IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

New York Lawmakers Look to Fortify Critical Infrastructure

A recently proposed piece of New York legislation would require certain critical infrastructure systems to meet international cybersecurity standards to better prevent them from being compromised.

New York City
New York’s critical infrastructure could soon receive additional protection if the state’s Legislature passes a recently proposed bill that looks to implement more rigorous cybersecurity standards.

These standards would be applied to the state’s public transportation, water and wastewater treatment facilities, public utilities, public buildings, hospitals, public health facilities and select financial services organizations.

Other areas, such as automation and control system components, including hardware, software and policies involved in the operation of critical infrastructure, would also have to comply with these new standards.

“This is something I’ve been wanting to do for quite some time,” the bill’s sponsor, Sen. Kevin Thomas, D-6, said. “There have been an increased amount of cyber attacks where hackers are just holding people hostage.”

“The bill looks to address this by updating systems to match international standards so that the state’s critical infrastructure is protected as much as possible,” Thomas said.

One of these standards is the ISA/IEC 62443 series of standards created by the International Society of Automation.

According to the ISA website, these standards include having a framework to address and mitigate current and future security vulnerabilities in industrial automation and identifying and applying security countermeasures to reduce any risk to tolerable levels.

To achieve this in the state, the governor’s office, with input from the state’s Division of Homeland Security and Emergency Services and the superintendent of financial services, will decide which critical infrastructure systems are considered vital and vulnerable to cybersecurity attacks and how to address these issues.

“There needs to be more vigilance. We need to know whether these critical infrastructure systems can be compromised and how to upgrade them to prevent them from being compromised,” Thomas said. “This bill is one way of doing that.”

The state’s Division of Homeland Security and Emergency Services declined to comment on the pending legislation.
Katya Maruri is a staff writer for Government Technology. She has a bachelor’s degree in journalism and a master’s degree in global strategic communications from Florida International University.