By GREGORY ZELLER //
Governor Kathy Hochul has a message for cybercriminals, and they won’t need an advanced cypher to break it down.
Hochul was part politician, part technician and all cybercop Wednesday, when she introduced what Albany has billed as a “nation-leading cybersecurity strategy” – an all-hands-on-virtual-deck action plan to foil ever-advancing cyberthreats and the punks propagating them.
Decrying national-security threats and noting “cybercriminals are determined to disrupt our systems and our lives,” the governor outlined a statewide cybersecurity plan that combines existing high-tech defenses, planned initiatives and heaping helpings of both AI and “HI” – “human intelligence,” according to Hochul, who called on all New Yorkers to join the fight.
“I need humans like the people in this room to do what they can to help us thwart these threats,” Hochul said at Wednesday’s cyber-plan press event. “We must stay vigilant (and) proactive and always be prepared.”
Hack this: Proactive Hochul is taking the fight to cybercriminals.
The threat is clear and immediate: Hochul referenced FBI statistics estimating 25,000-plus New Yorkers were cybercrime victims in 2022, resulting in $770 million in losses – the fourth-most victims and third-highest estimated losses among all 50 states, which is not surprising to the governor.
“Nothing new to us,” Hochul said. “We are a prime target … this is New York.
“During 9/11, [New York City] was attacked because they thought they could have the broadest impact on our national and global economy by hitting the epicenter of the financial world,” she added. “The cyberattacks represent the same danger today.”
Enter the statewide defense plan, which leverages three defining principles – Unified, Resilient and Prepared – to buttress critical networks, technologies and data systems.
Following the 2022 appointment of New York’s first-ever chief cyber officer, the strategy streamlines state-government digital-security services and provides a new framework for private and public cyber-stakeholders, including commercial enterprises and local governments, to align their resources and defenses.
Steven Nigrelli: Keeping pace, virtually.
The latest technologies – ensuring modern security principles and requisite functionality – will be in the mix, but collaboration will be key, according to Hochul, who included $90 million in cybersecurity investments in Albany’s FY2024 budget.
“Our interconnected world demands an interconnected defense leveraging every resource available,” the governor added. “This strategy sets forth a nation-leading blueprint to ensure New York State stands ready and resilient in the face of cyberthreats.”
Critical to the strategy’s success will be its flexibility. Cyberattacks and those who launch them are constantly evolving, and counterefforts must keep up, according to New York State Police Acting Superintendent Steven Nigrelli, who echoed Hochul’s call for vigilance among all plugged-in New Yorkers.
“Law enforcement is constantly challenged to keep pace with evolving online technologies that are utilized by criminals to steal from the public or gain access to sensitive information,” Nigrelli said Wednesday. “We want to remind the public that just like you should be aware of your physical surroundings, you should be aware of your online presence, too.”
By not simply stockpiling resources to respond to digital attacks but planning ahead to stave off evolving threats, New York’s ambitious strategy matches the tenacious tone and progressive pace set by federal cybersecurity defenses, according to Acting National Cyber Director Kemba Walden.
“The President’s National Cybersecurity Strategy articulates an affirmative vision for a defensible, resilient and values-aligned digital ecosystem,” Walden said in a statement. “The strategy … rebalance(s) the responsibility for managing cyber-risk onto those entities that are most capable of keeping us all safe, and shift(s) incentives to drive coordinated investments in long-term resilience.
“The New York strategy similarly articulates a fundamentally affirmative vision for cyberspace,” Walden added. “It is not simply reactive to threat-actor behavior, [but] advances policy in areas such as public-private operational collaboration, regulation of critical infrastructure, cyber-education, workforce development and IT modernization.”
