The state’s casinos will be required to protect their customers, employees and themselves against computer cyberattacks, following the unanimous approval of an amendment to regulations by the Nevada Gaming Commission Thursday.
The amended regulation, which takes effect Jan. 1, gives the state’s more than 400 nonrestricted casino operators a year to develop risk assessment plans that will have to be updated at least annually and directs operators on how they must report any cyberattacks to regulators.
Representatives of the Nevada Resorts Association and the Association of Gaming Equipment Manufacturers attended Thursday’s meeting and voiced no objections to the new regulation, which had public hearings in the fall.
Most major casinos have ample security built into their data systems to prevent data breaches, but resorts are occasional targets of hackers and cyberthieves.
The former Hard Rock Hotel, now Virgin Hotels Las Vegas, reported a data breach in 2015 and alerted customers to check their credit card statements for a seven-month period from Sept. 3, 2014 to April 2, 2015.
The regulation gives broad latitude to how casino operators as well as licensed operators of sportsbooks protect themselves, saying they must develop “the cybersecurity best practices it deems appropriate.”
After performing an initial risk assessment, each licensee “shall continue to monitor and evaluate cybersecurity risks to its business operation on an ongoing basis and shall modify its cybersecurity best practices and risk assessments as it deems appropriate.”
If there’s a cyberattack that results in a data breach, licensees will be required to notify the Nevada Gaming Control Board within 72 hours. They’ll be required to explain the root cause of the cyberattack, the extent of the attack and any actions taken or planned to be taken to prevent similar events from occurring.
Virginia Valentine, president of the Nevada Resorts Association, said she and several of the association’s membership attended previous public meetings involving discussions of the proposed regulations and their comments at those meetings were incorporated into the amended regulation.
She said she had no further comment on the amendment.
Daron Dorsey, executive director of the Association of Gaming Equipment Manufacturers, did not address the commission, but his organization sent a Nov. 21 letter to the commission outlining eight suggested revisions to the regulation that were incorporated into the final document. Most of the suggestions were clarifications to stated policies.
Shelley Berkley licensed
A former Nevada congresswoman received a restricted gaming license Thursday to operate five slot machines at a restaurant.
Shelley Berkley, who served as a member of the U.S. House of Representatives from Nevada’s 1st District from 1999 through 2013 and was an unsuccessful candidate for Senate in 2012, won unanimous approval for a gaming license at L2 Texas BBQ on East Warm Springs Road in Las Vegas.
Berkley and her husband, Lawrence Lehrner, are both 49 percent owners of Texas Meltz LLC, which operates the restaurants. They both were licensed as board members and managers.
Commissioners congratulated her and thanked her for her political contributions and said the couple had spotless background checks.
The Nevada Gaming Control Board required Berkley to complete a regulatory compliance seminar for restricted licensees — which, she told commissioners, she already completed.