(a)  The governor shall establish a cybersecurity incident response group, which shall include the superintendent of the Rhode Island state police, or designee; the adjutant general of the Rhode Island national guard, or designee; the director of the Rhode Island division of information technology, or designee; the director of the Rhode Island emergency management agency, or designee; the executive director of the Rhode Island League of Cities and Towns, or designee; and the secretary of state, or designee.

Ask a legal question, get an answer ASAP!
Click here to chat with a lawyer about your rights.

(b)  The cybersecurity incident response group shall:

(1)  Establish communication protocols in the event of a breach of cybersecurity in any agency or public body. The protocols shall include, but not be limited to:

(i)  A list of potential cybersecurity breaches that would require reporting;

(ii)  State and local entities covered within the communication plan;

(iii)  Mechanisms to communicate a cybersecurity breach in a timely manner to members of the public and other relevant parties who may be affected by the breach; and

(iv)  Primary contact at each agency or public body.

(c)  The cybersecurity incident response group shall also establish long-term policy planning and goals for the state and municipalities regarding evolving cybersecurity threats and how to address them in a coordinated manner.

(d)  The cybersecurity incident response group shall be subject to chapter 46 of this title (open meetings) and chapter 2 of Title 38 (access to public records).

History of Section.
P.L. 2022, ch. 59, § 3, effective June 15, 2022; P.L. 2022, ch. 60, § 3, effective June 15, 2022.