Nevada regulator eyes strengthened cybersecurity standards
NGCB issues amendment to existing Silver State regulations as DDoS and other attacks increase
The Nevada Gaming Control Board (NGCB) has called on licensed operators to take all appropriate steps to protect themselves from cyberattacks, deeming them a “critical” threat in the Silver State.
The comments come after the regulator, which primarily works to protect the stability of the Nevada market through licensing, regulation, investigation, and enforcement, held a workshop on proposed amendments to existing laws increasing the demands on operators.
The object of the workshop was to draft an amendment to regulation 5, which governs the operation of all gaming establishments in Nevada.
The aim of the amendment, as defined by the NGCB, is to stress the importance of taking “necessary steps” to protect operator systems from cyberattacks by making those steps a requirement of legislation.
Under the amendment, operators would be required to perform annual risk assessments to determine what best practices are necessary to mitigate the risk of cyberattacks and impose these standards across their respective businesses.
Operators would also be required to review and verify compliance with regulation as well as maintain all records for five years and make them available to NGCB upon request.
So-called ‘covered entities’ (operators) must also annually attest to the performance of their respective risk assessments, and take additional requisite actions should that assessment not be in compliance with state laws.
Regulation 5 would also require licensees to inform the NGCB of any cyberattack on their information systems within 72 hours.
If approved, the changes would become effective for all Nevada-licensed operators by January 1, 2023.
Entities responding to the proposals as part of the workshop meeting included IGT, Boyd Gaming and local casino operator, South Point Casino.
The NGCB has committed to holding another workshop meeting on October 20 to further the passage of these changes.
This comes amid an increase in cyberattacks across both the land-based and online sector, with PokerStars the most recent online operator targeted by hackers.