a. Within 120 days after the effective date of this act, 1 each water purveyor shall develop a cybersecurity program, in accordance with requirements
established by the board, that defines and implements organization accountabilities
and responsibilities for cyber risk management activities, and establishes policies,
plans, processes, and procedures for identifying and mitigating cyber risk to its
public water system. As part of the program, a water purveyor shall conduct risk assessments and implement
appropriate controls to mitigate identified risks to the public water system, maintain
situational awareness of cyber threats and vulnerabilities to the public water system,
and create and exercise incident response and recovery plans.
A copy of the program developed pursuant to this subsection shall be provided to the
New Jersey Cybersecurity and Communications Integration Cell, established pursuant
to Executive Order No. 178 (2015) in the New Jersey Office of Homeland Security and
b. Within 60 days after developing the program required pursuant to subsection a.
of this section, each water purveyor shall join the New Jersey Cybersecurity and Communications
Integration Cell, established pursuant to Executive Order No. 178 (2015), and create
a cybersecurity incident reporting process.
c. A water purveyor that does not have an internet-connected control system shall
be exempt from the requirements of this section.
FindLaw Codes may not reflect the most recent version of the law in your jurisdiction. Please verify the status of the code you are researching with the state legislature or via Westlaw before relying on it for your legal needs.
Was this helpful?
Response sent, thank you
Welcome to FindLaw's Cases & Codes
A free source of state and federal court opinions, state laws, and the United States Code. For more information about the legal concepts addressed by these cases and statutes, visit FindLaw's Learn About the Law.