New York Governor Kathy Hochul has acted to elevate the state's cyber defenses with the signing of S.7672A/A.6769A. This law enacts stringent requirements for municipalities to report cybersecurity incidents and ransom payments, enhancing the resilience of government networks against the increasing tide of digital threats. As global conflicts intensify, New York has pushed a whole-of-government approach to deal with the complexities of cybersecurity. "My top priority as Governor is the security and safety of all New Yorkers, and with this legislation we're strengthening our ability to respond to and ultimately prevent cyber threats all across our state," Hochul stated, as reported by the official news release from the Governor's office.
The key components of the legislation include a 72-hour deadline for reporting cyber incidents and a 24-hour window for ransom payments disclosures to the New York State Division of Homeland Security and Emergency Services (DHSES). However, municipalities face ever-increasingly sophisticated threats with this new directive by their side. With the adoption of annual cybersecurity training for government employees, the legislation hardens the State’s digital fortress. "The cyber threats that municipalities face have never been more numerous, more sophisticated, or more dangerous," expressed New York State Chief Cyber Officer Colin Ahern in the official announcement.
In light of recent ransomware incidents, the move by New York intends to expedite response times, improve threat coordination, and mitigate damages. This comes at a crucial juncture as local agencies are at the forefront of a battle against cyber attackers who are becoming more creative and aggressive. By establishing clear protocols for incident reporting, New York hopes to gain a critical edge in visibility and defense. State Senator Monica R. Martinez highlighted the importance of the bill for public protection, noting the prioritization of local government structure, support, and accountability.
The enactment of this legislation is part of Governor Hochul's broader cybersecurity strategy, which has seen investments like the launch of the NYS Joint Security Operations Center (JSOC) and the expansion of the State’s law enforcement cyber capabilities. Governor Hochul has ensured the growth of the Computer Crimes Unit, the Cyber Analysis Unit, and the Internet Crimes Against Children Center at the New York State Police. By further improving statewide cybersecurity assistance, Assemblymember Steve Otis said, the knowledge of cyberattacks will enable state cyber agencies to advise local governments more effectively.
Responding to a digital era's evolving demands, this recent development underscores New York's commitment to digital safety. Local governments serve as gatekeepers to essential services and sensitive information, making such legislation a crucial step in the defense against cyberattacks. Agencies like the New York Association of Towns and the New York State Association of Counties have lauded the efforts that aim to uplift local cybersecurity knowledge and defenses. "On behalf of the county governments of New York, we commend Governor Hochul for approving this legislation," said Stephen J. Acquario, Executive Director of the New York State Association of Counties, expressing gratitude for the support in securing vital information systems, according to the Governor's office .
