Senate Bill No. 175–Committee on Government Affairs
(On
Behalf of the Department of
Information Technology)
February 20, 2003
____________
Referred to Committee on Government Affairs
SUMMARY—Makes various changes with respect to security of State of Nevada. (BDR 18‑536)
FISCAL NOTE: Effect on Local Government: No.
Effect on the State: No.
~
EXPLANATION
– Matter in bolded italics is new; matter
between brackets [omitted material] is material to be omitted.
Green numbers along left margin indicate location on the printed bill (e.g., 5-15 indicates page 5, line 15).
AN ACT relating to public safety; authorizing the Governor to create an Advisory Committee on Nevada Homeland Security; requiring the Director of the Department of Information Technology to determine the confidentiality of certain records relating to the security of the State; requiring the Governor to prepare an annual report relating to the Advisory Committee and the records determined by the Director to be confidential; and providing other matters properly relating thereto.
THE PEOPLE OF THE STATE OF NEVADA, REPRESENTED IN
SENATE AND ASSEMBLY, DO ENACT AS FOLLOWS:
1-1 Section 1. Chapter 223 of NRS is hereby amended by adding
1-2 thereto the provisions set forth as sections 2 and 3 of this act.
1-3 Sec. 2. 1. The Governor may appoint an Advisory
1-4 Committee on Nevada Homeland Security.
1-5 2. If the Governor appoints such a committee:
1-6 (a) The Governor shall appoint to the Advisory Committee a
1-7 number of members that he determines to be appropriate, except
1-8 that the Advisory Committee must include at least one member
1-9 who is not employed in the field of law enforcement and is not
1-10 otherwise affiliated with the field of law enforcement.
2-1 (b) Notice of all meetings of the Advisory Committee must be
2-2 given in the manner required by chapter 241 of NRS and, except
2-3 as otherwise provided in this paragraph, all meetings of the
2-4 Advisory Committee must be open to the public. The Advisory
2-5 Committee may hold a closed meeting or may close a portion of a
2-6 meeting to:
2-7 (1) Receive security briefings; or
2-8 (2) Discuss matters related to:
2-9 (I) Responding to emergencies;
2-10 (II) Mitigating vulnerability to acts of terrorism; or
2-11 (III) Deficiencies in security as such deficiencies may
2-12 pertain to public services, infrastructure or facilities,
2-13 if the Advisory Committee determines that considering such
2-14 matters in an open meeting would create a substantial likelihood
2-15 of threatening the safety of the general public. The provisions of
2-16 this paragraph do not allow the Advisory Committee to hold a
2-17 closed meeting or to close a portion of a meeting for the purpose
2-18 of making decisions of a financial nature.
2-19 3. As used in this section, “act of terrorism” means any act
2-20 that involves the use or attempted use of sabotage, coercion or
2-21 violence which is intended to:
2-22 (a) Cause great bodily harm or death to the general
2-23 population; or
2-24 (b) Cause substantial destruction, contamination or
2-25 impairment of:
2-26 (1) Any building or infrastructure, communications,
2-27 transportation, utilities or services; or
2-28 (2) Any natural resource or the environment.
2-29 As used in this subsection, “coercion” does not include an act of
2-30 civil disobedience.
2-31 Sec. 3. 1. On or before February 15 of each year, the
2-32 Governor shall:
2-33 (a) Prepare a report setting forth:
2-34 (1) The activities of the Advisory Committee on Nevada
2-35 Homeland Security created pursuant to section 2 of this act, if the
2-36 Governor has created such an Advisory Committee;
2-37 (2) A detailed description of any matters with respect to
2-38 which the Advisory Committee held a closed meeting or closed a
2-39 portion of a meeting, if any, accompanied by an explanation of the
2-40 reasons why the Advisory Committee determined that the meeting
2-41 or portion thereof needed to be closed; and
2-42 (3) A detailed description of each record or portion of a
2-43 record determined to be confidential pursuant to section 4 of this
2-44 act, if any, accompanied by an explanation of why each such
3-1 record or portion of a record was determined to be confidential;
3-2 and
3-3 (b) Submit a copy of the report to the Director of the
3-4 Legislative Counsel Bureau for transmittal to:
3-5 (1) If the Legislature is in session, the standing committees
3-6 of the Legislature which have jurisdiction of the subject matter; or
3-7 (2) If the Legislature is not in session, the Legislative
3-8 Commission.
3-9 2. A report prepared or submitted pursuant to subsection 1
3-10 and the contents of any such report are confidential and not
3-11 subject to inspection by the general public.
3-12 Sec. 4. Chapter 242 of NRS is hereby amended by adding
3-13 thereto a new section to read as follows:
3-14 1. Except as otherwise provided in subsection 3, records and
3-15 portions of records that are assembled, maintained, overseen or
3-16 prepared by the Department to mitigate, prevent or respond to acts
3-17 of terrorism, the public disclosure of which would, in the
3-18 determination of the Director, create a substantial likelihood of
3-19 threatening the safety of the general public are confidential and
3-20 not subject to inspection by the general public to the extent that
3-21 such records and portions of records consist of or include:
3-22 (a) Information regarding the infrastructure and security of
3-23 information systems, including, without limitation:
3-24 (1) Access codes, passwords and programs used to ensure
3-25 the security of an information system;
3-26 (2) Access codes used to ensure the security of software
3-27 applications;
3-28 (3) Procedures and processes used to ensure the security of
3-29 an information system; and
3-30 (4) Plans used to reestablish security and service with
3-31 respect to an information system after security has been breached
3-32 or service has been interrupted.
3-33 (b) Assessments and plans that relate specifically and uniquely
3-34 to the vulnerability of an information system or to the measures
3-35 which will be taken to respond to such vulnerability, including,
3-36 without limitation, any compiled underlying data necessary to
3-37 prepare such assessments and plans.
3-38 (c) The results of tests of the security of an information system,
3-39 insofar as those results reveal specific vulnerabilities relative to
3-40 the information system.
3-41 2. The Director shall maintain or cause to be maintained a
3-42 list of each record or portion of a record that the Director has
3-43 determined to be confidential pursuant to subsection 1. The list
3-44 described in this subsection must be prepared and maintained so
4-1 as to recognize the existence of each such record or portion of a
4-2 record without revealing the contents thereof.
4-3 3. At least once each biennium, the Director shall review the
4-4 list described in subsection 2 and shall, with respect to each record
4-5 or portion of a record that the Director has determined to be
4-6 confidential pursuant to subsection 1:
4-7 (a) Determine that the record or portion of a record remains
4-8 confidential in accordance with the criteria set forth in
4-9 subsection 1;
4-10 (b) Determine that the record or portion of a record is no
4-11 longer confidential in accordance with the criteria set forth in
4-12 subsection 1; or
4-13 (c) If the Director determines that the record or portion of a
4-14 record is obsolete, cause the record or portion of a record to be
4-15 disposed of in the manner described in NRS 239.073 to 239.125,
4-16 inclusive.
4-17 4. As used in this section, “act of terrorism” has the meaning
4-18 ascribed to it in section 2 of this act.
4-19 Sec. 5. This act becomes effective upon passage and approval.
4-20 H