GA House Bill 156
Cyber Incident Reporting
On March 25, 2021, Governor Brian Kemp signed Georgia House Bill (HB) 156 into law. HB 156 facilitates the sharing of information related to cyberattacks on state government entities. Additionally, a reporting mandate states that all governmental agencies and utilities must "report any cyberattacks to the director of emergency management and homeland security." Language from the bill's summary is below:
A bill to be entitled an act to amend titles 38 and 50 of the official code of Georgia annotated, relating to military, emergency management, and veterans affairs and state government, respectively, so as to facilitate the sharing of information and reporting of cyberattacks; to require governmental agencies and utilities to report any cyberattacks to the director of emergency management and homeland security; to provide for definitions; to provide for the director to promulgate certain rules and regulations; to provide for proceedings related to cybersecurity to be held in executive session; to provide for certain information, data, and reports related to cybersecurity and cyberattacks to be exempt from public disclosure and inspection; to provide for related matters; to provide for an effective date; to repeal conflicting laws; and for other purposes.
A PDF version of the bill is below:
How to report cyberattacks
All cyber incidents, including incidents and data breaches impacting on-premises or cloud architecture and third party managed applications, categorized as severity 1, critical business high impact (no availability), or severity 2, critical business medium impact (some, not all, critical systems are available), must be reported within one hour
For state government entities
Any executive, judicial, or legislative branch entity and any department, agency, board, bureau, office, commission, public corporation, and authority thereof should report incidents to the state of Georgia service desk at 1 (877) 482-3233.
For local government entities
Every county, municipal corporation, school district, or other political subdivision of the state should contact their local emergency management agency (EMA).