New Hampshire will soon have a better idea of the cybersecurity threats facing its municipalities and the state, after Gov. Chris Sununu signed a law to mandate immediate reporting by all municipalities of cyber security attacks.
The bill, House Bill 1277, mandates towns and cities to report all occurrences of cybersecurity attacks to the state’s Department of Information Technology as soon as they occur. Advocates say the sooner the crimes are reported, the easier the state can mitigate the threat of these to the state and help municipalities navigate damage to their electronic systems.
Once seen as trivial , cybersecurity threats and malware attacks have grown increasingly sophisticated and hard to identify. While all state employees are mandated to take cybersecurity training, without federal funding, municipal employees can’t access the same instruction , Denis Goulet, commissioner of the New Hampshire Department of Information Technology, said last year.
The department has already devoted a section of its website to cybersecurity literacy, which includes a link to report cybersecurity incidents with the New Hampshire Information and Analysis Center. It is unclear if it would set up a new reporting system based off of the new law.
Between 2020 and 2021, the number of reported cybersecurity incidents nearly doubled, Goulet told lawmakers in March. In August 2021, Peterborough received national attention for being the subject of two separate cybersecurity attacks that stole $2.3 million dollars of town funds.
New Hampshire municipalities have been dealing with increasing cybersecurity threats for the past two years, with increases since the beginning of the Russo-Ukrainian War.
Sponsored by Rep. Peter Somssich, a Portsmouth Democrat, the bill was adopted by the House and Senate with unanimous voice votes.
This story was written by Talia Heisey, a New Hampshire Bulletin’s newsroom intern, where this story first appeared.