New York will closely monitor the cybersecurity protections in place at institutions in the financial and energy sectors as part of its first statewide cybersecurity strategy.
The strategy, released Wednesday, “provides a framework for aligning the actions and resources of both public and private New York stakeholders so that we can collectively work toward a shared vision for protecting New York,” wrote N.Y. Gov. Kathy Hochul. It includes five strategic pillars for successful implementation, one of which is focused on the regulation of critical industries.
Under that pillar is the financial sector, which is already subject to the 2017 Cybersecurity Regulation enforced by the New York State Department of Financial Services. The law has already resulted in penalties against institutions for failing to implement required controls, including a $4.25 million fine levied upon OneMain Financial Group in May.
The strategy said the state would “continue to build on the success of these cybersecurity regulations through amendments to ensure they keep pace with new threats and technologies, as applicable.”
Regarding the energy sector, the strategy noted the state will partner with electric distribution utilities and the Department of Energy on the implementation of its new law requiring utilities to prepare for cyberattacks in their annual emergency response plans.
Other action items under the strategy include educating companies about how to identify and mitigate cyber and counterintelligence risks, communicating cybersecurity advice and guidance to both residents and businesses, and modernizing state networks based on the principles of zero trust.
The strategy is backed by a $600 million commitment from the state to improve its cyber defenses through unification, resilience, and preparedness.
“These measures will help to level the cybersecurity playing field and ensure New York’s defense is greater than the sum of its parts,” the strategy stated.