IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

New York Gov. Kathy Hochul Releases First Statewide Cyber Strategy

The state’s plan addresses how current and anticipated initiatives support its larger goals of building resilience, preparedness and unification across cybersecurity efforts. The strategy takes a holistic approach across sectors.

New York Gov. Kathy Hochul
New York Gov. Kathy Hochul
Shutterstock/lev radin
New York released its first statewide cybersecurity strategy Wednesday, outlining current and planned efforts to respond to risks to both public- and private-sector entities.

In particular, the strategy aims to clarify the roles and responsibilities of different agencies and explain how various initiatives do or will fit into an overarching approach, the state said in its announcement. Measures include those intended to expand cybersecurity talent pipelines, provide cyber supports to local governments, enforce cyber regulations on critical infrastructure, and advise residents and businesses about best practices for reducing their risks. As New York considers both current and emerging threats, three key principles will guide its approach: unification, resilience and preparedness.

The state chief cyber officer will oversee putting the strategy into action.

The strategy will be fueled in part by targeted funding. That includes $500 million for improving health-care IT, including cybersecurity infrastructure, as well as $7.4 million to expand three state police units focused on cyber analysis, cyber crimes and Internet crimes against children. The governor had previously announced $90 million for cybersecurity, of which a third is aimed at supporting local government defenses via shared services.

The state itself is looking to expand the New York Security Operations Center, including with new facilities and staffing, per the strategy. It also will update its networks to allow for adopting more zero-trust practices and will prepare for encryption-cracking quantum computing. Various efforts aim to make it easier for IT talent to work for the state, including opening offices in more parts of the state and enabling agencies to conduct key parts of the recruitment on regular or ongoing bases.

To further bolster talent pipelines, the state intends to expand training programs like its Pathways in Technology offering for high school students and will partner on developing cybersecurity curriculum materials for higher ed and K-12. It also aims to see several State University of New York (SUNY) institutions become “hubs for high-technology research and centers for federal research funding.” To achieve this, the state aims to grow partnerships and build labs.

Local governments can struggle to afford and adopt a full slate of cyber tools and capabilities, and New York has been providing them with free endpoint detection and response (EDR) shared services. Now it hopes to expand access to the EDR service and offer additional cybersecurity tools.

The past few years have seen New York pass more requirements and regulations around securing critical infrastructure. In 2017, its financial services regulator added a cybersecurity requirement for banks, insurance companies, virtual currency companies and other financial service providers under its purview. Following that came a 2022 law requiring energy distribution utilities to address the risk of cyber attacks as part of their annual emergency response plans.

The state also said it will reach out to companies in fields like biotech and aerospace to alert them about cyber espionage risks and ways to detect and respond.

Cybersecurity is a whole-of-society affair, and the state also is continuing efforts to raise awareness among the public about good cyber hygiene practices and ways to stay safe online. That includes steps like updating software and operating systems regularly, being cautious about clicking on suspicious links, and adopting multifactor authentication (MFA).