Bill would require cybersecurity plans for Nevada infrastructure
CARSON CITY — A proposal in the Nevada Legislature would require cybersecurity plans for all critical infrastructure in the state.
Senate Bill 395 would require a cybersecurity plan for public and private systems and facilities such as those for utilities and telecommunications.
Under the bill, owners of what the state deems critical infrastructure would need to disclose significant cybersecurity incidents to Nevada Commission on Homeland Security officials. The proposal comes amid an increased awareness of cyberthreats in Nevada and nationwide.
“This bill is really about starting the conversation to help us recognize cybersecurity risks,” a bill sponsor, state Sen. Pat Spearman, D-North Las Vegas, told the Senate Government Affairs Committee on Wednesday.
Reggie Richardson, president of the defense contractor Sapphire Innovative Solutions, presented the bill with Spearman.
“We can’t just walk away because I don’t think that’s the answer,” Richardson said.
The bill has safeguards intended to prevent the state from disclosing proprietary and confidential information about a critical infrastructure system. Nevertheless, telecommunication companies testified in opposition to the bill.
“As a company, we shouldn’t have to turn over our proprietary information to a third party we know nothing about,” said John Lopez, a lobbyist with Cox Communications.
He stressed the company takes privacy and cybersecurity seriously. He also suggested lawmakers look at a way to change the composition of the homeland security commission so it has a representative from the cable industry.
Randy Robison, a lobbyist with CenturyLink, raised concerns about a bill provision that allows the commission to issue a “public statement” if a critical infrastructure is at risk of a successful cyberattack. He said that puts a target on a system’s back.
“Let that sink in for a minute,” he said. “You can guess some of the security implications of that.”
Spearman has proposed an amendment to the bill intended to address some of those concerns. It makes all cybersecurity plans confidential. The initial form of the bill makes public summaries of plans.
The committee took no action on the bill Wednesday.
Contact Ben Botkin at bbotkin@reviewjournal.com or 775-461-0661. Follow @BenBotkin1 on Twitter.