New law aims to help fight cyberattacks

Indianapolis (July 1, 2021) ­‑ During the recently concluded Indiana General Assembly, legislators unanimously passed HEA 1169, a law that goes into effect today, which requires all political subdivisions and state agencies to report cybersecurity incidents to the Indiana Office of Technology (IOT).

“Citizen and business data is at risk due to cybercriminals and constant cyberattacks. The level and number of attacks is increasing in the public sector at an alarming rate,” said Indiana Chief Information Officer Tracy Barnes. “This law allows IOT to track the attacks, but most importantly share information across government in Indiana for increased awareness and protection. While this will not stop attacks, it will give us understanding to the types of attacks that are being made. That, in turn, will give us the ability to go on the offense and proactively warn others and to recommend precautions.”

Under the law, only the most severe types of attacks must be reported, including:

• Ransomware
• Business Email Compromise
• Vulnerability Exploitation
• Zero-day exploitation
• Distributed Denial of Service
• Website defacement

Definitions of these are available at https://www.in.gov/cybersecurity/in-isac/cyber-incident-reporting-law/.

More information, including how to report cybersecurity incidents is available at https://on.in.gov/1169