(The Center Square) - Nevada legislators passed a sweeping bill, which took effect Nov. 18, to prevent the next state cyberattack. Experts recently explain what the bill means for Nevada’s future online safety.

After the 2025 cyberattack, the Legislature passed Assembly Bill 1 during last fall's special session to expand the state’s cybersecurity efforts. It includes plans to expand the cybersecurity workforce and centralize the state’s online defenses.

“Cybersecurity is always a war between the attacks and defenders – all this effort is just raising the bar,” Yoohwan Kim, told The Center Square. “It's never perfect, but it's a good approach. If we don't raise the bar, there will be more attacks, so we make it more difficult to attack us.”

With AB1, the thinking is, Nevada will elevate itself to the next level in cybersecurity. A handful of other U.S. states have introduced similar measures in recent years, many in an effort to centralize cyber defenses and thwart attacks more quickly.

The attackers from 2025 have never been publicly identified by the Nevada state government, but experts from the University of Nevada, Las Vegas, said it was unlikely to have been a targeted attack.

“It could be just low hanging fruit, [where] they send out the attack everywhere, whoever it catches will become the victim,” said Kim.

“They didn't care [who they attacked], as long as they can grab some value from the data - like a social security number or a bank account, they don't care," Kim added later.

The Nevada state government first found the cyberattack in August, but it likely began in May with an accidental ransomware download by a state employee, as per the state.

“In most data breaches, the average case takes 180 days to even notice that there is a data breach in the system,” UNLV computer science Professor Ju-Yeon Jo told The Center Square.

Nevada’s 2025 hack, by comparison, was sniffed out in less than 90 days.

While the attack was widespread, much of the immediate impact did not come directly from the attackers, but from how the Nevada government handled the hack. The weeks-long closure of the DMV website and some of the department’s functions, for example, was ordered by the state in an effort to root out the issue.

“ From the very beginning, I have been clear our top priority is restoring services that Nevadans depend on every day. That has not changed,” Gov. Joe Lombardo said in a news conference during the cyberattack.

“This kind of recovery is never easy," the Republican governor said. "It requires patience, precision and constant vigilance. But I want Nevadans to know we are making real headway, and every day brings us closer to full restoration.”

The UNLV experts said that despite the weeks-long process to return state services, they thought Nevada did a good job responding to the attack.

“If you're flying and there’s a problem in the engine of the plane, would you rather land at the nearest airport and have the mechanic come and fix it?” said Greg Moody, director of cybersecurity programs at the UNLV.

“Or do you rather say, ‘Hey, there's a mechanic on the plane, let's strap 'em onto the wing of the plane and have them fix it while we're still flying?” Moody told The Center Square.

“The safest way to stop the issue was to do a full system check,” added Moody. “The best way to make sure that stops happening is to just cut off all access.”

Legislators say local attacks, which the UNLV experts said happen all the time, would be dealt with more systematically under AB1’s proposed changes. Currently, data across Nevada cities, counties and the state are kept separate from each other and managed by their different agencies. Cyber threats are also reported locally, which the state is looking to change with the Security Operations Center.

The SOC would be a center to run various local and state data through to be combed for potential threats.

“If they're getting weird signals or information that someone's trying to engage in an attack against them, rather than informally sharing it through networks, discords, emails or phone calls, we'd have a formalized process where they can share such data,” said Moody. “Then they would alert other agencies saying, ‘Someone's running this attack against me, they might run it against you’, so it makes for a better response.”

AB1 also outlined plans to create a Cybersecurity Talent Pipeline Program to train future cybersecurity workers in the state and build out the workforce to fight future attacks. The UNLV experts said it was still unclear how the state would employ this program. They added that they were working with the government to encourage training for applied knowledge beyond textbooks.

“We provide some student manpower that can be mentored by some of the state workers so they can start working in cyber during their pathway,” said Moody. “Much like you have a medical student who works in a hospital before they finish their medical program.”

The UNLV experts did not say when Nevadans would likely first see AB1 in action, stressing that some of the processes could take a while to get under way.

One element of cybersecurity that is already well underway is the use of artificial intelligence. AI has become synonymous with cybersecurity, according to the UNLV experts.

“It's already happening, AI tools are used by hackers, but also the defenders,” said Jo. “We already use AI tools and then those tools save a lot of money, like a few million dollars per data breach case.”

Unlike many other university departments, UNLV computer science already offers around 10 AI and machine learning courses.

“We love AI,” said Moody.

Nevada’s statewide cybersecurity in 2025 was the biggest in the state’s history and could have compromised data for millions of residents. Fortunately, the state said, the issue was fully contained. But the UNLV experts warned next time could come with much more serious consequences – from altered voting data to mass credit card data theft.

“It was an unwelcome incident, but it creates some cultures, and it is a kind of a warning sign for a lot worse cases,” said Jo.