House committee substitute to the 1st edition makes the following changes.
Revises the terminology used in proposed Article 84, GS Chapter 143, now prohibiting State agencies and local government entities from making payments to or communicating with an entity that has engaged in a cybersecurity incident (was, attack) on the agency or local government’s IT system with ransomware and directing agencies or local governments experiencing a ransom request associated with a cyber security incident (was, attack) to consult with the Department of Information Technology (DIT). Changes the numbering of the proposed section to GS 143-800.
Adds to the proposed conforming changes to GS 143B-1379(c) (county and municipal government cyber security incident reporting) to add a statutory-cross reference to new GS 143-800(c)(1), defining local government entities.
Makes conforming changes to the act's long title.
Bill Summaries: H813 (2021)
-
Bill H 813 (2021-2022)Summary date: May 12 2021 - View summary
-
Bill H 813 (2021-2022)Summary date: May 4 2021 - View summary
Amends Chapter 143 of the General Statutes (executive Organization Act of 1973 – establishing and regulating state agencies) by adding Article 84 prohibiting state agencies and local government entities from making payments to or communicating with an entity attacking the agency or local government’s IT system with ransomware, directing agencies or local governments experiencing a ransom request associated with a cyber security attack to consult with the Department of Information Technology (DIT), and defining “local government entity” and “state agency.” Amends GS 143B-1320 (definitions related to DIT) to define “ransomware attack” as a cybersecurity incident where a malicious actor introduces software into an information system that encrypts data and renders the systems that rely on that data unusable, followed by a demand for a ransom payment in exchange for decryption of the affected data. Amends GS 143B-1379(c) (county and municipal government cyber security incident reporting) to make conforming changes. Amends GS 143B-1322(c) to include ransomware attacks in the incidents the Chief Information Officer has the power and duty to coordinate responses to.