Nevada casinos must protect customers, employees and the casinos themselves from computer cyberattacks after the Nevada Gaming Commission unanimously approved a rule amendment on Thursday.
A revised rule, effective Jan. 1, will allow more than 400 unrestricted casino operators in the state to develop risk assessment plans that must be updated at least annually to report cyberattacks to regulators. Instruct the operator how to
Representatives from the Nevada Resorts Association and the Association of Gaming Equipment Manufacturers attended Thursday’s meeting and did not contest the new rules, which were heard in the fall.
Most major casinos have enough security built into their data systems to prevent data breaches, but resorts can become targets for hackers and cyber thieves.
The former Hard Rock Hotel (now Virgin Hotels Las Vegas) reported a data breach in 2015 and ordered customers to review their credit card statements for seven months from September 3, 2014 to April 2, 2015. warned.
The regulation gives casino operators and sportsbook licensed operators a wide range of latitude on how to protect themselves, requiring them to develop “cybersecurity best practices they deem appropriate.” says that there is
After conducting an initial risk assessment, each Licensee shall “continue to monitor and assess cybersecurity risks to its business operations and revise its cybersecurity best practices and risk assessments as deemed appropriate. ”
Licensee must notify the Nevada Gaming Control Board within 72 hours of any cyber-attack leading to a data breach. They should describe the root cause of the cyberattack, the scope of the attack, and the actions taken or planned to prevent similar events from occurring.
Virginia Valentine, president of the Nevada Resorts Association, said she and some of the association’s members had attended previous public meetings that included discussions of the proposed rules, and their comments at those meetings were based on the revised rules. was incorporated into
She said she had no further comments on the proposed amendment.
Daron Dorsey, executive director of the Gaming Equipment Manufacturers Association, did not address the committee. Most of the suggestions were clarifications of the prescribed policy.