New laws on information technology, cybersecurity go into effect in Virginia

Posted at 2:42 PM, Jul 01, 2022
and last updated 2022-07-01 14:42:44-04

Starting July 1, 2022, new state laws take effect in Virginia.

Among the new laws are two that impact information technology and cybersecurity in the Commonwealth of Virginia.

The first piece of legislation will expand the requirements for public bodies when it comes to reporting cybersecurity incidents. As of July 1, every state and local public body must report all incidents that threaten the security of the Commonwealth's data or communications, result in exposure of data protected by federal or state laws or compromise the security of the public entity or agency's IT systems with the potential to cause major disruption to normal activities.

These reports must be made to the Virginia Fusion Intelligence Center within 24 hours of discovering an incident.

Additionally, the legislation requires the Chief Information Officer (CIO) of the Commonwealth to convene a workgroup of state and local stakeholders.

The workgroup, which started meeting in May, is reviewing current cybersecurity reporting and information-sharing practices and will make recommendations on best practices regarding such reports.

The second piece of legislation will transform the Information Technology Advisory Council into a body with members from the private sector as well as legislators, increases the number of council members and adds cybersecurity to the ITAC's advisory area.

The council is expected to begin meeting later this year.

“Cybersecurity is a priority of critical importance for the Commonwealth of Virginia, as is focused coordination of government of all levels and entities,” said Deputy Secretary of Cybersecurity of the Commonwealth Aliscia Andrews. “The implementation of this legislation provides a golden opportunity for us to connect, learn about our collective strengths and be ready to respond.”

“Last year, we reported over 66 million cyberattack attempts on our systems in the Commonwealth. That’s a rate of 2.12 attacks every second,” said CIO of the Commonwealth Robert Osmond. “When we see the intensity and sophistication with which cyber attackers are carrying out these threats, we know that we need every resource available to strengthen our cybersecurity infrastructure. VITA looks forward to collaborating with our partners to help keep all our systems, ways of conducting business and, ultimately, our services and our people, safe.”