New York's cyber chief on keeping cities and states safe from cyberattacks | The Record from Recorded Future News

And so we think that that'll continue to evolve the security posture of New York State in a way that first and foremost provides the public good, which is, if a government service is not secure, it can't be considered reliable. We're in the process of rolling out over the next year or two — in addition to our endpoint detection and response shared service — attack service management, so providing the counties at no cost an enterprise-grade attack service management platform which will complement our endpoint [detection service] insofar as that, we'll have now a view of what is exploitable within the networks that are owned and controlled and managed that provide those services so we can assist local governments in triaging important findings, health checks, addressing issues before they occur. Three years ago, Colin Ahern became New York state’s first ever chief cyber officer — a role he took on after serving as first deputy director of New York City Cyber Command and acting CISO for the city. Then the governor called, and said ‘do you want to be the first chief cyber officer of New York State?’ And obviously you say yes to that. In fiscal year 2022-23, the governor doubled the size of the New York State Police Cyber Analysis Unit, Computer Crimes Unit and Internet Crimes Against Children's Center. I would also add that the New York State Intelligence Center, our federally chartered multi-agency fusion center does work very, very closely with the private sector because they have a statewide mission to advance counter terrorism and other topics across the state. So New York, over the last several years, the state Education Department has done a tremendous job in organizing, promulgating and now requiring a broad spectrum computer science curriculum which has several elements, one of which is cyber. One of the things we've been working on very closely the last couple years with our partners in the legislature, in particular in the Assembly and the State Education Department, is the Computer Science for All curriculum. After that, I was asked by [former New York City] Mayor Bill de Blasio, First Deputy Mayor Tony Shorris and the first Director of New York City Cyber Command Geoff Brown, to help stand up New York City Cyber Command. With K-12 in New York State, your son or daughter probably has a technology class, and now they're going to be learning about cyber bullying. Government is a service provider, so our public comment outlines a couple of specific areas in which federal rule making and federal processes can do even more to collaborate across the levels of the government, by not just sharing information in an anonymized form, but working collaboratively with up-to-date threat-centric information, really in the model of the Counter Terrorism Fusion Task Forces, the Joint Task Forces. As cyber threats targeting government agencies surged during the COVID-19 pandemic, he took steps to move state systems to the cloud and tighten security measures. But the governor in last year's budget worked with our partners in the legislature to put forward a multi-$100 million dollar technology and cybersecurity grant program, which provides up to $500 million for these facilities to upgrade their technology and cyber. We continue to work with our state and local partners to expand the kind of shared services we're providing. Our primary focus is on county and local governments, but additionally other critical infrastructure partners do work very closely with the Division of Homeland Security Emergency Services. Has there been a threat assessment done? A risk assessment? Is there multi-factor authentication? So we respect the rules within HIPAA but we focus on the larger healthcare ecosystem landscape and on critical services, because New York's a big state, it is the fourth largest state by population. Additionally, the governor in December of 2022 signed first in the nation legislation to enable the Public Service Commission to prescriptively regulate cybersecurity for energy distribution. CA: We have one of the country's leading cyber analysis units within the New York State Police. It’s been a wild ride but the support that the governor has given us, the priority that she's really put on this to level up cyber has been obviously a big challenge, but I’m proud of the important successes and opportunities up to this point. I wasn't really sure what I was gonna do, but I decided I would stick with cyber, so I worked in cybersecurity in financial services for a little bit. Unfortunately, now the convergence we've seen in cybercriminals and their capabilities, some of the Russians, the Chinese, the Iranians in particular, their use of cybercriminals and the proliferation of cyber tools across the industry — you can find advanced cyber tools on GitHub. The Department of Financial Services (DFS) in 2017 had one of the first prescriptive cybersecurity regulations, which covered not just state-chartered banks, but also insurance companies and other financial institutions. We're pairing regulations, which we believe address critical, absolutely essential elements of a cyber posture. Starting in ‘07 and ‘08 and then accelerating since 2010 and kind of really supercharged in the last five years, you've seen this convergence where no longer are there just one set of groups with these bespoke tools, zero-day attacks, malware which can evade detection, command and control. Because we think that what New York, with the federal government, with the New York Field Office of the FBI, really pioneered after 9/11 is that we're all on the same team.

This Cyber News was published on therecord.media. Publication date: Wed, 26 Mar 2025 16:20:04 +0000