NY State Assembly Bill 2015-A6133A

Assembly Bill A6133A

2015-2016 Legislative Session

Requires a comprehensive review of all cyber security services to be performed every five years

download bill text pdf

Archive: Last Bill Status - In Assembly Committee

Introduced
- In Committee Assembly
- In Committee Senate
- On Floor Calendar Assembly
- On Floor Calendar Senate
- Passed Assembly
- Passed Senate
Delivered to Governor
Signed By Governor

Please enter your contact information

First Name

Last Name

Email Address

A valid email address is required.

Home address is used to determine the senate district in which you reside. Your support or opposition to this bill is then shared immediately with the senator who represents you.

Optional services from the NY State Senate:

Create an account. An account allows you to officially support or oppose key legislation, sign petitions with a single click, and follow issues, committees, and bills that matter to you. When you create an account, you agree to this platform's terms of participation.

Include a custom message for your Senator? (Optional)

Enter a message to your senator. Many New Yorkers use this to share the reasoning behind their support or opposition to the bill. Others might share a personal anecdote about how the bill would affect them or people they care about.

Actions

View Actions

	Assembly Actions - Lowercase Senate Actions - UPPERCASE
Jan 20, 2016	print number 6133a
Jan 20, 2016	amend and recommit to governmental operations
Jan 06, 2016	referred to governmental operations
Mar 16, 2015	referred to governmental operations

Bill Amendments

Original

A (Active)

2015-A6133 - Details

See Senate Version of this Bill:: S3405
Current Committee:: Assembly Governmental Operations
Law Section:: Executive Law
Laws Affected:: Add §719, Exec L
Versions Introduced in 2017-2018 Legislative Session:: A3451, S926

2015-A6133 - Summary

Requires a comprehensive review of all cyber security services to be performed every five years.

2015-A6133 - Bill Text download pdf

                            
                    S T A T E   O F   N E W   Y O R K
________________________________________________________________________

                                  6133

                       2015-2016 Regular Sessions

                          I N  A S S E M B L Y

                             March 16, 2015
                               ___________

Introduced  by  M.  of  A.  DenDEKKER  --  read once and referred to the
  Committee on Governmental Operations

AN ACT to amend the executive law,  in  relation  to  a  cyber  security
  report

  THE  PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND ASSEM-
BLY, DO ENACT AS FOLLOWS:

  Section 1. The executive law is amended by adding a new section 719 to
read as follows:
  S 719. QUINQUENNIAL CYBER SECURITY REPORT.   1. THE  COMMISSIONER,  IN
CONSULTATION  WITH  THE  SUPERINTENDENT  OF  THE STATE POLICE, THE CHIEF
INFORMATION OFFICER, AND THE PRESIDENT OF THE CENTER FOR INTERNET  SECU-
RITY,  SHALL  PREPARE  A  REPORT,  TO  BE DELIVERED TO THE GOVERNOR, THE
TEMPORARY PRESIDENT OF THE SENATE, THE  SPEAKER  OF  THE  ASSEMBLY,  THE
CHAIR  OF  THE  SENATE STANDING COMMITTEE ON VETERANS, HOMELAND SECURITY
AND MILITARY AFFAIRS, AND THE CHAIR OF THE ASSEMBLY  STANDING  COMMITTEE
ON GOVERNMENTAL OPERATIONS, ON OR BEFORE THE FIRST DAY OF SEPTEMBER, TWO
THOUSAND FIFTEEN, AND THEN EVERY FIVE YEARS THEREAFTER, WHICH PROVIDES A
COMPREHENSIVE REVIEW OF ALL CYBER SECURITY SERVICES PERFORMED BY, AND ON
BEHALF OF, THE STATE OF NEW YORK.
  2.  THE  REPORT  REQUIRED PURSUANT TO SUBDIVISION ONE OF THIS SECTION,
SHALL INCLUDE A DETAILED ASSESSMENT OF EACH  AND  EVERY  CYBER  SECURITY
NEED  OF  THE STATE OF NEW YORK, INCLUDING BUT NOT LIMITED TO, ITS STATE
AGENCIES AND ITS PUBLIC AUTHORITIES, AND FOR EACH AND EVERY  SUCH  CYBER
SECURITY   NEED   SO   IDENTIFIED,  SHALL  FURTHER  INCLUDE  A  DETAILED
DESCRIPTION OF:
  (A) THE TYPE OF CYBER SECURITY SERVICE USED TO ADDRESS SUCH NEED;
  (B) THE SCOPE OF THE NEED SO ADDRESSED, AS WELL AS THE  SCOPE  OF  THE
SERVICE USED TO ADDRESS SUCH NEED;
  (C) THE COST OF THE SERVICE USED TO ADDRESS SUCH NEED;
  (D)  THE  EFFECTIVENESS  OF THE CYBER SECURITY SERVICE USED TO ADDRESS
SUCH NEED;

 EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets
                      [ ] is old law to be omitted.
                                                           LBD08759-01-5

A. 6133                             2

  (E) THE ENTITY PROVIDING SUCH CYBER SECURITY SERVICE USED  TO  ADDRESS
SUCH NEED;
  (F)  THE  GOVERNMENT, INDUSTRY AND/OR ACADEMICALLY ACCEPTED BEST CYBER
SECURITY PRACTICE FOR ADDRESSING SUCH NEED;
  (G) HOW OTHER STATES, AND THE FEDERAL GOVERNMENT HAVE  ADDRESSED  SUCH
NEED; AND
  (H) HOW PRIVATE SECTOR ENTITIES ADDRESSED SUCH NEED.
  3. DURING THE PREPARATION OF THE REPORT REQUIRED BY SUBDIVISION ONE OF
THIS  SECTION,  AND  AFTER  ITS  DELIVERY  TO  THE PERSONS IDENTIFIED TO
RECEIVE SUCH REPORT, THE COMMISSIONER, THE SUPERINTENDENT OF  THE  STATE
POLICE,  THE  CHIEF INFORMATION OFFICER, AND THE PRESIDENT OF THE CENTER
FOR INTERNET SECURITY, AS WELL AS  THE  DIVISIONS,  OFFICES  AND  CORPO-
RATIONS UNDER THEIR DIRECTION, SHALL PROVIDE TO SUCH PERSONS ENTITLED TO
RECEIVE SUCH REPORT, ANY AND ALL ADDITIONAL INFORMATION SUCH PERSONS MAY
REQUEST, WITH RESPECT TO ANY CYBER SECURITY ISSUE CONCERNING:
  (A)  THE  STATE OF NEW YORK, INCLUDING BUT NOT LIMITED TO, ANY AGENCY,
BOARD, BUREAU, COMMISSION, DEPARTMENT, DIVISION, INSTITUTION, OFFICE, OR
PUBLIC AUTHORITY OF THE STATE;
  (B) ANY LOCAL GOVERNMENT ENTITY, INCLUDING BUT  NOT  LIMITED  TO,  ANY
COUNTY,  TOWN, CITY, VILLAGE, SCHOOL DISTRICT, SPECIAL DISTRICT, AND ANY
AGENCY, BOARD, BUREAU, COMMISSION,  DEPARTMENT,  DIVISION,  INSTITUTION,
OFFICE, OR PUBLIC AUTHORITY OF SUCH LOCAL GOVERNMENT ENTITY;
  (C)  ANY REGULATED ENTITY OF THE STATE OF NEW YORK OR LOCAL GOVERNMENT
ENTITY;
  (D) ANY NOT-FOR-PROFIT CORPORATION IN THE STATE OF NEW YORK;
  (E) ANY PRIVATE SECTOR BUSINESS IN THE STATE OF  NEW  YORK,  INCLUDING
BUT  NOT  LIMITED  TO, A SOLE PROPRIETOR, PARTNERSHIP, LIMITED LIABILITY
COMPANY OR BUSINESS CORPORATION; AND/OR
  (F) ANY CITIZEN OF THE STATE OF NEW YORK.
  4. WHERE COMPLIANCE WITH THIS SECTION SHALL REQUIRE THE DISCLOSURE  OF
CONFIDENTIAL  INFORMATION,  OR  THE  DISCLOSURE OF SENSITIVE INFORMATION
WHICH IN THE JUDGMENT OF THE COMMISSIONER  WOULD  JEOPARDIZE  THE  CYBER
SECURITY OF THE STATE:
  (A)  SUCH  CONFIDENTIAL  OR SENSITIVE INFORMATION SHALL BE PROVIDED TO
THE PERSONS ENTITLED TO RECEIVE THE REPORT AS  PROVIDED  BY  SUBDIVISION
ONE OF THIS SECTION, AS FOLLOWS:
  (I)  IN  THE  CASE  OF  THE REPORT REQUIRED BY SUBDIVISION ONE OF THIS
SECTION, IN THE FORM OF A SUPPLEMENTAL APPENDIX TO THE REPORT; AND
  (II) IN THE CASE OF A RESPONSE TO A REQUEST FOR  INFORMATION  MADE  IN
ACCORDANCE WITH SUBDIVISION THREE OF THIS SECTION, IN A SECURE MANNER AS
DETERMINED BY THE COMMISSIONER;
  (B)  NEITHER  A SUPPLEMENTAL APPENDIX TO THE REPORT, NOR ANY CONFIDEN-
TIAL OR SENSITIVE INFORMATION PROVIDED IN  ACCORDANCE  WITH  SUBDIVISION
THREE  OF  THIS  SECTION,  SHALL  BE POSTED ON THE DIVISION'S WEBSITE AS
REQUIRED BY SUBDIVISION FIVE OF THIS SECTION;
  (C) NEITHER A SUPPLEMENTAL APPENDIX TO THE REPORT, NOR  ANY  CONFIDEN-
TIAL  OR  SENSITIVE  INFORMATION PROVIDED IN ACCORDANCE WITH SUBDIVISION
THREE OF THIS SECTION, SHALL BE SUBJECT TO THE PROVISIONS OF THE FREEDOM
OF INFORMATION LAW PURSUANT TO ARTICLE SIX OF THE PUBLIC  OFFICERS  LAW;
AND
  (D) THE PERSONS ENTITLED TO RECEIVE THE REPORT AS PROVIDED BY SUBDIVI-
SION  ONE OF THIS SECTION, MAY DISCLOSE THE SUPPLEMENTAL APPENDIX TO THE
REPORT, AND  ANY  CONFIDENTIAL  OR  SENSITIVE  INFORMATION  PROVIDED  IN
ACCORDANCE WITH SUBDIVISION THREE OF THIS SECTION, TO THEIR PROFESSIONAL
STAFF,  BUT  SHALL  NOT OTHERWISE PUBLICLY DISCLOSE SUCH CONFIDENTIAL OR
SECURE INFORMATION.

A. 6133                             3

  5. EXCEPT WITH RESPECT TO ANY CONFIDENTIAL OR SENSITIVE INFORMATION AS
DESCRIBED IN SUBDIVISION FOUR OF THIS SECTION, THE DIVISION SHALL POST A
COPY OF THE REPORT PREPARED IN ACCORDANCE WITH SUBDIVISION ONE  OF  THIS
SECTION, ON ITS WEBSITE, NOT MORE THAN FIFTEEN DAYS AFTER SUCH REPORT IS
DELIVERED  TO  THE PERSONS ENTITLED TO RECEIVE SUCH REPORT. THE DIVISION
MAY FURTHER POST ANY AND ALL FURTHER INFORMATION IT MAY  DEEM  APPROPRI-
ATE,  ON  ITS  WEBSITE,  REGARDING CYBER SECURITY, AND THE PROTECTION OF
PUBLIC AND PRIVATE COMPUTER SYSTEMS, NETWORKS, HARDWARE AND SOFTWARE.
  S 2. This act shall take effect immediately.

2015-A6133A (ACTIVE) - Details

See Senate Version of this Bill:: S3405
Current Committee:: Assembly Governmental Operations
Law Section:: Executive Law
Laws Affected:: Add §719, Exec L
Versions Introduced in 2017-2018 Legislative Session:: A3451, S926

2015-A6133A (ACTIVE) - Summary

Requires a comprehensive review of all cyber security services to be performed every five years.

2015-A6133A (ACTIVE) - Bill Text download pdf

                            
                    S T A T E   O F   N E W   Y O R K
________________________________________________________________________

                                 6133--A

                       2015-2016 Regular Sessions

                          I N  A S S E M B L Y

                             March 16, 2015
                               ___________

Introduced  by  M.  of  A.  DenDEKKER  --  read once and referred to the
  Committee on Governmental Operations -- recommitted to  the  Committee
  on  Governmental Operations in accordance with Assembly Rule 3, sec. 2
  -- committee discharged, bill amended, ordered  reprinted  as  amended
  and recommitted to said committee

AN  ACT  to  amend  the  executive  law, in relation to a cyber security
  report

  THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND  ASSEM-
BLY, DO ENACT AS FOLLOWS:

  Section 1. The executive law is amended by adding a new section 719 to
read as follows:
  S  719.  QUINQUENNIAL  CYBER SECURITY REPORT.  1. THE COMMISSIONER, IN
CONSULTATION WITH THE SUPERINTENDENT OF  THE  STATE  POLICE,  THE  CHIEF
INFORMATION  OFFICER, AND THE PRESIDENT OF THE CENTER FOR INTERNET SECU-
RITY, SHALL PREPARE A REPORT, TO  BE  DELIVERED  TO  THE  GOVERNOR,  THE
TEMPORARY  PRESIDENT  OF  THE  SENATE,  THE SPEAKER OF THE ASSEMBLY, THE
CHAIR OF THE SENATE STANDING COMMITTEE ON  VETERANS,  HOMELAND  SECURITY
AND  MILITARY  AFFAIRS, AND THE CHAIR OF THE ASSEMBLY STANDING COMMITTEE
ON GOVERNMENTAL OPERATIONS, ON OR BEFORE THE FIRST DAY OF SEPTEMBER, TWO
THOUSAND SIXTEEN, AND THEN EVERY FIVE YEARS THEREAFTER, WHICH PROVIDES A
COMPREHENSIVE REVIEW OF ALL CYBER SECURITY SERVICES PERFORMED BY, AND ON
BEHALF OF, THE STATE OF NEW YORK.
  2. THE REPORT REQUIRED PURSUANT TO SUBDIVISION ONE  OF  THIS  SECTION,
SHALL  INCLUDE  A  DETAILED  ASSESSMENT OF EACH AND EVERY CYBER SECURITY
NEED OF THE STATE OF NEW YORK, INCLUDING BUT NOT LIMITED TO,  ITS  STATE
AGENCIES  AND  ITS PUBLIC AUTHORITIES, AND FOR EACH AND EVERY SUCH CYBER
SECURITY  NEED  SO  IDENTIFIED,  SHALL  FURTHER   INCLUDE   A   DETAILED
DESCRIPTION OF:
  (A) THE TYPE OF CYBER SECURITY SERVICE USED TO ADDRESS SUCH NEED;
  (B)  THE  SCOPE  OF THE NEED SO ADDRESSED, AS WELL AS THE SCOPE OF THE
SERVICE USED TO ADDRESS SUCH NEED;

 EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets
                      [ ] is old law to be omitted.
                                                           LBD08759-03-6

A. 6133--A                          2

  (C) THE COST OF THE SERVICE USED TO ADDRESS SUCH NEED;
  (D)  THE  EFFECTIVENESS  OF THE CYBER SECURITY SERVICE USED TO ADDRESS
SUCH NEED;
  (E) THE ENTITY PROVIDING SUCH CYBER SECURITY SERVICE USED  TO  ADDRESS
SUCH NEED;
  (F)  THE  GOVERNMENT, INDUSTRY AND/OR ACADEMICALLY ACCEPTED BEST CYBER
SECURITY PRACTICE FOR ADDRESSING SUCH NEED;
  (G) HOW OTHER STATES, AND THE FEDERAL GOVERNMENT HAVE  ADDRESSED  SUCH
NEED; AND
  (H) HOW PRIVATE SECTOR ENTITIES ADDRESSED SUCH NEED.
  3. DURING THE PREPARATION OF THE REPORT REQUIRED BY SUBDIVISION ONE OF
THIS  SECTION,  AND  AFTER  ITS  DELIVERY  TO  THE PERSONS IDENTIFIED TO
RECEIVE SUCH REPORT, THE COMMISSIONER, THE SUPERINTENDENT OF  THE  STATE
POLICE,  THE  CHIEF INFORMATION OFFICER, AND THE PRESIDENT OF THE CENTER
FOR INTERNET SECURITY, AS WELL AS  THE  DIVISIONS,  OFFICES  AND  CORPO-
RATIONS UNDER THEIR DIRECTION, SHALL PROVIDE TO SUCH PERSONS ENTITLED TO
RECEIVE SUCH REPORT, ANY AND ALL ADDITIONAL INFORMATION SUCH PERSONS MAY
REQUEST, WITH RESPECT TO ANY CYBER SECURITY ISSUE CONCERNING:
  (A)  THE  STATE OF NEW YORK, INCLUDING BUT NOT LIMITED TO, ANY AGENCY,
BOARD, BUREAU, COMMISSION, DEPARTMENT, DIVISION, INSTITUTION, OFFICE, OR
PUBLIC AUTHORITY OF THE STATE;
  (B) ANY LOCAL GOVERNMENT ENTITY, INCLUDING BUT  NOT  LIMITED  TO,  ANY
COUNTY,  TOWN, CITY, VILLAGE, SCHOOL DISTRICT, SPECIAL DISTRICT, AND ANY
AGENCY, BOARD, BUREAU, COMMISSION,  DEPARTMENT,  DIVISION,  INSTITUTION,
OFFICE, OR PUBLIC AUTHORITY OF SUCH LOCAL GOVERNMENT ENTITY;
  (C)  ANY REGULATED ENTITY OF THE STATE OF NEW YORK OR LOCAL GOVERNMENT
ENTITY;
  (D) ANY NOT-FOR-PROFIT CORPORATION IN THE STATE OF NEW YORK;
  (E) ANY PRIVATE SECTOR BUSINESS IN THE STATE OF  NEW  YORK,  INCLUDING
BUT  NOT  LIMITED  TO, A SOLE PROPRIETOR, PARTNERSHIP, LIMITED LIABILITY
COMPANY OR BUSINESS CORPORATION; AND/OR
  (F) ANY CITIZEN OF THE STATE OF NEW YORK.
  4. WHERE COMPLIANCE WITH THIS SECTION SHALL REQUIRE THE DISCLOSURE  OF
CONFIDENTIAL  INFORMATION,  OR  THE  DISCLOSURE OF SENSITIVE INFORMATION
WHICH IN THE JUDGMENT OF THE COMMISSIONER  WOULD  JEOPARDIZE  THE  CYBER
SECURITY OF THE STATE:
  (A)  SUCH  CONFIDENTIAL  OR SENSITIVE INFORMATION SHALL BE PROVIDED TO
THE PERSONS ENTITLED TO RECEIVE THE REPORT AS  PROVIDED  BY  SUBDIVISION
ONE OF THIS SECTION, AS FOLLOWS:
  (I)  IN  THE  CASE  OF  THE REPORT REQUIRED BY SUBDIVISION ONE OF THIS
SECTION, IN THE FORM OF A SUPPLEMENTAL APPENDIX TO THE REPORT; AND
  (II) IN THE CASE OF A RESPONSE TO A REQUEST FOR  INFORMATION  MADE  IN
ACCORDANCE WITH SUBDIVISION THREE OF THIS SECTION, IN A SECURE MANNER AS
DETERMINED BY THE COMMISSIONER;
  (B)  NEITHER  A SUPPLEMENTAL APPENDIX TO THE REPORT, NOR ANY CONFIDEN-
TIAL OR SENSITIVE INFORMATION PROVIDED IN  ACCORDANCE  WITH  SUBDIVISION
THREE  OF  THIS  SECTION,  SHALL  BE POSTED ON THE DIVISION'S WEBSITE AS
REQUIRED BY SUBDIVISION FIVE OF THIS SECTION;
  (C) NEITHER A SUPPLEMENTAL APPENDIX TO THE REPORT, NOR  ANY  CONFIDEN-
TIAL  OR  SENSITIVE  INFORMATION PROVIDED IN ACCORDANCE WITH SUBDIVISION
THREE OF THIS SECTION, SHALL BE SUBJECT TO THE PROVISIONS OF THE FREEDOM
OF INFORMATION LAW PURSUANT TO ARTICLE SIX OF THE PUBLIC  OFFICERS  LAW;
AND
  (D) THE PERSONS ENTITLED TO RECEIVE THE REPORT AS PROVIDED BY SUBDIVI-
SION  ONE OF THIS SECTION, MAY DISCLOSE THE SUPPLEMENTAL APPENDIX TO THE
REPORT, AND  ANY  CONFIDENTIAL  OR  SENSITIVE  INFORMATION  PROVIDED  IN

A. 6133--A                          3

ACCORDANCE WITH SUBDIVISION THREE OF THIS SECTION, TO THEIR PROFESSIONAL
STAFF,  BUT  SHALL  NOT OTHERWISE PUBLICLY DISCLOSE SUCH CONFIDENTIAL OR
SECURE INFORMATION.
  5. EXCEPT WITH RESPECT TO ANY CONFIDENTIAL OR SENSITIVE INFORMATION AS
DESCRIBED IN SUBDIVISION FOUR OF THIS SECTION, THE DIVISION SHALL POST A
COPY  OF  THE REPORT PREPARED IN ACCORDANCE WITH SUBDIVISION ONE OF THIS
SECTION, ON ITS WEBSITE, NOT MORE THAN FIFTEEN DAYS AFTER SUCH REPORT IS
DELIVERED TO THE PERSONS ENTITLED TO RECEIVE SUCH REPORT.  THE  DIVISION
MAY  FURTHER  POST ANY AND ALL FURTHER INFORMATION IT MAY DEEM APPROPRI-
ATE, ON ITS WEBSITE, REGARDING CYBER SECURITY,  AND  THE  PROTECTION  OF
PUBLIC AND PRIVATE COMPUTER SYSTEMS, NETWORKS, HARDWARE AND SOFTWARE.
  S 2. This act shall take effect immediately.

Comments

Open Legislation is a forum for New York State legislation. All comments are subject to review and community moderation is encouraged.

Comments deemed off-topic, commercial, campaign-related, self-promotional; or that contain profanity, hate or toxic speech; or that link to sites outside of the nysenate.gov domain are not permitted, and will not be published. Attempts to intimidate and silence contributors or deliberately deceive the public, including excessive or extraneous posting/posts, or coordinated activity, are prohibited and may result in the temporary or permanent banning of the user. Comment moderation is generally performed Monday through Friday. By contributing or voting you agree to the Terms of Participation and verify you are over 13.

Create an account. An account allows you to sign petitions with a single click, officially support or oppose key legislation, and follow issues, committees, and bills that matter to you. When you create an account, you agree to this platform's terms of participation.