Executive Summary
- The Nevada Legislature unanimously passed Assembly Bill 1 to formally establish a statewide Security Operations Center (SOC).
- The bill, which awaits the governor’s signature, comes in response to a significant cyber incident in August that disrupted state services.
- AB 1 mandates the creation of a Cybersecurity Talent Pipeline Program in collaboration with the state’s higher education system to address workforce needs.
- The legislation provides a formal structure, funding mechanism, and annual reporting requirements for the new SOC.
The Nevada Legislature has passed Assembly Bill 1, a significant piece of cybersecurity legislation designed to formally establish a statewide Security Operations Center (SOC) and bolster the state’s cyber workforce. The bill, which received unanimous approval in both legislative houses, now awaits the signature of Governor Joe Lombardo. This legislative action follows a major cyber incident in August that disrupted state government operations.
Key Provisions of Assembly Bill 1
Assembly Bill 1 codifies the duties of the Security Operations Center, placing it within the Governor’s Technology Office under the new Office of Information Security and Cyber Defense (OISCD). The legislation establishes a dedicated financial account and funding process for the SOC, and it mandates an annual report on the center’s effectiveness. The bill also authorizes school districts to utilize the services and equipment of the Governor’s Technology Office, promoting a more unified statewide defense.
A central component of the bill is the development of the state’s cyber talent. It directs the SOC, contingent on funding, to create a Cybersecurity Talent Pipeline Program. This initiative will be a collaboration with the Nevada System of Higher Education aimed at supporting students pursuing careers in computer science and cybersecurity, addressing critical workforce shortages in the sector.
Response to Recent Cyber Attacks
The push for this legislation was underscored by a security breach in August, during which unauthorized actors stole data from the state’s network. The incident caused significant disruptions, making state websites, services, and phone lines intermittently unavailable for approximately three weeks. State CIO Timothy Galluzi highlighted the new bill’s role in fostering “unprecedented collaboration among state, local, K-12, higher education, and all governmental entities within Nevada.”
The bill represents a formal legislative response to evolving cyber threats, aiming to centralize and strengthen Nevada’s cybersecurity infrastructure. By establishing a clear framework for the SOC and investing in a future workforce, the state is taking concrete steps to prevent and manage future incidents.