On March 13, 2023, New Jersey Gov. Phil Murphy enacted Senate Bill No. 297 (Assembly Bill No. 493), making it a requirement for public agencies and government contractors to report cybersecurity incidents to the New Jersey Office of Homeland Security and Preparedness within 72 hours of discovering an incident. The regulations were implemented immediately upon signing.
In the hope of reducing the vulnerability of public agencies to cybercriminals, the new law was brought about. Sen. Fred Madden, a sponsor of the bill, pointed out the high frequency and extent to which cybercrimes, ranging from unauthorized system access to confidential data breaches, occur in New Jersey; they affect key entities like schools, hospitals, and police departments on a weekly basis.
The law is aimed at improving the state’s responsiveness to these cyber threats. The data required to be reported will equip the New Jersey Office of Homeland Security and Preparedness to better understand the landscape of cybercrimes and enable more effective response tactics. Michael Geraghty, NJCCIC Director, confirmed that the law would also allow his office to provide immediate assistance to impacted agencies and further, enables sharing critical information about the attacker’s methods and safeguards to prevent future incidents.
Although the specifics of the law’s scope and application are yet to be fully discussed, it is clear that the New Jersey state government is committed to ensuring that critical public agencies are equipped to effectively manage future cyber threats.