Measure is latest bid by state to fend off growing threats

New Hampshire will soon have a better idea of the cybersecurity threats facing its municipalities and the state, after Gov. Chris Sununu signed a law to mandate immediate reporting by all municipalities of cybersecurity attacks.

House Bill 1277 mandates towns and cities to report all occurrences of cybersecurity attacks to the state Department of Information Technology as soon as they occur. Advocates say the sooner the crimes are reported, the easier the state can mitigate the threat of these to the state and help municipalities navigate damage to their electronic systems.

Cybersecurity threats and malware attacks have grown increasingly sophisticated and hard to identify. While all state employees are mandated to take cybersecurity training, without federal funding, municipal employees can’t access the same instruction, Denis Goulet, commissioner of the New Hampshire Department of Information Technology, said last year.

The department has already devoted a section of its website to cybersecurity literacy, which includes a link to report cybersecurity incidents with the New Hampshire Information and Analysis Center.

It is unclear if it would set up a new reporting system based off of the new law.

Between 2020 and 2021, the number of reported cybersecurity incidents nearly doubled, Goulet told lawmakers in March. In August 2021, Peterborough received national attention for being the subject of two separate cybersecurity attacks that stole $2.3 million dollars of town funds.

New Hampshire municipalities have been dealing with increasing cybersecurity threats for the past two years, with increases since the beginning of the Russo-Ukrainian War.

Sponsored by Rep. Peter Somssich, a Portsmouth Democrat, the bill was adopted by the House and Senate with unanimous voice votes. — TALIA HEISEY/NEW HAMPSHIRE BULLETIN