Assembly committee hears proposal to create statewide security operations center to monitor cyber threats

Assemblymember Toby Yurek introduced Assembly Bill 432 on behalf of the executive branch, saying the bill would create a statewide Security Operations Center (SOC) under the Office of the Chief Information Officer to provide 24/7 cyber threat monitoring, coordinate incident response, and support school districts and local governments.

The bill sponsor, Assemblymember Toby Yurek, said, “Cybercrime is not some abstract threat anymore.” He described the SOC as a centralized mechanism to scale existing state cybersecurity efforts, provide a talent pipeline for students and authorize the CIO to apply for federal grant funds to stand up and sustain the center.

AB432 would: establish a SOC within the Office of the Chief Information Officer (OCIO); authorize pursuit of federal grant funding and require annual reporting; create a cybersecurity talent pipeline program with Nevada System of Higher Education partners; extend SOC services to school districts and local governments on an opt‑in basis; and add limited protections for cybersecurity incident details from public disclosure where release would increase risk.

Timothy Galluzzi, Nevada’s state chief information officer, told the committee Nevada lacks centralized cybersecurity oversight and described recent incidents in other jurisdictions as examples of the cost of fragmentation. He said his office analyzed “over 298,000,000,000 network logs” in FY24, reviewed “over 241,000 incidents” and validated “17,304” as legitimate threats, and that the SOC would scale that work statewide.

Administrator Adam Miller of the Office of Cyber Defense Coordination explained how the SOC would operate in practice and offered an analogy: “a helpful analogy too is thinking of this like a post office…They'll scan that mail…But they won't actually physically open the mail and read the letter inside,” describing SOC work as monitoring infrastructure logs rather than reading private content.

Committee members pressed for specifics across multiple areas: whether nonexecutive agencies would be required or permitted to participate (Galluzzi said executive branch agencies would be required to use the SOC while county, city and school districts would be able to opt in); whether the SOC would create a “master key” to access data (Galluzzi and Miller denied that, citing encryption and “least privilege” principles); how the state would fund and staff the SOC (presenters said initial operations could be virtual and vendor‑supported, with federal grants and a rate structure for participating agencies to sustain the program); and whether student communications or other content would be monitored (presenters said the SOC would monitor network and infrastructure logs, not the content of communications).

Local governments, higher education institutions and business groups testified in support. Clark County CIO Ashley Kennedy supported the bill and noted the opt‑in structure allows planning and budgeting. The Vegas Chamber’s director of government affairs, Nick Schneider, and representatives from the University of Nevada, Reno, UNLV and the Nevada System of Higher Education described workforce and training benefits. The city of Las Vegas and other municipal representatives also spoke in favor, citing mutual vulnerability when one jurisdiction is weaker than others.

One caller, Al Rojas, testified in opposition and said the presenters lacked a formal technical specification to define boundaries and accountability; he urged clearer product specifications and accountability mechanisms. No committee vote was recorded during the hearing.

The committee closed the AB432 hearing after public testimony and moved on to the next bill.