SENATE, No. 808

STATE OF NEW JERSEY

217th LEGISLATURE

 

PRE-FILED FOR INTRODUCTION IN THE 2016 SESSION

 


 

Sponsored by:

Senator  LORETTA WEINBERG

District 37 (Bergen)

Senator  BRIAN P. STACK

District 33 (Hudson)

 

 

 

 

SYNOPSIS

     Creates NJ Cybersecurity Commission; appropriates $50,000.

 

CURRENT VERSION OF TEXT

     Introduced Pending Technical Review by Legislative Counsel.

  


An Act creating the New Jersey Cybersecurity Commission and supplementing Title 52 of the Revised Statutes and making an appropriation.

 

     1.    The Legislature finds and declares:

     a.     Given the exponential progress of technology in recent years, threats to critical systems present a growing and complex challenge. In order to protect New Jersey’s physical and informational infrastructure from unforeseen incidents and marshal necessary resources to meet potential threats, it is important to develop better policies and enhanced standards in the area of cybersecurity. While rapidly advancing technologies create substantial security risks, they also present significant opportunities for producing more efficient and protected proprietary networks, strengthening New Jersey’s cybersecurity framework, and advancing vital prospects for economic development.

     b.    New Jersey’s cybersecurity firms have the potential to export their technologies, goods, and services to global markets in the public and private sectors, and could benefit from any public funds appropriated for cybersecurity businesses. Further, with the critical need for secure business data, New Jersey must cultivate conditions to attract and retain, as well as secure a competitive advantage for, cybersecurity companies in the marketplace. Promoting the cybersecurity industry will produce a synergy to ensure growth of related cyber operations, businesses, and facilities, sustain a wide variety of high-skilled jobs for citizens of this State, and strengthen a culture of excellent cyber hygiene that is critical for New Jersey.

     c.     Cybersecurity instruction, training, and programs are requisite components to prepare those currently seeking new occupational opportunities, as well as the next generation, for the rapidly developing cybersecurity workplace. Focusing on cutting edge education and training is essential for New Jersey’s cybersecurity workforce and economic development, as occupations in the cybersecurity industry are in high demand and among the fastest growing in the economy.  New Jersey continues to lead the nation in its dedication to education and can capitalize on this dedication by coupling it with investment in cybersecurity.

     d.    Establishing a State Cybersecurity Commission will lay the groundwork for New Jersey’s efforts to make this State a leader in cybersecurity and the foundation necessary to capitalize on the economic opportunities that accompany growing that industry. The first step is to pave the way to grow this key industry, keep New Jersey’s cyber assets safe, and create new, quality jobs in this State.

 

     2.    There is established in the Department of Law and Public Safety, in the Office of the Attorney General, a commission which shall be known as the New Jersey Cybersecurity Commission.

     3.  a.  The commission shall consist of 13 members.  Six members of the commission shall be the following officers, or their designees, serving ex officio: the Attorney General, the Chief Technology Officer of the Office of Information Technology, the Chief Executive Officer of the New Jersey Economic Development Authority, the Commissioner of the Department of Education, the Superintendent of State Police, and the Director of the Office of Homeland Security and Preparedness.  Seven members of the commission shall be private citizens who shall be appointed by the Governor, with the advice and consent of the Senate, who shall not hold elective public office while serving as a member of the commission.  Not more than four of the members appointed by the Governor shall be of the same political party.  Of the seven members appointed by the Governor, two shall be individuals with expertise in technology; two shall be individuals with expertise in finance, business administration, or economics; two shall be individuals with expertise in public safety; and one shall be an individual with expertise in education.  The commission shall select a chairperson and vice chairperson who shall be members of the commission.

     b.    All nominations for  appointment to the commission shall be made within 90 days after the date of enactment of this act, P.L.    , c.  (pending before the Legislature as this bill).  Each member appointed by the Governor shall hold office for a term of three years and until his successor is appointed and qualified.  All vacancies shall be filled in the same manner as the original appointment.  A member appointed to fill a vacancy occurring in the membership of the commission for any reason other than the expiration of the term shall have a term of appointment for the unexpired term only.  A member may be appointed for any number of successive terms. Any member appointed by the Governor may be removed from office by the Governor, for cause, after a hearing and may be suspended by the Governor pending the completion of the hearing.  Members of the commission appointed by the Governor shall serve without compensation, but shall be reimbursed for necessary expenses incurred in the performance of their duties as members.

     c.     The commission shall serve in an advisory role and shall meet upon the call of the chairman at least four times per year. In addition, the commission shall issue an annual report and any other reports and recommendations as necessary or as requested by the Governor.

 

     4.  a.  The Office of Information Technology, and such other agencies and offices as designated by the Governor, shall provide the support staff necessary for the commission to perform its duties. The commission also may, subject to the availability of funds, hire and employ, pursuant to Title 11A, Civil Service, of the New Jersey Statutes, other professional, technical, and clerical staff as may be necessary to perform the functions needed by the commission.

     b.    The commission may call to its assistance and avail itself of the services of the employees of any other State agencies as it may require and as may be available to it for that purpose, and the other State agencies shall provide the commission with such information as may be necessary for the commission to perform its functions.

     c.     Necessary funding to support the commission and its staff may be provided from federal funds, private funds, and State funds appropriated for the same purposes as those of the commission, as well as any other private sources of funding that may be identified and appropriate.

 

     5.  a.  The purpose of the commission is to bring public and private sector experts together to make recommendations as to ways in which New Jersey may become both a leader in cybersecurity and improve its own cybersecurity infrastructure. To implement that purpose, the commission shall:

     (1)   identify high risk cybersecurity issues facing the State;

     (2)   provide advice and recommendations related to securing New Jersey’s State networks, systems, and data, including interoperability, standardized plans and procedures, and evolving threats and best practices to prevent the unauthorized access, theft, alteration, and destruction of the State’s data;

     (3)   provide suggestions for the addition of cybersecurity to the New Jersey Office of Emergency Management’s response capabilities, including testing cybersecurity incident response scenarios, recovery and restoration plans, and coordination with the federal government, in consultation with the New Jersey Office of Information Technology;

     (4)   present recommendations for science, technology, engineering, and math educational and training programs for all ages, offered through elementary schools, community colleges, and universities, in order to foster an improved cybersecurity workforce pipeline and equip cybersecurity professionals with a wide range of expertise;

     (5)   offer strategies to advance private sector cybersecurity economic development opportunities, including innovative technologies, research and development, and start-up firms, and maximize public-private partnerships throughout the State;

     (6)   provide suggestions for coordinating the review of and assessing opportunities for cybersecurity private sector growth as it relates to military facilities and defense activities in the State;

     (7)   offer suggestions for promoting awareness of cyber hygiene among the State’s citizens, businesses, and government entities; and

     (8)   gather data about cybersecurity and cybersecurity threats and issue an annual report of its summary of the data collected to the Governor, which shall include any recommendations the commission finds appropriate for changes in laws or regulations concerning programs and policies regarding cybersecurity, information and technology, or other matters of public safety related thereto.

     b.    To implement its purpose, the commission is authorized, subject to the provisions of this act, to contract for and accept any gifts, grants, or loans of funds, property or financial, or other aid in any form from any public or private source as deemed appropriate.

     c.     The commission shall submit an annual budget to the Attorney General for inclusion in the budget of the Department of Law and Public Safety, which shall include any proposals of the commission for additional State agencies to participate in this initiative.

     d.    At the end of three years after the date of enactment of this act, the purposes and activities of the New Jersey Cybersecurity Commission shall come before the Legislature for review through hearings held by appropriate legislative standing reference committees.

 

     6.    There is appropriated from the State General Fund $50,000 to the New Jersey Cybersecurity Commission for this cybersecurity initiative.

 

     7.    This act shall take effect immediately.

 

 

STATEMENT

 

     This bill creates the New Jersey Cybersecurity Commission in the Office of the Attorney General, consisting of thirteen members.

     Six members of the commission consist of the Attorney General, the Chief Technology Officer of the Office of Information Technology, the Chief Executive Officer of the Economic Development Authority, the Commissioner of the Department of Education, the Superintendent of State Police, and the Director of the Office of Homeland Security and Preparedness.  Seven members are to be private citizens with relevant background appointed by the Governor and subject to the advice and consent of the Senate.  Of the private citizens, there will be two members with expertise in technology, two with expertise in finance, business administration, or economics, two with expertise in public safety, and one with expertise in education.  Each appointed member shall serve a term of three years.

     Given the exponential growth of technology in recent years, and the resulting increase in threats to critical systems, this bill seeks to protect New Jersey’s cybersecurity infrastructure, produce more efficient and protected proprietary networks, strengthen New Jersey’s cybersecurity framework, and advance economic development in the area of cybersecurity.  With the critical need for secure business data, this bill attempts to cultivate conditions to attract and retain, as well as secure a competitive advantage for, cybersecurity companies in the marketplace. Because occupations in the cybersecurity industry are among the fastest growing in the economy, this bill also seeks to capitalize on New Jersey’s dedication to education by coupling it with investment in cybersecurity.

     The purpose of the commission is to bring public and private sector experts together to make recommendations as to ways in which New Jersey may become both a leader in cybersecurity and improve its own cybersecurity infrastructure. The commission is directed to:

     1.    identify high risk cybersecurity issues facing the State;

     2.    provide advice and recommendations related to securing New Jersey’s State networks, systems, and data;

     3.    provide suggestions for the addition of cybersecurity to the New Jersey Office of Emergency Management’s response capabilities, in consultation with the New Jersey Office of Information Technology;

     4.    present recommendations for science, technology, engineering, and math educational and training programs for all ages, offered through elementary schools, community colleges, and universities;

     5.    offer strategies to advance private sector cybersecurity economic development opportunities;

     6.    provide suggestions for coordinating the review of and assessing opportunities for cybersecurity private sector growth as it relates to military facilities and defense activities in New Jersey;

     7.    offer suggestions for promoting awareness of cyber hygiene among the State’s citizens, businesses, and government entities; and

     8.    gather data about cybersecurity and cybersecurity threats and issue an annual report of its summary of the data collected to the Governor, including any recommendations for changes in laws or regulations concerning cybersecurity, information and technology, or other general matters of public safety related thereto.

     This bill appropriates $50,000 from the State General Fund.  The commission will come before the Legislature for review at the end of three years.