IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Beyond State Boundaries

New York State cyber-security chief reaches out to share critical information

ALBANY, NY -- Will Pelgrin was appointed New York State's first director of the NYS Office of Cyber Security and Critical Infrastructure Coordination (CSCIC) in Sept. 2002. He comes to the post with more than 20 years of experience in state government including a recent tenure as the Director of the State Office of Technology. Even with this rich government experience, Pelgrin seems the antithesis of a bureaucrat as he moves on initiatives with speed and efficiency that is, generally, rare in government -- particularly when multiple players are involved.

The ability to engage cross-agency and inter-governmental participants in a state as decentralized as New York, is a specialty of Pelgrin who says he "doesn't have a territorial bone" in his body. "I am a big believer in sharing information," he said. "It's not about the individual." Under Pelgrin CSCIC launched a public/private sector security cyber security workgroup; established a multi-state Information Sharing and Analysis center (ISAC); and is guiding the NYS Geographic Systems Coordination Program. Each of the efforts reaches deep into state government organizations and across to federal, interstate and local governments, as well as the private sector.

The goal, according to Pelgrin, is to increase the real-time sharing of information, eliminate the practice of building redundant applications and, most importantly, strengthen the nation's overall cyber security and infrastructure protection. "I try to take the global perspective because I think that's what will help the citizens of New York State and people everywhere," he said. "If we are myopic, we lose out on the benefits."

Launched in January of this year, the Multi-state ISAC has already grown to include 19 states with three more on-board to join soon. Pelgrin hopes to have all 50 states participating by the end of the year. The ISAC will serve as a central repository for information about cyber-security breaches and infrastructure threats, gathering data from both public and private-sector members. "We have a common protocol that we follow here," Pelgrin explained. "Green level means there is normal activity, not no activity, because there is always something going on. Our mantra really is vigilance and resilience."

Activity that might be noted and shared, for example, is a particular port on a server suddenly receiving a lot of activity and potentially being attacked by a worm. A notice would be issued to members to shut down that particular port, Pelgrin explained. There is also a common incidence reporting process in which states use a toll-free telephone number to report suspected incidents to the multi-state ISAC. The ISAC is also charged with compiling information and intelligence analysis for first responders and law enforcement agencies across boundaries.

According to Pelgrin, the New York-led ISAC is about to go international. He is in talks with Australian officials to bring that country into the network because it is on the leading edge of what happens in cyberspace. "Because of the time zone they will see anything first," he said. "In Y2K they were the first major entity to see the new day."

The Public/Private Sector Cyber Security work group compliments the ISAC effort. With at least 20 members from government agencies, education and industry, the workgroup has conducted six meetings that, Pelgrin says, have resulted in more than dialogue. The group identified 13 critical sectors such as health, utilities and telecommunications and other vulnerable areas. Each area will have public and private sector leaders tasked with taking inventory, identifying vulnerabilities and doing a risk assessment. "We want to make sure that what we are doing is a value-add and not an impediment to doing business," Pelgrin said. "I want this to be as seamless as buckling a seat belt." The idea is to "tap into" what is already being done, he added, and to avoid doing duplicative work.

The state's GIS program also brings in participants from multiple sectors including the New York State GIS Data Sharing Cooperative with more than 430 members from federal, state and local government, academia, non-profit organizations and other states. The program includes an extensive plan for geospatial database development. The state is providing a base level of orthoimagry that can be customized to meet the needs of local governments and other users, and is working on the development of a statewide street network, complete with addresses.

As Pelgrin guides and expands these efforts the state of New York is moving into a leadership role in cyber security and infrastructure protection. "I believe there are many states going great things," Pelgrin said. "I am just pleased to be in New York State with this governor and I think we have taken some major strides ... we have a head start in that regard."