New York Gov. Kathy Hochul unveiled the state’s first cybersecurity strategy Wednesday, which will serve as a blueprint for how various public and private stakeholders will work in tandem to protect critical infrastructure and the personal data of statewide residents from malicious attacks and data breaches.
New York state is considered by many to be the most important economic center in the U.S., serving as the financial center for investment and banking and a major transportation hub for air transportation and international trade.
It's a big target subject to big losses. FBI data shows more than 25,000 New Yorkers were victims of cybercrime last year, which resulted in $777 million in losses.
Just as the state was a major target for international terrorism in the past, officials said, New York has become a leading target for malicious activity from nation state threat actors and criminal hackers.
“Our interconnected world demands an interconnected defense leveraging every resource available,” Hochul said in a statement. “The strategy sets forth a nation-leading blueprint to ensure New York State stands ready and resilient in the face of cyberthreats."
The New York State cybersecurity strategy is based on five strategic pillars:
- Operate New York state networks securely and resiliently
- Collaborate with key stakeholders
- Regulate critical industries
- Communicate cybersecurity advice and guidance
- Grow New York’s cybersecurity workforce and economy
New York state has been increasingly focused on taking command of its own cybersecurity priorities, as the state is so heavily dependent on an interconnected grid.
Chief Cyber Officer Colin Ahern addressed the ongoing threat to critical infrastructure last month during a keynote address at the Protecting New York Summit in Lower Manhattan. He noted that collaboration with the private sector is important because most of the critical infrastructure in the state is actually privately owned and not controlled by the government.
New York began setting the foundation for its cybersecurity strategy last year with a string of announcements. In February last year, it unveiled a Joint Security Operations Center in Brooklyn, designed to coordinate cybersecurity incident response with critical infrastructure providers and various city agencies across the state.
Then last June, the state named Ahern as the state’s first chief cyber officer. As part of his new role, Ahern leads the JSOC to coordinate statewide cybersecurity response.
Hochul also allocated $30 million in shared services funding to help local governments strengthen their systems from attack in July of 2022. As part of that funding, county governments and the initial JSOC partners, Albany, Buffalo, Rochester, Syracuse and Yonkers, were provided endpoint detection and response protection from CrowdStrike at no cost.
In January, Hochul announced the state would spend an additional $35.2 million on cybersecurity, on top of an existing $61.9 million in the fiscal 2023 budget. The state announced plans to develop a specialized industrial control system assessment team to help protect manufacturing and critical infrastructure from attacks.
During her presentation Wednesday, Hochul recalled the impact of a 2022 cyberattack on Suffolk County in Septemer 2022, when hackers gained access to the personal data of hundreds of thousands thousands of residents and tens of thousands of former and current employees.
Fitch Ratings noted the attack highlighted the risks to local communities as the county had no cyber insurance coverage to mitigate the financial impact of the attack.