New Information Technology and Cybersecurity Laws Take Effect in Virginia
Starting July 1, 2022, new state laws go into effect in Virginia.
Among the new laws, two impact information technology and cybersecurity in the Commonwealth of Virginia.
The first piece of legislation will expand the requirements for public bodies to report cybersecurity incidents. As of July 1, every state and local government agency must report all incidents that threaten the security of Commonwealth data or communications, result in the exposure of data protected by federal or state laws, or compromise the security of public entity or agency information systems with the potential to cause major disruption to normal operations.
These reports must be submitted to the Virginia Fusion Intelligence Center within 24 hours of discovering an incident.
In addition, the legislation requires the Commonwealth Chief Information Officer (CIO) to convene a task force comprised of state and local actors.
The working group, which began meeting in May, is reviewing current cybersecurity reporting and information-sharing practices and will make recommendations on best practices for such reporting.
The second bill will transform the Information Technology Advisory Council into a body made up of members from the private sector as well as legislators, increase the number of council members and add cybersecurity to the ITAC’s advisory domain.
The board is expected to begin meeting later this year.
“Cybersecurity is a critically important priority for the Commonwealth of Virginia, as is focused government coordination across all levels and entities,” said Commonwealth Cybersecurity Undersecretary Aliscia Andrews. “Implementing this legislation gives us a golden opportunity to connect, discover our collective strengths and be ready to respond.”
“Last year, we reported over 66 million attempted cyberattacks on our systems across the Commonwealth. That’s a rate of 2.12 attacks per second,” said Commonwealth CIO Robert Osmond. we see the intensity and sophistication with which cyber attackers execute these threats, we know that we need all available resources to strengthen our cybersecurity infrastructure.VITA looks forward to working with our partners to help ensure security all of our systems, our ways of doing business, and ultimately our services and people.