<b><i>Online Extra:</b></i> NJ Legislature Moves on Cybersecurity Bill

The New Jersey Legislature on Oct. 5 began taking steps toward increasing its ability to combat cybercrime.

The move comes a week after Rutgers University had its Internet service crippled by a denial-of-service (DoS) attack, in which its network was flooded with illegitimate traffic, overwhelming the system and blocking access for legitimate users. The attack marked the fifth time this year the university has had its Internet service hacked.

In a 4-0 vote Oct. 5, the Senate State Government, Wagering, Tourism and Historic Preservation Committee voted to create the New Jersey Cybersecurity Commission.

“Given the exponential progress of technology in recent years, threats to critical systems present a growing and complex challenge,” says the bill, which is sponsored by Sen. Loretta Weinberg (D-Bergen). “In order to protect New Jersey's physical and informational infrastructure from unforeseen incidents and marshal necessary resources to meet potential threats, it is important to develop better policies and enhanced standards in the area of cybersecurity.”

Weinberg's bill, S2932, would create a 13-member commission with the Department of Criminal Justice.

Six of the commission's members would consist of representatives from the state Attorney General's Office, the chief technology officer of the Office of Information Technology, the chief executive officer of the state Economic Development Authority, the commissioner of the Department of Education, the superintendent of the State Police and the director of the Office of Homeland Security and Preparedness.

Seven members would be private citizens with relevant backgrounds appointed by the governor and subject to the advice and consent of the Senate. Of those members, two would have expertise in technology; two in finance, business administration or economics; two in public safety; and one in education.

Weinberg did not appear before the committee to answer questions about the bill, and it passed without debate. It now goes to the full Senate for consideration.

A companion bill, A4490, sponsored by Assemblywoman Valerie Vainieri Huttle (D-Bergen), is pending before the Assembly Homeland Security and State Preparedness Committee.

The commission, if ultimately created, would have eight functions:

1. ' To identify high-risk cybersecurity issues facing the state.
2. ' To provide advice relating to the security of the state's networks and systems.
3. ' To suggest how to add cybersecurity to the state's Office of Emergency Management's response capabilities.
4. ' To recommend science, technology, engineering and math programs for high schools, four-year colleges and community colleges.
5. ' To develop strategies to enhance private-sector security.
6. ' To review and assess opportunities for private-sector involvement in cybersecurity issues relating to military facilities in the state.
7. ' To educate the public about the necessity of online security.
8. ' To issue an annual report about cybersecurity threats and measures taken to offset them.

Of all of the state's institutions, Rutgers has been hit the hardest.

The Sept. 28 DoS attack was the first attack since Rutgers invested $3 million to upgrade its computer networks' security after at least four attacks during the past school year. That upgrade was the primary reason Rutgers raised tuition and fees by 2.3 percent for the 2015-16 school year, NJ.com reported in August, with a hacker known as “Exfocus” claiming responsibility for the problems.

“'Honestly, I am sitting here dumbfounded at the amount of incompetence displayed once again by the Rutgers IT department,'” Exfocus wrote in a post on Pastebin.com in April, according to the NJ.com report. “'I could run circles around all of you with my eyes closed, and one leg amputated.'”

Weinberg was away from her office and could not be reached for comment on the legislation.

Michael Booth writes for the New Jersey Law Journal, an ALM sibling of e-Commerce Law & Strategy. He can be reached at [email protected].

'

The New Jersey Legislature on Oct. 5 began taking steps toward increasing its ability to combat cybercrime.

The move comes a week after Rutgers University had its Internet service crippled by a denial-of-service (DoS) attack, in which its network was flooded with illegitimate traffic, overwhelming the system and blocking access for legitimate users. The attack marked the fifth time this year the university has had its Internet service hacked.

In a 4-0 vote Oct. 5, the Senate State Government, Wagering, Tourism and Historic Preservation Committee voted to create the New Jersey Cybersecurity Commission.

“Given the exponential progress of technology in recent years, threats to critical systems present a growing and complex challenge,” says the bill, which is sponsored by Sen. Loretta Weinberg (D-Bergen). “In order to protect New Jersey's physical and informational infrastructure from unforeseen incidents and marshal necessary resources to meet potential threats, it is important to develop better policies and enhanced standards in the area of cybersecurity.”

Weinberg's bill, S2932, would create a 13-member commission with the Department of Criminal Justice.

Six of the commission's members would consist of representatives from the state Attorney General's Office, the chief technology officer of the Office of Information Technology, the chief executive officer of the state Economic Development Authority, the commissioner of the Department of Education, the superintendent of the State Police and the director of the Office of Homeland Security and Preparedness.

Seven members would be private citizens with relevant backgrounds appointed by the governor and subject to the advice and consent of the Senate. Of those members, two would have expertise in technology; two in finance, business administration or economics; two in public safety; and one in education.

Weinberg did not appear before the committee to answer questions about the bill, and it passed without debate. It now goes to the full Senate for consideration.

A companion bill, A4490, sponsored by Assemblywoman Valerie Vainieri Huttle (D-Bergen), is pending before the Assembly Homeland Security and State Preparedness Committee.

The commission, if ultimately created, would have eight functions:

1. ' To identify high-risk cybersecurity issues facing the state.
2. ' To provide advice relating to the security of the state's networks and systems.
3. ' To suggest how to add cybersecurity to the state's Office of Emergency Management's response capabilities.
4. ' To recommend science, technology, engineering and math programs for high schools, four-year colleges and community colleges.
5. ' To develop strategies to enhance private-sector security.
6. ' To review and assess opportunities for private-sector involvement in cybersecurity issues relating to military facilities in the state.
7. ' To educate the public about the necessity of online security.
8. ' To issue an annual report about cybersecurity threats and measures taken to offset them.

Of all of the state's institutions, Rutgers has been hit the hardest.

The Sept. 28 DoS attack was the first attack since Rutgers invested $3 million to upgrade its computer networks' security after at least four attacks during the past school year. That upgrade was the primary reason Rutgers raised tuition and fees by 2.3 percent for the 2015-16 school year, NJ.com reported in August, with a hacker known as “Exfocus” claiming responsibility for the problems.

“'Honestly, I am sitting here dumbfounded at the amount of incompetence displayed once again by the Rutgers IT department,'” Exfocus wrote in a post on Pastebin.com in April, according to the NJ.com report. “'I could run circles around all of you with my eyes closed, and one leg amputated.'”

Weinberg was away from her office and could not be reached for comment on the legislation.

Michael Booth writes for the New Jersey Law Journal, an ALM sibling of e-Commerce Law & Strategy. He can be reached at [email protected].

'