A new law is looking to protect the state from future cyberattacks.Â
Assembly Bill 1Â was one of the first pieces of legislation to pass out of the Special Session. It passed unanimously in both the Senate and Assembly chambers.
Nevada Governor Joe Lombardo has since signed it into law.
Back in August, Nevada found itself in the hands of a cyber ransomware attack. After 28 days, the state recovered without paying a ransom.
Many across the state felt the impacts, whether it was through the Department of Motor Vehicles or waiting on a background check to get a job or buy a gun.
The Governor's proclamation for the recent Special Session included AB1.
"Assembly Bill 1 really takes those painful lessons that we got from the summer cyberattack and turns them into a permanent statewide defense plan," said Michael Hanna-Butros Meyering, Chief Communication and Policy Officer.
Hanna-Butros Meyering used the analogy of a fire department for this new legislation.
He says this is like adding more equipment and strengthening fire codes. It won't stop fires from completely happening, but it will help to control the spread.
"Instead of just like one, one-off system saying, hey, there might be something wrong, it is actually now that centralized reporting of all these logs," he said. "Now you can see like, oh wait, this is bigger than it is."
The legislation allows the state to expedite the process if a threat is found.
"It clears the lanes of authority during an emergency," Hanna-Butros Meyering said. "So, if the governor declares a cyber emergency, we have IT staff report directly to the state CIO. So, we're not wasting time figuring out who's allowed to do what while systems are still going down."
The law allows the center to work with the Nevada System of Higher Education to give the state more access to the workforce here at home.
"To build a cybersecurity talent pipeline program so students in computer science/cyber can get real SOC experience and stay in Nevada," Hanna-Butros Meyering said.
The legislation creates an account for the center in the state's general fund. This allows the SOC to pull federal cybersecurity grants.
There is also a section that declares that in the event of a threat to public services or critical infrastructure, a meeting between the State's Executive Department and the Legislature is not subject to public open meeting laws.
"What AB1 does is carve out a little narrow space where we can talk frankly about the things like passwords now with diagrams and detailed vulnerability reports, without handing criminals a roadmap," Hanna-Butros Meyering said. "The law requires us to keep a list of what we're treating as confidential and explain that to the legislature on a regular basis. So, oversight is still there, we're just not putting lock codes on the nightly news."
There is still work that needs to happen before the law is fully implemented, with no clear timelines at this point.
