Protecting New York’s Critical Infrastructure
Cybersecurity is paramount to the Governor’s commitment to the safety and security of all New Yorkers, as well as Mayor Adams’ commitment to New York City. In 2021 there were 85 cyber-attacks in New York alone. Protection of our infrastructure and cybersecurity is critical, given the proliferation of technology in all aspects of our lives, the constant and unrelenting attacks from bad actors, and increasing threats from Russia and other foreign actors. Recent storms leading to flooding in subways and cyber security issues potentially resulting from the war in Ukraine have shown us how fragile New York’s infrastructure is. In today’s globally interconnected world, and as we work to build a Smart City, everyone plays a role in protecting New Yorkers against the threat of cyber-attacks.
The Danger of Cyber-Attacks for New York
New York’s leadership in finance, energy, transportation, healthcare, and other critical industries makes the State an attractive target for cyber-attacks that can disrupt operations, including critical infrastructure and services to citizens. While government entities across the State have historically taken an independent approach to cyber defense and protecting the safety of their technology assets, acting alone is no longer an option. As the frequency and sophistication of cyber-attacks have grown, so too needs a “whole of government” approach. The interconnected nature of the state’s networks and IT systems means that attacks can quickly spread across the state. Many government entities often do not have the funding or resources necessary to protect their systems, some of which provide critical services such as social safety-net services, healthcare, law enforcement, emergency management, and water treatment.
Threats and Public Safety
These threats are an issue of public safety. The State’s critical infrastructure provides the essential services that underpin society. If a hospital, water system, or energy grid is compromised or rendered inoperable, the implications would be profound. When critical services like transportation, healthcare, and social safety-net programs and governmental offices can’t function, it affects the economy and our way of life in a real way. When emergency systems, in particular, are attacked, the risk to people in crisis is immediate and severe.
Even before Mayor Adams took office, former Mayor di Blasio advised him, “Your real crisis will be cyber security; it will disrupt our way of life”.
Governor Kathy Hochul’s Investment in Cybersecurity Infrastructure – the JSOC
Governor Hochul dedicated an unprecedented $61.9 million investment in New York State’s cybersecurity infrastructure as part of the State’s FY23 budget, doubling the previous investment. She also announced the creation of a Joint Security Operations Center (JSOC) in Brooklyn which will serve as a first-of-its-kind hub for data and cyber coordination for joint local, state, and federal cyber efforts, including data collection, response efforts, and information sharing. This is a partnership launched with mayors and cyber leaders across the state, including Mayor Adams.
The JSOC is the nation’s first-of-its-kind cyber command center that will provide a statewide view of the cyber-threat landscape and improve coordination on threat intelligence and incident response. As part of this proposal, the Governor is also proposing a $30 million “shared services” program to help localities bolster cyber defenses statewide. Proactive cybersecurity incident response and recovery planning will help mitigate risk and ensure a unified response when an incident happens.
Mayor Eric Adams: “New York City is a Prime Target”
New York City Mayor Eric Adams has said, “New York City is a prime target for those who want to attack our cyber infrastructure to cause destruction. While New York City Cyber Command is already a national model for impeding these threats, it’s time our cybersecurity moved to the next level. We know that when it comes to cyber-attacks, the difference between a minor disruption and a catastrophe can be a matter of minutes. That is why the new Joint Security Operations Center will take an integrated and holistic approach to harden our cyber defenses across the state. I thank Governor Hochul and our fellow mayors for their partnership and look forward to working with them to confront this common threat.”
Gov. Kathy Hochul: “We must now transform how we approach cybersecurity”
“There is a new type of emerging risk that threatens our daily lives, and just as we improved our physical security infrastructure in the aftermath of 9/11, we must now transform how we approach cybersecurity with that same rigor and seriousness,” Governor Hochul has said. “I’m proud to announce this dynamic and innovative partnership to establish the Joint Security Operations Center in collaboration with New York City, our upstate cities, and government and business leaders across the state. Cybersecurity has been a priority for my administration since Day 1, and this command center will strengthen our ability to protect New York’s institutions, infrastructure, our citizens, and public safety.”
NYC’s Chief Technology Officer: Matt Fraser
Matt Fraser is Chief Technology Officer for New York City and will coordinate activities of the JSOC. He plans to build our universal broadband access and flexible, extensible, reliable computing resources, including cloud services.
No other state has brought together cybersecurity teams in a shared command space at this scale including federal, state, city, and county governments, critical businesses, and utilities, and state entities like the Division of Homeland Security and Emergency Services, Office of Information Technology Services, New York State Police, MTA, Port Authority of New York and New Jersey, the New York Power Authority, among others.
The JSOC
The JSOC, headquartered in Brooklyn and staffed by both physical and virtual participants from across the state, will improve defenses by allowing cyber teams to have a centralized viewpoint of threat data. This will yield better collaboration on threat intelligence, reduction in response time, and quicker remediation in the event of a major cyber incident. It will help participating entities respond to potential issues and elevate systemic trends that may have otherwise gone undetected. This approach leverages all the cyber defense assets at the state, city, local, and authority levels under one umbrella.
New York State will collaborate with city and regional leaders on cyber training and exercises as the JSOC becomes operational over the coming months. The Governor and her team will continue ongoing conversations with the White House and federal partners to ensure coordination. The JSOC will expand its services beyond what Cyber Command did, which was primarily an advisory service that did an audit, exposed weaknesses, and issues, but relied on the agency to resolve them. The JSOC will have the budget and expertise to help the agencies prevent and resolve any issue.
These investments help ensure that if one part of the network is attacked, the State can isolate and protect the rest of the system.
“Shared Services” Program
As part of this proposal, the Governor is also proposing a $30 million “shared services” program to help local governments and other regional partners acquire and deploy high-quality cybersecurity services to bolster their cyber defenses. The interconnected nature of the state’s networks and IT programs means that attacks can quickly spread across the state. Many government entities often do not have the funding or resources necessary to protect their systems, some of which provide critical services like healthcare, law enforcement, emergency management, water treatment, and unemployment insurance, to name a few.
Capalino’s Technology Group
There is a growing interest in making NYC more connected—from operational technology to make buildings more energy-efficient, to the build-out of renewal energy sources and electrification of our streets to accommodate electric vehicles for transportation. We must continue to invest in creating a more advanced, secure, and resilient infrastructure while continuing to offer workforce development and employment opportunities for all New Yorkers.
Critical infrastructure requires an operational technology cyber strategy, not just an IT cyber strategy. Capalino’s technology group is at the forefront of these initiatives helping technology companies grow and helping to build the City’s infrastructure. We work with technology companies that want to expand in New York, navigating the political and business landscape to help them enter the marketplace and drive long-term sustainable growth.
To learn more about how Capalino can help you get things done in New York, contact Michael O’Boyle at michael@nullcapalino.com or 646.285.2296.