IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

New York Lawmakers Look to Fortify Critical Infrastructure

A recently proposed piece of New York legislation would require certain critical infrastructure systems to meet international cybersecurity standards to better prevent them from being compromised.

New York City
Shutterstock
New York’s critical infrastructure could soon receive additional protection if the state’s Legislature passes a recently proposed bill that looks to implement more rigorous cybersecurity standards.

These standards would be applied to the state’s public transportation, water and wastewater treatment facilities, public utilities, public buildings, hospitals, public health facilities and select financial services organizations.

Other areas, such as automation and control system components, including hardware, software and policies involved in the operation of critical infrastructure, would also have to comply with these new standards.

“This is something I’ve been wanting to do for quite some time,” the bill’s sponsor, Sen. Kevin Thomas, D-6, said. “There have been an increased amount of cyber attacks where hackers are just holding people hostage.”

“The bill looks to address this by updating systems to match international standards so that the state’s critical infrastructure is protected as much as possible,” Thomas said.

One of these standards is the ISA/IEC 62443 series of standards created by the International Society of Automation.

According to the ISA website, these standards include having a framework to address and mitigate current and future security vulnerabilities in industrial automation and identifying and applying security countermeasures to reduce any risk to tolerable levels.

To achieve this in the state, the governor’s office, with input from the state’s Division of Homeland Security and Emergency Services and the superintendent of financial services, will decide which critical infrastructure systems are considered vital and vulnerable to cybersecurity attacks and how to address these issues.

“There needs to be more vigilance. We need to know whether these critical infrastructure systems can be compromised and how to upgrade them to prevent them from being compromised,” Thomas said. “This bill is one way of doing that.”

The state’s Division of Homeland Security and Emergency Services declined to comment on the pending legislation.
Katya Maruri is a staff writer for Government Technology. She has a bachelor’s degree in journalism and a master’s degree in global strategic communications from Florida International University, and more than five years of experience in the print and digital news industry.
Special Projects
Sponsored Articles
  • Sponsored
    How the convergence of security and networking is accelerating government agencies journey to the cloud.
  • Sponsored
    How the State of Washington teamed with Deloitte to move to a Red Hat footprint within 100 days.
  • Sponsored
    The State of Michigan’s Department of Technology, Management, and Budget (DTMB) reduced its application delivery times to get digital services to citizens faster.

  • Sponsored
    Like many governments worldwide, the City and County of Denver, Colorado, had to act quickly to respond to the COVID-19 pandemic. To support more than 15,000 employees working from home, the government sought to adapt its new collaboration tool, Microsoft Teams. By automating provisioning and scaling tasks with Red Hat Ansible Automation Platform, an agentless, human-readable automation tool, Denver supported 514% growth in Teams use and quickly launched a virtual emergency operations center (EOC) for government leaders to respond to the pandemic.