New York Governor Kathy Hochul has announced a comprehensive cybersecurity strategy aimed at safeguarding the state’s digital and critical infrastructure. With an allocation of $600 million, this initiative is considered New York’s first-ever statewide cybersecurity strategy and is designed to set ambitious goals for cybersecurity and resilience.
The strategy, outlined in a summary document, aims to centralize cybersecurity services across the state and provide access to information tools and services. Additionally, it establishes a framework for partnerships with the public sector and nonprofit organizations in order to enhance collaboration and cooperation in the field of cybersecurity.
Governor Hochul, who assumed office in August 2021 following the resignation of her predecessor Andrew Cuomo, has been prioritizing the improvement of New York’s cybersecurity and resilience posture since the beginning of her administration. She cited last year’s ransomware attack on Suffolk County’s government, which resulted in critical services being disrupted for months, as a motivation to take strong action.
In a briefing held at NYU Tatum School of Engineering, Governor Hochul emphasized the alarming increase in cybercrime targeting the US and New York’s critical industrial and financial infrastructure. She stressed the importance of collaboration with the federal government and providing assistance to counties and local governments in order to effectively tackle cybersecurity threats.
One of the key steps taken by Governor Hochul was the appointment of Colin Ahern as New York State’s first chief cyber officer. Ahern, who previously served as New York City’s acting CISO, has been instrumental in developing the state’s cybersecurity strategy. His experience in creating the city’s Cyber Defense Agency and establishing a cloud-based Zero Trust security environment has been recognized as valuable expertise for leading New York State’s cybersecurity efforts.
Governor Hochul praised Ahern as one of the most brilliant individuals in the field of cybersecurity, highlighting her own familiarity with the implications of cyber threats and attacks during her time in Congress. She acknowledged that cyberattacks have become even more prevalent over the past decade, making robust cybersecurity measures essential.
The development of New York’s cybersecurity strategy involved collaboration with the federal government, particularly with Jake Braun, a senior advisor at the Department of Homeland Security. Braun, who attended the unveiling of Governor Hochul’s strategy, commended the state’s commitment to allocating unprecedented resources to improve IT and operational technology (OT) systems. He also noted the expansion of public-private partnerships to enhance resilience in the event of an attack.
The cybersecurity strategy includes various components aimed at enhancing New York’s cybersecurity posture. One such component is the formation of an Industrial Control System Cyber Assessment team within New York State’s Cyber Incident Response Team at the Division of Homeland Security and Emergency Services. Furthermore, a Joint Security Operations Center was established in New York City to strengthen cybersecurity collaboration among different stakeholders.
Legislation was passed in 2022 to create a cybersecurity protection framework for the state’s energy grid, requiring electric distribution utilities to incorporate cyberattack preparedness into their emergency response plans. This legislation also empowers the New York Public Service Commission (PSC) with broader auditing powers over these utilities.
The state budget for the fiscal year 2024 includes substantial funding to improve New York’s healthcare IT and cybersecurity infrastructure, particularly through the Department of Health Care technology capital grant programs. Furthermore, Governor Hochul has significantly increased the state’s centralized security budget to $90 million, reflecting the urgency and importance of cybersecurity measures.
The budget also includes expanded funding for the state’s shared services program, which aims to provide cybersecurity services for county and local governments. Additionally, funds have been allocated to enhance the capabilities of the New York State Police’s Cyber Analysis Unit, Computer Crimes Unit, and Internet Crimes Against Children Center.
Governor Kathy Hochul’s comprehensive cybersecurity strategy reflects the state’s commitment to protecting its digital and critical infrastructure from cyber threats. By prioritizing collaboration, investing in resources, and establishing strong partnerships, New York aims to strengthen its cybersecurity defenses and ensure the resilience of its systems and services.