NC S394

Establishes the Legislative Cybersecurity Committee (LCC) consisting of 12 members: 6 senators appointed by the President Pro Tempore and 6 House members appointed by the Speaker, serving two-year terms beginning in odd-numbered years.

Charges the committee with examining state agency cybersecurity practices and making recommendations to improve effectiveness of the state's cybersecurity and data loss prevention measures, including monitoring IT security incidents, reviewing budget compliance, and identifying opportunities for agency coordination.

Requires committee members to execute nondisclosure agreements upon appointment; willful or intentional disclosure of covered information constitutes a Class I felony, and disclosure grounds removal from the committee.

Permits the committee to conduct closed sessions when discussing sensitive cybersecurity information, security incidents, prevention measures, and budgetary items; all records from closed sessions are subject to nondisclosure provisions and are not public records.

Requires the State Chief Information Officer to report to the committee at least quarterly on cyber attacks, data breaches, quantifiable losses, cybersecurity issues, prevention steps taken, and legislative recommendations.