the Attorney General, the Chief Technology Officer of the Office of Information Technology, the Chief Executive Officer of the Economic Development Authority, the Commissioner of the Department of Education, the Superintendent of State Police, and the Director of the Office of Homeland Security and Preparedness.

The remaining seven members would be private citizens, including two members with expertise in technology, two with expertise in finance, business administration, or economics, two with expertise in public safety, and one with expertise in education.

Proposed legislation for NJ Cybersecurity Commission

Under the proposed legislation, the New Jersey Cybersecurity Commission is directed to:

• Identify high-risk cybersecurity issues facing the State;
• Provide advice and recommendations related to securing New Jersey’s State networks, systems, and data;
• Provide suggestions for the addition of cybersecurity to the New Jersey Office of Emergency Management’s response capabilities, in consultation with the New Jersey Office of Information Technology;
• Present recommendations for science, technology, engineering, and math educational and training programs for all ages, offered through elementary schools, community colleges, and universities;
• Offer strategies to advance private sector cybersecurity economic development opportunities;
• Provide suggestions for coordinating the review of and assessing opportunities for cybersecurity private sector growth as it relates to military facilities and defense activities in New Jersey;
• Offer suggestions for promoting awareness of cyber hygiene among the State’s citizens, businesses, and government entities; and
• Gather data about cybersecurity and cybersecurity threats and issue an annual report to the Governor, including any recommendations for regulatory changes.

Assembly Bill No. 4490

A companion bill, Assembly Bill No. 4490, is currently under consideration by the Assembly Homeland Security and State Preparedness Committee.

We will be closely tracking the status of the proposed New Jersey cybersecurity legislation and will provide updates as they become available.