Assembly lawmakers on Thursday weighed whether to move forward with bills that would require the state to revamp its cybersecurity infrastructure.
The three bills discussed by the Assembly’s homeland security committee would require government employees statewide to complete cybersecurity training, teach workers how to spot phishing scams, and require governments to report details of their infrastructure security to the state.
Assemblyman Joe Danielsen (D-Middlesex) voiced support for all three bills, noting that the kind of training they would mandate is comparable to other sorts of training state workers must complete. This type of training is being done in other industries, so it should be required at the government level as well, he said.
“Government agencies should be the first ones (trained) because we are the stewards that have been entrusted with public money,” he said.
The debate comes just months after Iranian hackers targeted cyberattacks in seven states, including a township in Union County that fell victim to the scheme. Jersey City Mayor Steve Fulop said in 2020 that his city saw an average of 13,000 cyberattack attempts weekly during the pandemic. In 2019, several North Jersey towns, including Dumont, Elmwood Park, and Palisades Park, were targets of cyberattacks.
The bill that would mandate training programs for all state and municipal workers would also require the state Office of Information Technology to create the training. Periodic audits would be required to ensure agencies are complying with the bill’s requirements.
Another measure (A1848) would require state employees to receive training regarding “best safety practices” while using state computers. The training would include tips on updating passwords, detecting phishing scams, and preventing viruses, ransomware, data breaches, and identity theft.
Assemblywoman Angela McKnight (D-Hudson) on Thursday suggested increasing the frequency of training and testing, and inquiring about what other states do in this area. The bills don’t have to “reinvent the wheel,” she said.
The final bill (S484) would require government entities to file a report to the Legislature and governor’s office detailing their infrastructure’s security, any high-risk issues, and ideas for improvements, like updating software or computers. A “government entity” would include all municipalities, counties, school districts, state colleges, government agencies, boards and bureaus, and each principal department in the executive branch.
That measure unanimously passed the state Senate in October. All three bills discussed Thursday have yet to be voted on in the Assembly.
Assemblyman Greg McGuckin (R-Ocean) said he’d support the bills but said the governor could issue an order mandating some of these reviews immediately.
“As a state mandate for local entities, I think the state should pay for it. Other than that, I think it’s well-intentioned, and I think every governing body should be doing this on their own, but if the legislators mandate it, I think the state should pay for it,” he said.
GET THE MORNING HEADLINES DELIVERED TO YOUR INBOX