Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

New York Governor Proposes New Cyber Security Measures

Following the Intelligence Community report blaming Russia for both the Democratic National Committee hack in 2016, and for attempting to influence the presidential election in favor of Republican Donald Trump, the Democrat Governor of New York has now introduced new cyber security proposals to his January State of the State address.

Following the Intelligence Community report blaming Russia for both the Democratic National Committee hack in 2016, and for attempting to influence the presidential election in favor of Republican Donald Trump, the Democrat Governor of New York has now introduced new cyber security proposals to his January State of the State address.

Andrew Cuomo has a troubled relationship with the state Legislature, and this is likely to continue. Rather than deliver his address directly to the Legislature as is custom, this year the governor is taking to the road to speak more directly to the people in a series of shorter addresses. 

This is seen as an attempt to bypass his Legislature problems and concentrate on popular proposals that the lawmakers will have difficulty in defeating. He is yet to put forward the associated budget proposal, and has until January 17th to do so. At that point he will need to bring the lawmakers on side; but it will be difficult for publicly elected officials to reject improved cyber security proposals in the current climate.

Cuomo’s new proposals focus on two areas: improved incident response, and increased deterrence through more severe legal punishments. “Our laws must keep pace in order to combat these increasingly sophisticated criminal acts,” Cuomo said in a statement. The proposals come partly from the state’s Cyber Security Advisory Board established by the governor in 2013.

A new cyber incident response team (CIRT) is to be established. It will be assembled from computer experts in the state Division of Homeland Security and Emergency Services, the National Guard, the state Office of Information Technology Services and other agencies. Its purpose will be to help state agencies, local government authorities, critical infrastructure and schools who suffer cyber-attacks or system breaches.

The team will provide advice on how organizations can better protect their information technology assets, critical operating systems and data from cyber-attacks, malware and ransomware. It will also provide a hotline for reporting incidents.

The deterrent effect will come from increased and graduated punishments for cybercrimes, with harsher punishments for more serious or damaging crimes. Theft of multiple identities, for example, could range from an A-level misdemeanor to a D-level felony; and there is a proposed new B-level felony for those causing more than $1 million in damages.

Advertisement. Scroll to continue reading.

“We couldn’t have a better template of time than right now for seeing how cybersecurity is so important when we can’t even safeguard the security of our presidential elections,” commented Joseph Lentol, a Brooklyn Democrat, in an interview January 6th. “It is obvious that we are living behind the times and we have to take measures to stop cyberthieves from interfering in our lives and in our computers and in our institutions.”

It should be remembered, however, that State of the State addresses are primarily a vehicle for publicizing a political wish list for the governor — it is, in fact, a political tool in itself. Many proposals don’t come to fruition, either through lack of time, loss of will, or lack of budget. The budget comes from the lawmakers; and these cyber security proposals will require a budget. For them to go ahead, the troubled relationship between governor and Legislature will need to be repaired, if only temporarily.

In December 2016, the New York State Department of Financial Services (DFS) published proposals for a new cyber security regulation for New York financial services. This is due to come into effect on March 1, 2017.

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.

Register

Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.