Citizen Portal
Sign In

Nevada officials outline recovery from statewide cyber incident and plans for beefed-up defenses

5960224 · October 17, 2025

Get AI-powered insights, summaries, and transcripts

Subscribe
AI-Generated Content: All content on this page was generated by AI to highlight key points from the meeting. For complete details and context, we recommend watching the full video. so we can fix them.

Summary

State IT leaders told the Interim Finance Committee on Oct. 16 that the executive branch contained a major cybersecurity incident, are finishing an after-action review and will seek recurring and one-time investments to build a statewide security operations capability and improve policies, tooling and staffing.

Nevada’s chief information officers and security leaders briefed the Interim Finance Committee on Oct. 16 about a recent cybersecurity incident that affected executive-branch systems and prompted a broad recovery effort. The Office of Information Security and Cyber Defense (OISCD), Governor’s Technology Office and affiliated state IT teams said the incident was detected early, contained and triaged; details remain under a privileged investigation while a public after-action report is prepared.

State CIO Timothy Galuzzi and OISCD deputy Adam Miller described technical and policy work already under way: restoring services, using cyber liability insurance to cover direct costs, procuring vendor incident-response help, and standing up a two-month “hypercare” support window after the next enterprise system go‑live. Galuzzi said the state maintains approximately $7 million in cyber insurance for the incident’s direct expenses and that costs to date appear within that coverage.

Committee members asked about statewide security maturity and whether a dedicated statewide Security Operations Center (SOC) or long-range investment would have prevented the incident; IT leaders said more resources help but cannot guarantee prevention, and outlined a phased approach that combines federal grant opportunities, state funding requests and tighter coordination across agencies. OISCD also reported a short-term funded work program (approved earlier by the committee) to add staff support and to contract for a top‑down review of policies, incident response and governance.

Officials said an after-action review is being prepared with the intent to publish what can be shared publicly; some sensitive material will remain confidential while law‑enforcement and forensic activities continue. The committee pressed for regular updates and clearer timelines for follow-up funding requests. State IT leaders committed to return to IFC with progress reports and to coordinate any proposed budget items with the Governor’s Finance Office and LCB.