New Jersey Governor Phil Murphy recently signed legislation requiring state agencies and government contractors to report cybersecurity incidents to the New Jersey Office of Homeland Security and Preparedness within 72 hours of an incident.

“As we continue to face an evolving threat landscape, we must also adapt the mechanisms in place that safeguard our state,” said Governor Murphy. “This legislation (S297/A493) will bolster New Jersey’s security by expediting cybersecurity incident reporting and increase our resilience through effective communication. We remain committed to equipping our state with the best practices and the strongest defense possible in order to keep our communities safe.”

The bill requires NJOHSP Director Laurie Doran to establish and publish reporting guidelines to facilitate the timely and confidential submission of incident notifications by all public agencies in New Jersey, as well as government contractors, including municipalities, counties, kindergarten through 12th grade public schools, public colleges and universities and state law enforcement agencies among others. The purpose is to ensure the timely reporting of cybersecurity incidents that could jeopardize the confidentiality, integrity or availability of systems and information.

“Cyber threats are constantly evolving and, on the rise, not only in New Jersey but throughout the nation and the world,” Doran said. “This new cyber incident reporting law will help connect the dots, allowing for effective collective incident response among all stakeholders.”

NJOHSP’s cybersecurity division, the New Jersey Cybersecurity and Communications Integration Cell, received 375 confirmed cyber incident reports in 2022. Quick and consistent reporting will assist NJCCIC in expediting response and mitigating further incidents while improving its visibility and awareness of current trends.

“This legislation is very positive from a cybersecurity perspective,” said NJOHSP Acting Deputy Director and NJCCIC Director Michael Geraghty. “By intaking cybersecurity incident reports, the NJCCIC can provide assistance to the affected public agencies to help them respond and recover from an attack. It also allows the NJCCIC to help prevent further compromises of public agencies by sharing the techniques, tactics and protocols the attackers used and the best practices to thwart them.”

Bill sponsors included Sen. Linda Greenstein, Sen. Fred Madden, Assemblywoman Carol Murphy, Assemblyman Daniel Benson and Assemblyman Clinton Calabrese.

The new reporting requirement will take effect immediately.