RICHMOND – Effective today, July 1, 2022, new state laws take effect that impact information technology (IT) and cybersecurity in the Commonwealth of Virginia. The first piece of legislation expands the requirements for public bodies to report cybersecurity incidents. As of July 1, every state and local public agency must report to the Virginia Fusion Intelligence Center all incidents that:
• Threatening the security of Commonwealth data or communications;
• Result in the exposure of data protected by federal or state laws; Where
• Compromising the security of the entity’s or public agency’s computer systems with the potential to cause major disruption to normal operations.
These reports must be made within 24 hours of discovering an incident.
In addition, the legislation requires the Commonwealth Chief Information Officer (CIO) to convene a task force comprised of state and local actors. The working group, which began meeting in May, is reviewing current cybersecurity reporting and information-sharing practices and will make recommendations on best practices for such reporting.
“Cybersecurity is a critically important priority for the Commonwealth of Virginia, as is focused government coordination across all levels and entities,” said Commonwealth Cybersecurity Undersecretary Aliscia Andrews. “Implementing this legislation gives us a golden opportunity to connect, discover our collective strengths and be ready to respond.”
“Last year, we reported over 66 million attempted cyberattacks on our systems across the Commonwealth. That’s a rate of 2.12 attacks per second,” said Commonwealth CIO Robert Osmond. we see the intensity and sophistication with which cyber attackers execute these threats, we know that we need all available resources to strengthen our cybersecurity infrastructure.VITA looks forward to working with our partners to help ensure security all of our systems, our ways of doing business, and ultimately our services and people.
The second piece of legislation transforms the Information Technology Advisory Council (ITAC) into a body composed of members from the private sector as well as legislators, increases the number of members of the council and adds cybersecurity to the advisory domain of the ITAC. Nominations for members of the new ITAC are expected to be completed soon, and the board is expected to begin meeting later this year.
For more information about VITA and its mission, visit the VITA website.
JVirginia IT Agency proudly serves the Commonwealth’s 65 executive agencies, a workforce of 55,000 state employees and 8.6 million Virginians. VITA connects Virginians to critical government services through information and innovation technology, infrastructure, cybersecurity and governance.