2020 New Jersey Revised Statutes
Title 58 - Waters and Water Supply
Section 58:31-4 - Development of cybersecurity system; exemptions.
58:31-4 Development of cybersecurity system; exemptions.
4. a. Within 120 days after the effective date of this act, each water purveyor shall develop a cybersecurity program, in accordance with requirements established by the board, that defines and implements organization accountabilities and responsibilities for cyber risk management activities, and establishes policies, plans, processes, and procedures for identifying and mitigating cyber risk to its public water system. As part of the program, a water purveyor shall conduct risk assessments and implement appropriate controls to mitigate identified risks to the public water system, maintain situational awareness of cyber threats and vulnerabilities to the public water system, and create and exercise incident response and recovery plans.
A copy of the program developed pursuant to this subsection shall be provided to the New Jersey Cybersecurity and Communications Integration Cell, established pursuant to Executive Order No. 178 (2015) in the New Jersey Office of Homeland Security and Preparedness.
b. Within 60 days after developing the program required pursuant to subsection a. of this section, each water purveyor shall join the New Jersey Cybersecurity and Communications Integration Cell, established pursuant to Executive Order No. 178 (2015), and create a cybersecurity incident reporting process.
c. A water purveyor that does not have an internet-connected control system shall be exempt from the requirements of this section.
L.2017, c.133, s.4.