Lawmakers mull measure requiring public agencies to report cybersecurity incidents

Lawmakers advanced a measure Monday that would require public agencies to report cybersecurity incidents to the New Jersey Office of Homeland Security and Preparedness.

Mandated reporting would allow authorities to have a statewide strategy in helping agencies more quickly and effectively respond to and recover from such attacks, said Michael Geraghty, the state’s chief information security officer and director of the Office of Homeland Security and Preparedness’ cybersecurity office.

Geraghty testified Monday before the Senate Law and Public Safety Committee, which unanimously advanced the bill sponsored by Sen. Linda Greenstein (D-Middlesex).

State government computer networks get attacked 10 million times daily, Geraghty said. His office scours the dark web for compromised credentials from New Jersey’s public and critical infrastructure agencies and has detected more than 23,000 compromised credentials (such as a state employee’s email and password) being used since May 2020, he said.

Russian cyberattacks also are on the rise, prompting a White House warning this week that companies and agencies should be on guard as Russia retaliates for U.S. sanctions over its invasion of Ukraine.

“We’re not going to prevent every attack from happening, just like we’re not going to prevent hurricanes or tornadoes or other types of natural disasters, but we want to make New Jersey more resilient to these attacks,” Geraghty said.

Under the bill, all public agencies would have to report incidents within 72 hours. The state Office of Homeland Security and Preparedness would create a central database of threats statewide, with the goal of sharing threat intelligence that can help agencies reduce risks and improve preparedness and response.

The bill also would require the office to annually report cybersecurity incidents, responses, and trends to the Attorney General’s Office.

“It’s a global community online, and it’s a global fight,” said Ryan Hoppock, deputy director of the New Jersey Regional Computer Forensics Laboratory.

Everything is more connected digitally than ever before, Geraghty said, from intelligent traffic systems to…