Dive Brief:
- New York Gov. Kathy Hochul and New York City Mayor Eric Adams, along with the mayors of Albany, Syracuse, Buffalo, Rochester and Yonkers, unveiled the creation of a Joint Security Operations Center (JSOC) on Tuesday that they say will be a first-of-its-kind center for cybersecurity coordination across the state.
- The state's institutions, governments and critical infrastructure – including water, transportation and power sources – are all vulnerable, Hochul said at a Tuesday press conference. "We cannot expect cities and counties to go it alone," she said on Tuesday, as tensions between Russia and Ukraine were becoming increasingly volatile. Russia invaded Ukraine late the next day, according to news reports.
- Adams also signed an executive order that requires each New York City agency to designate a cyber command liaison to “share information, monitor threats and adopt best practices around cybersecurity,” according to the announcement.
Dive Insight
U.S. local and state governments should look to the Russian attack on Ukraine as a wake-up call, according to Alison Post, associate professor of political science and global metropolitan studies at the University of California at Berkeley.
A variety of critical infrastructure systems that local governments operate could be targeted, she said in an email interview, including traffic and street lighting systems and emergency and security alert systems.
“Serious, successful cyberattacks on such systems would allow attackers to disable services and create panic," Post said. "For example, if false emergency alerts were to be issued, these could even decrease citizen trust, and lead fewer to believe them and respond in the future.”
"We've entered a new normal when it comes to cybersecurity."
Scott Reif
New York State Office of Information Technology Services spokesperson
New York's collaborative approach to cybersecurity could become a potential model for other cities, regions and states to follow, an outcome Hochul said she hopes the JSOC will inspire. The approach is intended to foster better coordination on threat intelligence, reduce response times and expedite remediation following a potential cyber incident, according to the announcement. It brings all of the state, city, local and authority-level cyber defense assets “under one umbrella," it stated.
New York's reworking of its cybersecurity strategy comes as cities from New Orleans to Knoxville, Tennessee, have experienced a growing number of cyberattacks in recent years. Researchers have also warned that essential transportation systems and smart city infrastructure are not prepared for cyberattacks.
“We've entered a new normal when it comes to cybersecurity,” said Scott Reif, a spokesperson with the state's Office of Information Technology Services, in an email interview. “There are more attempted attacks than ever before, greater risk and threats facing every level of government. This new collaborative approach ... will go a long way in protecting our infrastructure and thwarting cyber criminals.”
Small and mid-sized cities have long struggled to address cyber threats due to staffing and budget limitations. Many local governments don't have the resources to assess their vulnerabilities and provide proper training to personnel, Post said. She added that a useful regional approach would involve training for local government officials, outside evaluations of the robustness of local government cyber protections and grant funding for enhancing those protections.
Post first advised that local leaders take the threats seriously. “Make sure cybersecurity is taken into consideration when procuring IT systems, she said. “Train your personnel to avoid phishing attacks and use two-factor authentication. And take advantage of programs offered by the Department of Homeland Security to bring your staff up to speed on threats.”