House committee substitute to the 1st edition makes the following changes.
Revises the terminology used in proposed Article 84, GS Chapter 143, now prohibiting State agencies and local government entities from making payments to or communicating with an entity that has engaged in a cybersecurity incident (was, attack) on the agency or local government’s IT system with ransomware and directing agencies or local governments experiencing a ransom request associated with a cyber security incident (was, attack) to consult with the Department of Information Technology (DIT). Changes the numbering of the proposed section to GS 143-800.
Adds to the proposed conforming changes to GS 143B-1379(c) (county and municipal government cyber security incident reporting) to add a statutory-cross reference to new GS 143-800(c)(1), defining local government entities.
Makes conforming changes to the act's long title.
PROHIBIT STATE AGENCIES PAYMENT OF RANSOMWARE.
Printer-friendly: Click to view
View NCGA Bill Details | 2021 |
AN ACT TO PROHIBIT ANY STATE AGENCY, UNIT OF LOCAL GOVERNMENT, OR PUBLIC AUTHORITY FROM PAYING A RANSOM IN CONNECTION WITH A CYBERSECURITY INCIDENT AND TO CLARIFY THE REPORTING OF CYBERSECURITY INCIDENTS TO THE DEPARTMENT OF INFORMATION TECHNOLOGY.Intro. by Saine, Johnson.
Bill History:
-
Tue, 4 May 2021 House: Filed
-
Wed, 5 May 2021 House: Passed 1st Reading
-
Wed, 12 May 2021 House: Reptd Fav Com Substitute
-
Wed, 12 May 2021 House: Re-ref Com On Rules, Calendar, and Operations of the House
-
Wed, 12 May 2021 House: Reptd Fav
-
Wed, 12 May 2021 House: Cal Pursuant Rule 36(b)
-
Wed, 12 May 2021 House: Added to Calendar
-
Wed, 12 May 2021 House: Passed 2nd Reading
-
Wed, 12 May 2021 House: Passed 3rd Reading
-
Thu, 13 May 2021 House: Special Message Sent To Senate
-
Thu, 13 May 2021 Senate: Special Message Received From House
-
Thu, 13 May 2021 Senate: Passed 1st Reading
-
Thu, 13 May 2021 Senate: Ref To Com On Rules and Operations of the Senate
Bill Summaries:
-
Bill H 813 (2021-2022)Summary date: May 12 2021 - View Summary
-
Bill H 813 (2021-2022)Summary date: May 4 2021 - View Summary
Amends Chapter 143 of the General Statutes (executive Organization Act of 1973 – establishing and regulating state agencies) by adding Article 84 prohibiting state agencies and local government entities from making payments to or communicating with an entity attacking the agency or local government’s IT system with ransomware, directing agencies or local governments experiencing a ransom request associated with a cyber security attack to consult with the Department of Information Technology (DIT), and defining “local government entity” and “state agency.” Amends GS 143B-1320 (definitions related to DIT) to define “ransomware attack” as a cybersecurity incident where a malicious actor introduces software into an information system that encrypts data and renders the systems that rely on that data unusable, followed by a demand for a ransom payment in exchange for decryption of the affected data. Amends GS 143B-1379(c) (county and municipal government cyber security incident reporting) to make conforming changes. Amends GS 143B-1322(c) to include ransomware attacks in the incidents the Chief Information Officer has the power and duty to coordinate responses to.
House committee substitute to the 1st edition changed the long title. Original title was AN ACT TO PROHIBIT ANY STATE AGENCY, UNIT OF LOCAL GOVERNMENT, OR PUBLIC AUTHORITY FROM PAYING A RANSOM IN CONNECTION WITH A CYBERSECURITY ATTACK AND TO REQUIRE THE REPORTING OF THAT CYBERSECURITY ATTACK TO THE DEPARTMENT OF INFORMATION TECHNOLOGY.