COMMONWEALTH OF VIRGINIA
Richmond, VA 23225
(804) 510-7300TDD VOICE -TEL. NO. 711
Lindsay LeGrand, APR
Director of Communications
804-801-8310
lindsay.legrand@vita.virginia.gov
For immediate release
New information technology and cybersecurity legislation goes into effect in Virginia on July 1, 2022
Starting today, July 1, 2022, new state laws take effect that impact information technology (IT) and cybersecurity in the Commonwealth of Virginia. The first piece of legislation expands the requirements for public bodies when it comes to reporting cybersecurity incidents. As of July 1, every state and local public body must report to the Virginia Fusion Intelligence Center all incidents that:
- Threaten the security of the Commonwealth’s data or communications;
- Result in exposure of data protected by federal or state laws; or
- Compromise the security of the public entity or agency’s IT systems with the potential to cause major disruption to normal activities.
These reports must be made within 24 hours of discovering an incident.
Additionally, the legislation requires the Chief Information Officer (CIO) of the Commonwealth to convene a workgroup of state and local stakeholders. The workgroup, which started meeting in May, is reviewing current cybersecurity reporting and information-sharing practices and will make recommendations on best practices regarding such reports.
“Cybersecurity is a priority of critical importance for the Commonwealth of Virginia, as is focused coordination of government of all levels and entities,” said Deputy Secretary of Cybersecurity of the Commonwealth Aliscia Andrews. “The implementation of this legislation provides a golden opportunity for us to connect, learn about our collective strengths and be ready to respond.”
“Last year, we reported over 66 million cyberattack attempts on our systems in the Commonwealth. That’s a rate of 2.12 attacks every second,” said CIO of the Commonwealth Robert Osmond. “When we see the intensity and sophistication with which cyber attackers are carrying out these threats, we know that we need every resource available to strengthen our cybersecurity infrastructure. VITA looks forward to collaborating with our partners to help keep all our systems, ways of conducting business and, ultimately, our services and our people, safe.”
The second piece of legislation transforms the Information Technology Advisory Council (ITAC) into a body with members from the private sector as well as legislators, increases the number of council members, and adds cybersecurity to the ITAC’s advisory area. Member appointments to the new ITAC should be completed soon, and the council is expected to begin meeting later this year.
For more information about VITA and its mission, visit VITA's website.
###
About the Virginia Information Technologies Agency (VITA)
VITA is the commonwealth's consolidated technology services and solutions provider responsible for the operation of the state's technology infrastructure, governance, security and oversight of major IT projects, and procurement of technology-related goods and services on behalf of state and local governments. www.vita.virginia.gov
AN EQUAL OPPORTUNITY EMPLOYER