RICHMOND – Effective today, July 1, 2022, new state laws affecting information technology (IT) and cybersecurity in the Commonwealth of Virginia come into effect. The first law expands the requirements for public bodies when reporting cybersecurity incidents. Beginning July 1, every state and local government entity must report to the Virginia Fusion Intelligence Center all incidents that:
• threaten the security of Commonwealth data or communications;
• result in the disclosure of information protected by federal or state law; or
• Compromise the security of the public institution’s or agency’s IT systems, with the potential to significantly disrupt normal activities.
These reports must be made within 24 hours of the discovery of an incident.
In addition, legislation requires the Commonwealth’s Chief Information Officer (CIO) to convene a working group of state and local stakeholders. The working group, which began its meeting in May, is reviewing current practices on cybersecurity reporting and information sharing and will make recommendations on best practices in relation to such reporting.
“Cybersecurity is a critical priority for the Commonwealth of Virginia, as is the targeted coordination of government at all levels and entities,” said Commonwealth Assistant Secretary for Cybersecurity Aliscia Andrews. “The implementation of this legislation provides us with a unique opportunity to network, learn about our shared strengths and be ready to act on them.”
“Last year we reported over 66 million cyberattack attempts on our systems in the Commonwealth. That’s a rate of 2.12 attacks per second,” said Robert Osmond, CIO of the Commonwealth. “When we see the intensity and sophistication with which cyber attackers are executing these threats, we know that we need every available resource to strengthen our cybersecurity infrastructure. VITA looks forward to working with our partners to help ensure all of our systems, business methods and ultimately our services and our people remain secure.”
That second law transforms the Information Technology Advisory Council (ITAC) into a body with members from the private sector and lawmakers, increases the number of council members and expands ITAC’s advisory scope to include cybersecurity. Appointments of members for the new ITAC should be completed soon and the Council is expected to meet later this year.
More information about VITA and its mission can be found at Visit the VITA website.
TVirginia’s IT agency is proud to serve the Commonwealth’s 65 law enforcement agencies, a workforce of 55,000 government employees and 8.6 million Virginians. VITA connects Virginians to critical government services through information and innovation technology, infrastructure, cybersecurity and governance.