In Brief

Lawmakers mull measure requiring public agencies to report cybersecurity incidents

By: - March 23, 2022 6:32 am

(Getty Images)

Lawmakers advanced a measure Monday that would require public agencies to report cybersecurity incidents to the New Jersey Office of Homeland Security and Preparedness.

Mandated reporting would allow authorities to have a statewide strategy in helping agencies more quickly and effectively respond to and recover from such attacks, said Michael Geraghty, the state’s chief information security officer and director of the Office of Homeland Security and Preparedness’ cybersecurity office.

Geraghty testified Monday before the Senate Law and Public Safety Committee, which unanimously advanced the bill sponsored by Sen. Linda Greenstein (D-Middlesex).

State government computer networks get attacked 10 million times daily, Geraghty said. His office scours the dark web for compromised credentials from New Jersey’s public and critical infrastructure agencies and has detected more than 23,000 compromised credentials (such as a state employee’s email and password) being used since May 2020, he said.

Russian cyberattacks also are on the rise, prompting a White House warning this week that companies and agencies should be on guard as Russia retaliates for U.S. sanctions over its invasion of Ukraine.

“We’re not going to prevent every attack from happening, just like we’re not going to prevent hurricanes or tornadoes or other types of natural disasters, but we want to make New Jersey more resilient to these attacks,” Geraghty said.

Under the bill, all public agencies would have to report incidents within 72 hours. The state Office of Homeland Security and Preparedness would create a central database of threats statewide, with the goal of sharing threat intelligence that can help agencies reduce risks and improve preparedness and response.

The bill also would require the office to annually report cybersecurity incidents, responses, and trends to the Attorney General’s Office.

“It’s a global community online, and it’s a global fight,” said Ryan Hoppock, deputy director of the New Jersey Regional Computer Forensics Laboratory.

Everything is more connected digitally than ever before, Geraghty said, from intelligent traffic systems to government websites to home technology like doorbells, thermostats, and elevators. While attacks can be targeted, they’re more often opportunistic, he added.

“It’s not necessarily how valuable you are, it’s how vulnerable you are,” Geraghty said. “There are lots of vulnerabilities out there, and we are all at risk.”


Our stories may be republished online or in print under Creative Commons license CC BY-NC-ND 4.0. We ask that you edit only for style or to shorten, provide proper attribution and link to our web site. Please see our republishing guidelines for use of photos and graphics. Please see our republishing guidelines for use of photos and graphics.

Dana DiFilippo
Dana DiFilippo

Dana DiFilippo comes to the New Jersey Monitor from WHYY, Philadelphia’s NPR station, and the Philadelphia Daily News, a paper known for exposing corruption and holding public officials accountable. Prior to that, she worked at newspapers in Cincinnati, Pittsburgh, and suburban Philadelphia and has freelanced for various local and national magazines, newspapers and websites. She lives in Central Jersey with her husband, a photojournalist, and their two children.