In perhaps the busiest week in recent memory when it comes to government outreach regarding cybersecurity, all levels of state government have now turned inward to ensure their own systems are protected. On Tuesday, Governor Kathy Hochul and New York City Mayor Eric Adams, along with various other NY lawmakers and elected officials, announced two separate cybersecurity initiatives involving City and State government.
Governor Hochul announced the creation of the Joint Security Operations Center (JSOC), a physical location in Brooklyn that will house cyber security professionals from state and local governments as well as private sector partners. This new command will increase collaboration between the public and private sectors with the goal of proactively detecting threats and mitigating the damage when attacks do occur. The Governor indicated that she hoped this model, a diverse group of industry experts working in concert with government and private business, would be a model for the rest of the country. Hochul also acknowledged the need to create a talent pool of homegrown cybersecurity professionals here in New York and pointed to the College of Emergency Preparedness, Homeland Security, and Cybersecurity at the University of Albany as a valuable resource towards accomplishing that goal.
Also, with an eye towards streamlining the City’s cyber response, Mayor Adams announced on Tuesday that he has signed Executive Order 10, establishing the New York City Cyber Command (NYC3). The Order, which is effective immediately, states “The Office of Technology and Innovation, through the Office of Cyber Command, shall direct, manage, and have authority over the City’s cyber defense, investigation, response, and policy, in coordination with the New York City Police Department and the Office of Emergency Management, as appropriate.” Traditionally, these responsibilities have been spread across multiple law enforcement and state agencies. The hope is that by centralizing that responsibility, NYC3 will be able to better detect and respond to cyber threats against public entities and the private industries that are headquartered in the City.
Here is what else we know about NYC3:
- The NYC Chief Information Technology Officer will manage the day-to-day operations and report to NYC Chief Technology Officer
- Each City agency must appoint a Cyber Command Liaison which coordinates with and is the primary contact for NYC3
- NYC3 must set information security and policy standards for other City agencies.
- NYC3 will review all citywide cyber procurements
This renewed focus on cyber security is all occurring against the backdrop of the Russian invasion of Ukraine which by many accounts, is already underway. These steps are of course a way to guard against the immediate threat of a cyber-attack crippling the city’s critical infrastructure or causing a widescale data breach however, these initiatives also aim to make the state’s cyber security more resilient in the long term.