Legislation sponsored by Assemblywoman Valerie Vainieri Huttle (D-Bergen) and Assemblymen Jamel Holley (D-Union) and Raj Mukherji (D-Hudson) to help protect state government computer systems against ransomware cyber-attacks was approved Thursday by the Assembly Homeland Security and State Preparedness Committee.
Cybersecurity is a growing concern for state government and the private sector. Ransomware is a type of malware that gets into people’s computers, often because they click on a link or open an attachment in an email, which causes the encryption of files or otherwise locks users out until they pay for the key.
In 2016, the town of Plainfield, NJ had its computer system taken hostage. The hijacker demanded a ransom after an employee clicked an infected link. City officials scrambled to pull the computer servers offline, but three were compromised, leaving emails and other city files inaccessible. The hijacker demanded roughly 650 euro to be paid through bitcoin.
“These attacks have enormous implications for government security, economic prosperity, and public safety,” said Vainieri Huttle, who chairs the committee. “A simple click on the wrong link can jeopardize the state’s computer networks and put sensitive information at risk.”
The bill (A-3922) would require state employees to receive training regarding using best safety practices while utilizing state computers.
“Ransomware attacks are a serious problem that must be addressed,” said Holley. “In 2015, the FBI received over 2,400 complaints and victims lost over $24 million. We need to train our State employees in best practices when using State computers if we’re going to stem the tide of this menace.”
The bill would require the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) in the New Jersey Office of Homeland Security and Preparedness, to establish the cybersecurity training program for all state employees in the executive and legislative branch of government who have access to a state computer. The bill would require the Director of the Office of Homeland Security and Preparedness to adopt guidelines to implement the program.
The training should include a review of best practices for using state computers including updating passwords; detecting phishing scams; preventing ransomware, spyware infections, and identity theft; and preventing and responding to data breaches.
The NJCCIC provides cybersecurity information sharing, threat analysis, and incident reporting. Located at the Regional Operations Intelligence Center (ROIC), the NJCCIC promotes statewide awareness of local cyber threats and widespread adoption of best practices.
“Many businesses and local governments targeted by hackers have had no option but to pay the ransom demands. We don’t ever want to find ourselves in that position,” said Mukherji. “This training will provide state employees with best practices so they don’t inadvertently leave our computers systems vulnerable to these types of attacks.”
The bill now goes to the Assembly Speaker for further consideration.