Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.

What's in New York's 'First-Ever' Cyber Strategy?

Governor Kathy Hochul has made cybersecurity a key priority, with New York's first chief cyber officer, Colin Ahern, leading the effort.

4 Min Read
New York University buildings with purple NYU logo flag hanging outside the entrance and Empire State Building in background
Source: Andrew Cribb via Alamy Stock Photo

New York Governor Kathy Hochul unveiled a broad cybersecurity strategy earmarking $600 million directed at protecting the state's digital and critical infrastructure from cyber threats. Touted as New York's "first-ever" statewide cybersecurity strategy, Hochul said it sets high objectives for cybersecurity and resilience. According to a summary of the strategy, it also seeks to unify cybersecurity services statewide with access to information tools and services, while providing a framework for partnerships with the public sector and nonprofit organizations.

Hochul, a Democrat who took over as governor in August 2021 following the resignation of Andrew Cuomo, has made improving New York's cybersecurity and resilience posture a high priority from the outset of her administration.

She pointed to last year's massive ransomware attack that hit Long Island's Suffolk County government, cutting off its critical services for months. "It disconnected more than 1.5 million residents from the services they rely on," she said. "Emergency dispatchers spent weeks taking calls by hand, and real estate transactions were held up entirely."

Joined by federal, state, and local cybersecurity leaders, Hochul outlined the strategy on Wednesday at NYU Tandon School of Engineering, during an awards ceremony for participants in the university's professional certificate program in operational technology security.

In remarks during the briefing, Hochul emphasized the ongoing rise in cybercrime targeted at the US and New York state's critical industrial and financial infrastructure. She also underscored the strategy's focus on collaborating with the federal government and providing assistance to counties and local governments.

New York's First Chief Cyber Officer

Last year, Hochul appointed Colin Ahern as the first chief cyber officer of New York State, based in part on his experience as New York City's acting CISO. Ahern created the city's Cyber Defense Agency and led the building of its first cloud-based zero-trust security environment, which enabled the Cyber Command group to shift to remote work during the COVID pandemic.

New York Governor Kathy Hochul speaks at event announcing cybersecurity plan

"He is one of the most brilliant people I've ever met in this space," Hochul said in her remarks at the NYU Tandon event. She said she became familiar with the implications of cyber threats and attacks during her term in Congress a decade ago when she was on the Capitol's Homeland Security and Armed Services committees, where she received White House briefings on cyber threats. "In the decade since, cyberattacks have only intensified every single day," Hochul said.

Ahern noted that New York is a prime target for cybercriminals because, as the fourth most populous state in the US, it has 20 million residents and generates trillions of dollars in economic activity.

New York developed its strategy in collaboration with the federal government in the form of Jake Braun, a Department of Homeland Security senior adviser. Braun, who attended the unveiling of Hochul's strategy, said his team has regularly talked with Ahern and the governor throughout the plan's development.

"They've committed to massive, unprecedented resources going to their IT and OT improvements, and they've dramatically expanded public-private partnerships to enhance resilience in the case of an attack," Braun said.

Components of New York's Cyber Strategy

The new strategy calls for forming an Industrial Control System Cyber Assessment team that would function as part of New York State's Cyber Incident Response Team at the Division of Homeland Security and Emergency Services. Days before Russian forces invaded Ukraine, New York created the Joint Security Operations Center in New York City. Ahern's team has partnered with the mayors of Albany, Buffalo, New York City, Rochester, Syracuse, and Yonkers to build and maintain that center.

Hochul's strategy builds on legislation passed in 2022 to create a cybersecurity protection framework for the state's energy grid that requires electric distribution utilities to be prepared for cyberattacks in their annual emergency response plans. That legislation requires utilities to share those plans with the New York Public Service Commission (PSC), which now has broader auditing powers.

The latest state budget, submitted in May, called for $500 million to improve New York's healthcare IT and cybersecurity infrastructure through the state's Department of Health Care technology capital grant programs. Hochul sharply increased the state's centralized security budget through fiscal year 2024 to $90 million, up from $20 million.

The budget includes expanded funding for the state's shared services program for county and local governments. New York's shared services program so far covers 53,000 county and local government computers, most upstate counties, and the five largest upstate cities. Also allocated in the FY24 budget is $7.4 million to expand the New York State Police's Cyber Analysis Unit, Computer Crimes Unit, and Internet Crimes Against Children Center.

About the Author

Jeffrey Schwartz, Contributing Writer

Jeffrey Schwartz is a journalist who has covered information security and all forms of business and enterprise IT, including client computing, data center and cloud infrastructure, and application development for more than 30 years. Jeff is a regular contributor to Channel Futures. Previously, he was editor-in-chief of Redmond magazine and contributed to its sister titles Redmond Channel Partner, Application Development Trends, and Virtualization Review. Earlier, he held editorial roles with CommunicationsWeek, InternetWeek, and VARBusiness. Jeff is based in the New York City suburb of Long Island.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights