NY State Senate Bill 2017-S5946A

Archive: Last Bill Status - In Senate Committee Finance Committee

Introduced
- In Committee Assembly
- In Committee Senate
- On Floor Calendar Assembly
- On Floor Calendar Senate
- Passed Assembly
- Passed Senate
Delivered to Governor
Signed By Governor

Please enter your contact information

First Name

Last Name

Email Address

A valid email address is required.

Home address is used to determine the senate district in which you reside. Your support or opposition to this bill is then shared immediately with the senator who represents you.

Optional services from the NY State Senate:

Create an account. An account allows you to officially support or oppose key legislation, sign petitions with a single click, and follow issues, committees, and bills that matter to you. When you create an account, you agree to this platform's terms of participation.

Include a custom message for your Senator? (Optional)

Enter a message to your senator. Many New Yorkers use this to share the reasoning behind their support or opposition to the bill. Others might share a personal anecdote about how the bill would affect them or people they care about.

Actions

View Actions

	Assembly Actions - Lowercase Senate Actions - UPPERCASE
Jan 22, 2018	reported and committed to finance
Jan 16, 2018	print number 5946a
Jan 16, 2018	amend and recommit to veterans, homeland security and military affairs
Jan 03, 2018	referred to veterans, homeland security and military affairs returned to senate died in assembly
Jun 13, 2017	referred to governmental operations delivered to assembly passed senate
May 17, 2017	advanced to third reading
May 16, 2017	2nd report cal.
May 15, 2017	1st report cal.928
May 08, 2017	referred to veterans, homeland security and military affairs

Votes

- Jun 13, 2017 - Floor Vote
  S5946A
  
  63
  
  Aye
  
  0
  
  Nay
  
  0
  
  Absent
  
  0
  
  Excused
  
  0
  
  Abstained
  - - Floor Vote: Jun 13, 2017
      
      aye (63)
      
      Addabbo Jr.
      
      Akshar
      
      Alcantara
      
      Amedore
      
      Avella
      
      Bailey
      
      Benjamin
      
      Bonacic
      
      Boyle
      
      Breslin
      
      Brooks
      
      Carlucci
      
      Comrie
      
      Croci
      
      DeFrancisco
      
      Diaz
      
      Dilan
      
      Felder
      
      Flanagan
      
      Funke
      
      Gallivan
      
      Gianaris
      
      Golden
      
      Griffo
      
      Hamilton
      
      Hannon
      
      Helming
      
      Hoylman-Sigal
      
      Jacobs
      
      Kaminsky
      
      Kennedy
      
      Klein
      
      Krueger
      
      LaValle
      
      Lanza
      
      Larkin
      
      Latimer
      
      Little
      
      Marcellino
      
      Marchione
      
      Montgomery
      
      Murphy
      
      O'Mara
      
      Ortt
      
      Parker
      
      Peralta
      
      Persaud
      
      Phillips
      
      Ranzenhofer
      
      Ritchie
      
      Rivera
      
      Robach
      
      Sanders Jr.
      
      Savino
      
      Serino
      
      Serrano
      
      Seward
      
      Squadron
      
      Stavisky
      
      Stewart-Cousins
      
      Tedisco
      
      Valesky
      
      Young
  Jan 22, 2018 - Veterans, Homeland Security And Military Affairs Committee Vote
  S5946A
  
  12
  
  Aye
  
  0
  
  Nay
  
  1
  
  Aye with Reservations
  
  0
  
  Absent
  
  0
  
  Excused
  
  0
  
  Abstained
  - - Veterans, Homeland Security And Military Affairs Committee Vote: Jan 22, 2018
      
      aye (12)
      
      Addabbo Jr.
      
      Amedore
      
      Carlucci
      
      Comrie
      
      Croci
      
      Felder
      
      Golden
      
      Jacobs
      
      Kaminsky
      
      Larkin
      
      Marchione
      
      Ortt
      
      aye wr (1)
      
      Sanders Jr.
  May 15, 2017 - Veterans, Homeland Security And Military Affairs Committee Vote
  S5946A
  
  13
  
  Aye
  
  0
  
  Nay
  
  0
  
  Aye with Reservations
  
  0
  
  Absent
  
  0
  
  Excused
  
  0
  
  Abstained
  - - Veterans, Homeland Security And Military Affairs Committee Vote: May 15, 2017
      
      aye (13)
      
      Addabbo Jr.
      
      Amedore
      
      Carlucci
      
      Comrie
      
      Croci
      
      Felder
      
      Golden
      
      Jacobs
      
      Kaminsky
      
      Larkin
      
      Marchione
      
      Ortt
      
      Sanders Jr.

Bill Amendments

Original

A (Active)

2017-S5946 - Details

See Assembly Version of this Bill:: A8501
Current Committee:: Senate Finance
Law Section:: Executive Law
Laws Affected:: Add §719, Exec L
Versions Introduced in 2019-2020 Legislative Session:: A291

2017-S5946 - Summary

Directs the commissioner of the division of homeland security and emergency services to work with other experts who maintain experience and knowledge in the area of cyber security to develop a cyber security action plan for New York state.

2017-S5946 - Sponsor Memo

                                 BILL NUMBER:  S5946

 TITLE OF BILL :

An act to amend the executive law, in relation to a cyber security
action plan

 PURPOSE :

To develop a cyber security action plan that will create a
comprehensive and effective strategy to provide meaningful cyber
security for New York, its state agencies, its public authorities, its
assets, its infrastructure, its local governments, its private sector
businesses, its not-for-profit corporations and individuals.

 SUMMARY OF SPECIFIC PROVISIONS :

Section one amends the executive law by adding a new section 719,
requiring the development of a cyber security action plan, with
findings and recommendations to be reported to the Legislature and the
Governor.

The team comprising the cyber security action plan, will make
recommendations regarding the establishment of a new state office of
cyber security. They will also make recommendations to create, within
the new office of cyber security, a cyber security defense unit, cyber

incident response teams, and a cyber education and attack prevention
unit. This section also requires the state office to submit an annual
report and permits the division of homeland security and emergency
services to charge non-governmental entities for the reasonable cost
of services.

Section two is the effective date.

 JUSTIFICATION :

According to such entities as the United States Department of Homeland
Security, Interpol and the New York State White Collar Crime Task
Force, cybercrime is a pervasive and rapidly expanding threat. New
York state is particularly at risk to cybercrime due to its status as
a global hub of international business and commerce. As, most major
national and international banks, insurance companies and brokerage
houses also have headquarters or a significant presence within the
state, such present a particularly attractive target to those who wish
to engage in cyber crime or cyber terrorism.

Through the development of a cyber security action plan, the state of
New York can adequately and effectively prevent, respond to, and
recover from cyber attacks. Each of the units and teams established
pursuant to the cyber security action plan will maintain critical
roles in providing cyber security for the state. The defense unit and
response teams will be assigned the mission of using and developing
software, hardware and protocols to prevent unauthorized invasions,
hacking and attacks, and develop response activities, procedures, and
protocols to any such invasion or attack on any state computer network
or system. In addition, the mission of the response teams will be to
respond to and assist the targeted entity in the recovery from a cyber
attack. The education and prevention unit will help educate
governmental and non-governmental entities through instruction,
informational programs, and/or instructional or informational
material. This bill will significantly diminish current cyber
vulnerabilities within the state and effectively prepare entities
against cyber attacks.

 PRIOR LEGISLATIVE HISTORY :

New Bill.

 FISCAL IMPLICATIONS :

To be determined.

 EFFECTIVE DATE :
This act shall take effect immediately.

2017-S5946 - Bill Text download pdf

                            
 
                     S T A T E   O F   N E W   Y O R K
 ________________________________________________________________________
 
                                   5946
 
                        2017-2018 Regular Sessions
 
                             I N  S E N A T E
 
                                May 8, 2017
                                ___________
 
 Introduced  by  Sen.  CROCI  -- read twice and ordered printed, and when
   printed to be committed to the Committee on Veterans, Homeland Securi-
   ty and Military Affairs
 
 AN ACT to amend the executive law,  in  relation  to  a  cyber  security
   action plan
 
   THE  PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND ASSEM-
 BLY, DO ENACT AS FOLLOWS:
 
   Section 1.  The executive law is amended by adding a new  section  719
 to read as follows:
   §  719. CYBER SECURITY. 1. CYBER SECURITY ACTION PLAN. THE COMMISSION-
 ER, IN CONSULTATION WITH THE CHIEF INFORMATION OFFICER OF THE OFFICE  OF
 INFORMATION  TECHNOLOGY, THE SUPERINTENDENT OF STATE POLICE, THE COMMIS-
 SIONER OF GENERAL SERVICES, THE SUPERINTENDENT  OF  FINANCIAL  SERVICES,
 THE  OFFICE  OF  THE  STATE COMPTROLLER, AND SUCH OTHER EXPERTS FROM THE
 PUBLIC, PRIVATE AND NOT-FOR-PROFIT SECTORS WHO MAINTAIN  EXPERIENCE  AND
 KNOWLEDGE  IN  THE  AREA  OF  CYBER  SECURITY  AS THE COMMISSIONER DEEMS
 PRUDENT, SHALL DEVELOP A CYBER SECURITY ACTION PLAN FOR NEW YORK  STATE.
 THE  PLAN SHALL MAKE RECOMMENDATIONS TO THE GOVERNOR AND THE LEGISLATURE
 REGARDING THE ESTABLISHMENT OF A NEW STATE  OFFICE  OF  CYBER  SECURITY,
 UNDER  THE  COMMAND AND CONTROL OF THE COMMISSIONER AND WITHIN THE DIVI-
 SION, INCLUDING IDENTIFYING SUCH BUREAUS,  RESPONSIBILITIES  AND  DUTIES
 THAT  SHOULD  BE  CONTAINED AND PERFORMED WITHIN SUCH OFFICE, THE BUDGET
 AND PERSONNEL NECESSARY TO ESTABLISH SUCH OFFICE, AND THE SITE LOCATIONS
 AT WHICH SUCH OFFICE SHOULD BE SITUATED. THE PURPOSE OF THE  PLAN  SHALL
 BE TO DEVELOP A COMPREHENSIVE AND EFFECTIVE STRATEGY TO PROVIDE MEANING-
 FUL  CYBER  SECURITY  FOR THE STATE OF NEW YORK, ITS STATE AGENCIES, ITS
 PUBLIC AUTHORITIES, ITS ASSETS, ITS INFRASTRUCTURE,  ITS  LOCAL  GOVERN-
 MENTS,  AND  ITS  PRIVATE SECTOR BUSINESSES, NOT-FOR-PROFIT CORPORATIONS
 AND INDIVIDUALS.
   2. CYBER SECURITY DEFENSE UNIT. THE CYBER SECURITY ACTION PLAN  ESTAB-
 LISHED  PURSUANT  TO  SUBDIVISION ONE OF THIS SECTION SHALL FURTHER MAKE
 
  EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets
                       [ ] is old law to be omitted.

                                                            LBD11004-01-7

 S. 5946                             2
 
 RECOMMENDATIONS TO THE GOVERNOR AND THE LEGISLATURE  ON  THE  ESTABLISH-
 MENT,  WITHIN  THE OFFICE OF CYBER SECURITY, OF A CYBER SECURITY DEFENSE
 UNIT. THE CYBER SECURITY ACTION PLAN SHALL DETAIL HOW THE CYBER SECURITY
 DEFENSE  UNIT,  WOULD  CONSIST OF SUCH PERSONS AS THE COMMISSIONER DEEMS
 NECESSARY TO PERFORM ITS MISSION. THE CYBER SECURITY ACTION  PLAN  SHALL
 FURTHER DETAIL THE MISSION OF THE CYBER SECURITY DEFENSE UNIT, WITH SUCH
 MISSION  BEING  TO  HELP  PREVENT,  RESPOND  TO,  AND RECOVER FROM CYBER
 ATTACKS TARGETED AGAINST THE STATE, ITS ASSETS, AND ITS  INFRASTRUCTURE,
 TOGETHER  WITH SUCH OTHER AND FURTHER DUTIES AND RESPONSIBILITIES AS THE
 CYBER SECURITY ACTION PLAN MAY ADDITIONALLY PRESCRIBE.  THE CYBER  SECU-
 RITY  ACTION  PLAN  SHALL FURTHER DETAIL THAT THE PERSONNEL OF THE CYBER
 SECURITY DEFENSE UNIT MUST BE EXPERT IN COMPUTER AND  PROGRAMMING  TECH-
 NOLOGY  SO  AS  TO PREVENT AND RESPOND TO UNAUTHORIZED INVASION, HACKING
 AND ATTACKS AGAINST COMPUTER NETWORKS, SYSTEMS, DATABASES, AND  INFORMA-
 TION  STORAGE.  THE  CYBER SECURITY ACTION PLAN SHALL FURTHER DETAIL HOW
 THE PERSONNEL OF THE CYBER SECURITY DEFENSE UNIT  MUST  HAVE  BACKGROUND
 AND  EXPERIENCE  IN  COMPUTER, SYSTEM AND NETWORK OPERATIONS AND VULNER-
 ABILITIES, PROGRAMMING CODE, DATA RECOVERY  AND  CYBER  SECURITY.    THE
 CYBER  SECURITY  ACTION PLAN SHALL ALSO PROVIDE THAT, IN ADDITION TO ANY
 OTHER TASKS THE COMMISSIONER MAY  WISH  TO  ASSIGN  THE  CYBER  SECURITY
 DEFENSE  UNIT,  THAT  SUCH  CYBER  SECURITY  DEFENSE  UNIT SHALL ALSO BE
 ASSIGNED THE MISSION OF USING AND  DEVELOPING  SOFTWARE,  HARDWARE,  AND
 PROTOCOLS  TO  PREVENT SUCH UNAUTHORIZED INVASIONS, HACKING AND ATTACKS,
 AND TO DEVELOP RESPONSE ACTIVITIES, PROCEDURES, AND PROTOCOLS TO ADDRESS
 ANY SUCH INVASION, HACKING OR ATTACK  ON  ANY  STATE  COMPUTER  NETWORK,
 SYSTEM,  DATABASE, AND/OR INFORMATION STORAGE. THE CYBER SECURITY ACTION
 PLAN SHALL FURTHER DETAIL HOW THE CYBER  SECURITY  DEFENSE  UNIT  SHOULD
 INTERACT  AND  DEPLOY  THE  USE  OF  OTHER CYBER EXPERTS, EDUCATORS, LAW
 ENFORCEMENT, INTELLIGENCE EXPERTS, AND OTHER PUBLIC AND  PRIVATE  SECTOR
 ENTITIES TO ASSIST IT IN THE PERFORMANCE OF ITS MISSION.
   3.  CYBER  INCIDENT  RESPONSE  TEAMS.  THE  CYBER SECURITY ACTION PLAN
 ESTABLISHED PURSUANT TO SUBDIVISION ONE OF THIS  SECTION  SHALL  FURTHER
 MAKE  RECOMMENDATIONS  TO THE GOVERNOR AND THE LEGISLATURE ON THE ESTAB-
 LISHMENT, WITHIN THE OFFICE OF CYBER SECURITY, OF A GROUP OF CYBER INCI-
 DENT RESPONSE TEAMS. THE CYBER SECURITY ACTION PLAN SHALL DETAIL HOW THE
 CYBER INCIDENT RESPONSE TEAMS WOULD  CONSIST  OF  SUCH  PERSONS  AS  THE
 COMMISSIONER  DEEMS NECESSARY TO PERFORM ITS MISSION. THE CYBER SECURITY
 ACTION PLAN SHALL FURTHER DETAIL  THE  MISSION  OF  THE  CYBER  INCIDENT
 RESPONSE TEAMS, WITH SUCH MISSION BEING TO HELP PREVENT, RESPOND TO, AND
 RECOVER  FROM,  CYBER  ATTACKS  TARGETED  AGAINST STATE ENTITIES, PUBLIC
 AUTHORITIES, LOCAL GOVERNMENTS, AND/OR PRIVATE SECTOR  BUSINESSES,  NOT-
 FOR-PROFIT  CORPORATIONS  AND  INDIVIDUALS, TOGETHER WITH SUCH OTHER AND
 FURTHER DUTIES AND RESPONSIBILITIES AS THE CYBER  SECURITY  ACTION  PLAN
 MAY  ADDITIONALLY  PRESCRIBE.    THE  CYBER  SECURITY  ACTION PLAN SHALL
 FURTHER DETAIL THAT THE PERSONNEL OF THE CYBER INCIDENT  RESPONSE  TEAMS
 MUST  BE  EXPERT IN COMPUTER AND PROGRAMMING TECHNOLOGY SO AS TO PREVENT
 AND RESPOND TO AN UNAUTHORIZED INVASION,  HACKING  AND  ATTACKS  AGAINST
 COMPUTER  NETWORKS,  SYSTEMS,  DATABASES,  AND  INFORMATION STORAGE. THE
 CYBER SECURITY ACTION PLAN SHALL ADDITIONALLY DETAIL HOW  THE  PERSONNEL
 OF THE CYBER INCIDENT RESPONSE TEAMS MUST HAVE BACKGROUND AND EXPERIENCE
 IN COMPUTER, SYSTEM AND NETWORK OPERATIONS AND VULNERABILITIES, PROGRAM-
 MING  CODE,  DATA RECOVERY AND CYBER SECURITY. THE CYBER SECURITY ACTION
 PLAN SHALL ALSO PROVIDE, IN ADDITION TO ANY OTHER TASKS THE COMMISSIONER
 MAY WISH TO ASSIGN THE CYBER INCIDENT RESPONSE TEAMS,  THAT  SUCH  CYBER
 INCIDENT  RESPONSE TEAMS SHALL ALSO BE ASSIGNED THE MISSION OF USING AND
 DEVELOPING SOFTWARE, HARDWARE, AND PROTOCOLS TO PREVENT  SUCH  UNAUTHOR-

 S. 5946                             3
 
 IZED INVASIONS, HACKING AND ATTACKS, AND TO DEVELOP RESPONSE ACTIVITIES,
 PROCEDURES,  AND  PROTOCOLS  TO  ADDRESS  ANY  SUCH INVASION, HACKING OR
 ATTACK ON ANY STATE COMPUTER NETWORK, SYSTEM, DATABASE, AND/OR  INFORMA-
 TION STORAGE.  THE CYBER SECURITY ACTION PLAN SHALL ALSO PROVIDE THAT IT
 WOULD  FURTHER  BE  THE  MISSION OF EACH CYBER INCIDENT RESPONSE TEAM TO
 RESPOND TO, AND HELP THE TARGETED ENTITY TO RECOVER  FROM,  CYBER  INVA-
 SION,  HACKING  AND  ATTACKS.  THE CYBER SECURITY ACTION PLAN SHALL ALSO
 PROVIDE THAT WITHIN RESOURCES AVAILABLE, THE COMMISSIONER MAY  DEPLOY  A
 CYBER  INCIDENT RESPONSE TEAM TO A STATE ENTITY, PUBLIC AUTHORITY, LOCAL
 GOVERNMENT, PRIVATE SECTOR BUSINESS, OR NOT-FOR-PROFIT CORPORATION  THAT
 HAS  EXPERIENCED  A CYBER ATTACK, TO PROMOTE AND ASSIST IN SUCH ENTITY'S
 RESPONSE AND RECOVERY EFFORTS. THE  CYBER  SECURITY  ACTION  PLAN  SHALL
 FURTHER  DETAIL HOW THE CYBER INCIDENT RESPONSE TEAM SHOULD INTERACT AND
 DEPLOY THE USE OF  OTHER  CYBER  EXPERTS,  EDUCATORS,  LAW  ENFORCEMENT,
 INTELLIGENCE  EXPERTS,  AND  OTHER PUBLIC AND PRIVATE SECTOR ENTITIES TO
 ASSIST THEM IN THE PERFORMANCE OF THEIR MISSION.
   4. CYBER EDUCATION AND ATTACK PREVENTION. THE  CYBER  SECURITY  ACTION
 PLAN  ESTABLISHED  PURSUANT  TO  SUBDIVISION  ONE  OF THIS SECTION SHALL
 FURTHER MAKE RECOMMENDATIONS TO THE GOVERNOR AND THE LEGISLATURE ON  THE
 ESTABLISHMENT, WITHIN THE OFFICE OF CYBER SECURITY, OF A CYBER EDUCATION
 AND ATTACK PREVENTION UNIT TO ASSIST STATE AGENCIES, PUBLIC AUTHORITIES,
 LOCAL  GOVERNMENTS,  AND/OR  PRIVATE  SECTOR  BUSINESSES, NOT-FOR-PROFIT
 CORPORATIONS AND INDIVIDUALS.  THE  CYBER  SECURITY  ACTION  PLAN  SHALL
 DETAIL  HOW THE CYBER EDUCATION AND ATTACK PREVENTION UNIT WOULD CONSIST
 OF SUCH PERSONS AS THE  COMMISSIONER  DEEMS  NECESSARY  TO  PERFORM  ITS
 MISSION. THE CYBER SECURITY ACTION PLAN SHALL FURTHER DETAIL THE MISSION
 OF  THE  CYBER  EDUCATION  AND ATTACK PREVENTION UNIT, WITH SUCH MISSION
 BEING TO HELP EDUCATE STATE AGENCIES, PUBLIC AUTHORITIES, LOCAL  GOVERN-
 MENTS, AND/OR PRIVATE SECTOR BUSINESSES, NOT-FOR-PROFIT CORPORATIONS AND
 INDIVIDUALS  ON  HOW  TO PREVENT AND RESPOND TO A CYBER ATTACK, TOGETHER
 WITH SUCH OTHER AND FURTHER DUTIES AND  RESPONSIBILITIES  AS  THE  CYBER
 SECURITY  ACTION  PLAN  MAY  ADDITIONALLY  PRESCRIBE. THE CYBER SECURITY
 ACTION PLAN SHALL FURTHER DETAIL THAT THE COMMISSIONER MAY DEPLOY WITHIN
 RESOURCES AVAILABLE THE CYBER EDUCATION AND ATTACK  PREVENTION  UNIT  TO
 STATE  AGENCIES,  PUBLIC  AUTHORITIES, LOCAL GOVERNMENTS, PRIVATE SECTOR
 BUSINESSES,  AND/OR  NOT-FOR-PROFIT  CORPORATIONS,  TO  EDUCATE   AND/OR
 INSTRUCT  SUCH  ENTITIES,  HOLD  INFORMATIONAL  PROGRAMS, AND/OR PROVIDE
 INSTRUCTIONAL OR INFORMATIONAL MATERIALS. THE CYBER SECURITY ACTION PLAN
 SHALL FURTHER DETAIL HOW THE CYBER EDUCATION AND ATTACK PREVENTION  UNIT
 SHOULD  INTERACT  AND  DEPLOY THE USE OF OTHER CYBER EXPERTS, EDUCATORS,
 LAW ENFORCEMENT, INTELLIGENCE EXPERTS,  AND  OTHER  PUBLIC  AND  PRIVATE
 SECTOR ENTITIES TO ASSIST IT IN THE PERFORMANCE OF ITS MISSION.
   5.  REPORTING OF CYBER ENTITIES. THE CYBER SECURITY ACTION PLAN ESTAB-
 LISHED PURSUANT TO SUBDIVISION ONE OF THIS SECTION  SHALL  FURTHER  MAKE
 RECOMMENDATIONS  ON THE REPORTING OF THE NEW STATE OFFICE OF CYBER SECU-
 RITY. THE CYBER SECURITY ACTION PLAN SHALL  FURTHER  REQUIRE  THAT  SUCH
 REPORTING SHOULD CONTAIN A REQUIREMENT THAT ON OR BEFORE DECEMBER FIRST,
 TWO  THOUSAND EIGHTEEN, AND THEN EVERY YEAR THEREAFTER, THAT THE COMMIS-
 SIONER SHALL SUBMIT A REPORT TO THE GOVERNOR, THE SPEAKER OF THE  ASSEM-
 BLY,  THE  TEMPORARY  PRESIDENT  OF  THE SENATE, THE CHAIR OF THE SENATE
 STANDING COMMITTEE ON VETERANS, HOMELAND SECURITY AND MILITARY  AFFAIRS,
 AND  THE  CHAIR OF THE ASSEMBLY STANDING COMMITTEE ON GOVERNMENTAL OPER-
 ATIONS, WHICH PROVIDES A COMPREHENSIVE REVIEW DETAILING ALL  THE  ACTIV-
 ITIES AND OPERATIONS OF THE OFFICE OF CYBER SECURITY, THE CYBER SECURITY
 DEFENSE  UNIT, THE CYBER INCIDENT RESPONSE TEAMS AND THE CYBER EDUCATION
 AND ATTACK PREVENTION UNIT, DURING THE PAST  YEAR.  THE  CYBER  SECURITY

 S. 5946                             4
 
 ACTION  PLAN  SHALL  FURTHER  PROVIDE  THAT WHERE COMPLIANCE WITH SUCH A
 REPORT WOULD REQUIRE THE DISCLOSURE OF CONFIDENTIAL INFORMATION, OR  THE
 DISCLOSURE  OF  SENSITIVE  INFORMATION  WHICH  IN  THE  JUDGEMENT OF THE
 COMMISSIONER WOULD JEOPARDIZE THE CYBER SECURITY OF THE STATE, THEN SUCH
 CONFIDENTIAL  OR  SENSITIVE INFORMATION SHALL BE PROVIDED TO THE PERSONS
 ENTITLED TO RECEIVE THE REPORT, IN THE FORM OF A  SUPPLEMENTAL  APPENDIX
 TO  THE REPORT, AND THAT SUCH SUPPLEMENTAL APPENDIX TO THE REPORT, SHALL
 NOT BE SUBJECT TO THE PROVISIONS  OF  THE  FREEDOM  OF  INFORMATION  LAW
 PURSUANT  TO  ARTICLE  SIX  OF THE PUBLIC OFFICERS LAW, AND ALTHOUGH THE
 PERSONS ENTITLED TO RECEIVE THE REPORT  MAY  DISCLOSE  THE  SUPPLEMENTAL
 APPENDIX  TO  THE  REPORT  TO  THEIR  PROFESSIONAL STAFF, THEY SHALL NOT
 OTHERWISE PUBLICLY DISCLOSE SUCH CONFIDENTIAL OR SECURE INFORMATION. THE
 CYBER SECURITY ACTION PLAN SHALL FURTHER PROVIDE THAT, EXCEPT  WITH  THE
 RESPECT  TO  ANY  CONFIDENTIAL OR SENSITIVE INFORMATION CONTAINED IN THE
 SUPPLEMENTAL APPENDIX TO THE REPORT, THE COMMISSIONER SHALL DIRECT  THAT
 A COPY OF THE REPORT SHALL BE POSTED ON THE DIVISION'S WEBSITE, NOT MORE
 THAN FIFTEEN DAYS AFTER SUCH REPORT IS DELIVERED TO THE PERSONS ENTITLED
 TO  RECEIVE  SUCH  REPORT. THE CYBER SECURITY ACTION PLAN SHOULD FURTHER
 PROVIDE THAT THE DIVISION MAY FURTHER POST ANY AND ALL ADDITIONAL INFOR-
 MATION IT MAY DEEM APPROPRIATE, ON ITS WEBSITE, REGARDING CYBER  SECURI-
 TY, AND THE PROTECTION OF PUBLIC AND PRIVATE COMPUTER SYSTEMS, NETWORKS,
 HARDWARE AND SOFTWARE.
   6.  REIMBURSEMENT FOR COST OF SERVICE.  THE CYBER SECURITY ACTION PLAN
 ESTABLISHED PURSUANT TO SUBDIVISION ONE OF THIS  SECTION  SHALL  FURTHER
 MAKE  RECOMMENDATIONS  WITH RESPECT TO THE DIVISION CHARGING NON-GOVERN-
 MENTAL ENTITIES FOR THE REASONABLE COST OF THE SERVICES PROVIDED BY  THE
 CYBER  SECURITY  INCIDENT  RESPONSE  TEAMS  AND  THE CYBER EDUCATION AND
 ATTACK PREVENTION UNIT.  THE CYBER SECURITY ACTION  PLAN  SHALL  FURTHER
 DETAIL HOW THE PROCEEDS FROM THE CHARGING FOR SUCH COSTS SHALL BE DEPOS-
 ITED  WITH  THE STATE COMPTROLLER INTO A CYBER SECURITY SUPPORT SERVICES
 ACCOUNT, OF WHICH THE COMPTROLLER WOULD HAVE CUSTODY. THE CYBER SECURITY
 ACTION PLAN SHALL ADDITIONALLY DETAIL HOW THE COMPTROLLER  MAY  DISBURSE
 MONIES HELD IN SUCH CYBER SECURITY ACCOUNT FOR THE PURPOSES OF PROVIDING
 SUPPLEMENTAL  FUNDS  FOR  THE OPERATION OF THE NEW STATE OFFICE OF CYBER
 SECURITY.
   7. TIMING OF CYBER SECURITY  ACTION  PLAN.  THE  COMMISSIONER,  ON  OR
 BEFORE  DECEMBER FIRST, TWO THOUSAND SEVENTEEN, SHALL  DELIVER A COPY OF
 THE CYBER SECURITY ACTION PLAN REQUIRED TO BE PRODUCED BY THIS  SECTION,
 TO  THE  THE GOVERNOR, THE SPEAKER OF THE ASSEMBLY, THE TEMPORARY PRESI-
 DENT OF THE SENATE, THE CHAIR OF THE SENATE STANDING COMMITTEE ON VETER-
 ANS, HOMELAND SECURITY AND MILITARY AFFAIRS, AND THE CHAIR OF THE ASSEM-
 BLY STANDING COMMITTEE ON GOVERNMENTAL OPERATIONS.
   § 2. This act shall take effect immediately.

co-Sponsors

2017-S5946A (ACTIVE) - Details

See Assembly Version of this Bill:: A8501
Current Committee:: Senate Finance
Law Section:: Executive Law
Laws Affected:: Add §719, Exec L
Versions Introduced in 2019-2020 Legislative Session:: A291

2017-S5946A (ACTIVE) - Summary

2017-S5946A (ACTIVE) - Sponsor Memo

                                
 
BILL NUMBER: S5946A

SPONSOR: CROCI
 
TITLE OF BILL:

An act to amend the executive law, in relation to a cyber security
action plan

 
PURPOSE:

To develop a cyber security action plan that will create a comprehensive
and effective strategy to provide meaningful cyber security for New
York, its state agencies, its public authorities, its assets, its
infrastructure, its local governments, its private sector businesses,
its not-for-profit corporations and individuals.

 
SUMMARY OF SPECIFIC PROVISIONS:

Section one amends the executive law by adding a new section 719,
requiring the development of a cyber security action plan, with findings
and recommendations to be reported to the Legislature and the Governor.

The team comprising the cyber security action plan, will make recommen-
dations regarding the establishment of a new state office of cyber secu-
rity. They will also make recommendations to create, within the new
office of cyber security, a cyber security defense unit, cyber incident
response teams, and a cyber education and attack prevention unit. This
section also requires the state office to submit an annual report and
permits the division of homeland security and emergency services to
charge non-governmental entities for the reasonable cost of services.

Section two is the effective date.

 
JUSTIFICATION:

According to such entities as the United States Department of Homeland
Security, Interpol and the New York State White Collar Crime Task Force,
cybercrime is a pervasive and rapidly expanding threat. New York state
is particularly at risk to cybercrime due to its status as a global hub
of international business and commerce. As, most major national and
international banks, insurance companies and brokerage houses also have
headquarters or a significant presence within the state, such present a
particularly attractive target to those who wish to engage in cyber
crime or cyber terrorism.

Through the development of a cyber security action plan, the state of
New York can adequately and effectively prevent, respond to, and recover
from cyber attacks. Each of the units and teams established pursuant to
the cyber security action plan will maintain critical roles in providing
cyber security for the state. The defense unit and response teams will
be assigned the mission of using and developing software, hardware and
protocols to prevent unauthorized invasions, hacking and attacks, and
develop response activities, procedures, and protocols to any such inva-
sion or attack on any state computer network or system. In addition, the
mission of the response teams will be to respond to and assist the
targeted entity in the recovery from a cyber attack. The education and
prevention unit will help educate governmental and non-governmental
entities through instruction, informational programs, and/or instruc-
tional or informational material. This bill will significantly diminish
current cyber vulnerabilities within the state and effectively prepare
entities against cyber attacks.

 
PRIOR LEGISLATIVE HISTORY:

New Bill.

 
FISCAL IMPLICATIONS:

To be determined.

 
EFFECTIVE DATE:
This act shall take effect immediately.

2017-S5946A (ACTIVE) - Bill Text download pdf

                            
 
                     S T A T E   O F   N E W   Y O R K
 ________________________________________________________________________
 
                                  5946--A
 
                        2017-2018 Regular Sessions
 
                             I N  S E N A T E
 
                                May 8, 2017
                                ___________
 
 Introduced  by  Sen.  CROCI  -- read twice and ordered printed, and when
   printed to be committed to the Committee on Veterans, Homeland Securi-
   ty and Military Affairs -- recommitted to the Committee  on  Veterans,
   Homeland  Security and Military Affairs in accordance with Senate Rule
   6, sec. 8 -- committee discharged, bill amended, ordered reprinted  as
   amended and recommitted to said committee
 
 AN  ACT  to  amend  the  executive  law, in relation to a cyber security
   action plan
 
   THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND  ASSEM-
 BLY, DO ENACT AS FOLLOWS:
 
   Section  1.   The executive law is amended by adding a new section 719
 to read as follows:
   § 719. CYBER SECURITY. 1. CYBER SECURITY ACTION PLAN. THE  COMMISSION-
 ER,  IN CONSULTATION WITH THE CHIEF INFORMATION OFFICER OF THE OFFICE OF
 INFORMATION TECHNOLOGY, THE SUPERINTENDENT OF STATE POLICE, THE  COMMIS-
 SIONER  OF  GENERAL  SERVICES, THE SUPERINTENDENT OF FINANCIAL SERVICES,
 THE OFFICE OF THE STATE COMPTROLLER, AND SUCH  OTHER  EXPERTS  FROM  THE
 PUBLIC,  PRIVATE  AND NOT-FOR-PROFIT SECTORS WHO MAINTAIN EXPERIENCE AND
 KNOWLEDGE IN THE AREA  OF  CYBER  SECURITY  AS  THE  COMMISSIONER  DEEMS
 PRUDENT,  SHALL DEVELOP A CYBER SECURITY ACTION PLAN FOR NEW YORK STATE.
 THE PLAN SHALL MAKE RECOMMENDATIONS TO THE GOVERNOR AND THE  LEGISLATURE
 REGARDING  THE  ESTABLISHMENT  OF  A NEW STATE OFFICE OF CYBER SECURITY,
 UNDER THE COMMAND AND CONTROL OF THE COMMISSIONER AND WITHIN  THE  DIVI-
 SION,  INCLUDING  IDENTIFYING  SUCH BUREAUS, RESPONSIBILITIES AND DUTIES
 THAT SHOULD BE CONTAINED AND PERFORMED WITHIN SUCH  OFFICE,  THE  BUDGET
 AND PERSONNEL NECESSARY TO ESTABLISH SUCH OFFICE, AND THE SITE LOCATIONS
 AT  WHICH  SUCH OFFICE SHOULD BE SITUATED. THE PURPOSE OF THE PLAN SHALL
 BE TO DEVELOP A COMPREHENSIVE AND EFFECTIVE STRATEGY TO PROVIDE MEANING-
 FUL CYBER SECURITY FOR THE STATE OF NEW YORK, ITS  STATE  AGENCIES,  ITS
 PUBLIC  AUTHORITIES,  ITS  ASSETS, ITS INFRASTRUCTURE, ITS LOCAL GOVERN-
 
  EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets
                       [ ] is old law to be omitted.
                                                            LBD11004-02-8

 S. 5946--A                          2
 
 MENTS, AND ITS PRIVATE SECTOR  BUSINESSES,  NOT-FOR-PROFIT  CORPORATIONS
 AND INDIVIDUALS.
   2.  CYBER SECURITY DEFENSE UNIT. THE CYBER SECURITY ACTION PLAN ESTAB-
 LISHED PURSUANT TO SUBDIVISION ONE OF THIS SECTION  SHALL  FURTHER  MAKE
 RECOMMENDATIONS  TO  THE  GOVERNOR AND THE LEGISLATURE ON THE ESTABLISH-
 MENT, WITHIN THE OFFICE OF CYBER SECURITY, OF A CYBER  SECURITY  DEFENSE
 UNIT. THE CYBER SECURITY ACTION PLAN SHALL DETAIL HOW THE CYBER SECURITY
 DEFENSE  UNIT,  WOULD  CONSIST OF SUCH PERSONS AS THE COMMISSIONER DEEMS
 NECESSARY TO PERFORM ITS MISSION. THE CYBER SECURITY ACTION  PLAN  SHALL
 FURTHER DETAIL THE MISSION OF THE CYBER SECURITY DEFENSE UNIT, WITH SUCH
 MISSION  BEING  TO  HELP  PREVENT,  RESPOND  TO,  AND RECOVER FROM CYBER
 ATTACKS TARGETED AGAINST THE STATE, ITS ASSETS, AND ITS  INFRASTRUCTURE,
 TOGETHER  WITH SUCH OTHER AND FURTHER DUTIES AND RESPONSIBILITIES AS THE
 CYBER SECURITY ACTION PLAN MAY ADDITIONALLY PRESCRIBE.  THE CYBER  SECU-
 RITY  ACTION  PLAN  SHALL FURTHER DETAIL THAT THE PERSONNEL OF THE CYBER
 SECURITY DEFENSE UNIT MUST BE EXPERT IN COMPUTER AND  PROGRAMMING  TECH-
 NOLOGY  SO  AS  TO PREVENT AND RESPOND TO UNAUTHORIZED INVASION, HACKING
 AND ATTACKS AGAINST COMPUTER NETWORKS, SYSTEMS, DATABASES, AND  INFORMA-
 TION  STORAGE.  THE  CYBER SECURITY ACTION PLAN SHALL FURTHER DETAIL HOW
 THE PERSONNEL OF THE CYBER SECURITY DEFENSE UNIT  MUST  HAVE  BACKGROUND
 AND  EXPERIENCE  IN  COMPUTER, SYSTEM AND NETWORK OPERATIONS AND VULNER-
 ABILITIES, PROGRAMMING CODE, DATA RECOVERY  AND  CYBER  SECURITY.    THE
 CYBER  SECURITY  ACTION PLAN SHALL ALSO PROVIDE THAT, IN ADDITION TO ANY
 OTHER TASKS THE COMMISSIONER MAY  WISH  TO  ASSIGN  THE  CYBER  SECURITY
 DEFENSE  UNIT,  THAT  SUCH  CYBER  SECURITY  DEFENSE  UNIT SHALL ALSO BE
 ASSIGNED THE MISSION OF USING AND  DEVELOPING  SOFTWARE,  HARDWARE,  AND
 PROTOCOLS  TO  PREVENT SUCH UNAUTHORIZED INVASIONS, HACKING AND ATTACKS,
 AND TO DEVELOP RESPONSE ACTIVITIES, PROCEDURES, AND PROTOCOLS TO ADDRESS
 ANY SUCH INVASION, HACKING OR ATTACK  ON  ANY  STATE  COMPUTER  NETWORK,
 SYSTEM,  DATABASE, AND/OR INFORMATION STORAGE. THE CYBER SECURITY ACTION
 PLAN SHALL FURTHER DETAIL HOW THE CYBER  SECURITY  DEFENSE  UNIT  SHOULD
 INTERACT  AND  DEPLOY  THE  USE  OF  OTHER CYBER EXPERTS, EDUCATORS, LAW
 ENFORCEMENT, INTELLIGENCE EXPERTS, AND OTHER PUBLIC AND  PRIVATE  SECTOR
 ENTITIES TO ASSIST IT IN THE PERFORMANCE OF ITS MISSION.
   3.  CYBER  INCIDENT  RESPONSE  TEAMS.  THE  CYBER SECURITY ACTION PLAN
 ESTABLISHED PURSUANT TO SUBDIVISION ONE OF THIS  SECTION  SHALL  FURTHER
 MAKE  RECOMMENDATIONS  TO THE GOVERNOR AND THE LEGISLATURE ON THE ESTAB-
 LISHMENT, WITHIN THE OFFICE OF CYBER SECURITY, OF A GROUP OF CYBER INCI-
 DENT RESPONSE TEAMS. THE CYBER SECURITY ACTION PLAN SHALL DETAIL HOW THE
 CYBER INCIDENT RESPONSE TEAMS WOULD  CONSIST  OF  SUCH  PERSONS  AS  THE
 COMMISSIONER  DEEMS NECESSARY TO PERFORM ITS MISSION. THE CYBER SECURITY
 ACTION PLAN SHALL FURTHER DETAIL  THE  MISSION  OF  THE  CYBER  INCIDENT
 RESPONSE TEAMS, WITH SUCH MISSION BEING TO HELP PREVENT, RESPOND TO, AND
 RECOVER  FROM,  CYBER  ATTACKS  TARGETED  AGAINST STATE ENTITIES, PUBLIC
 AUTHORITIES, LOCAL GOVERNMENTS, AND/OR PRIVATE SECTOR  BUSINESSES,  NOT-
 FOR-PROFIT  CORPORATIONS  AND  INDIVIDUALS, TOGETHER WITH SUCH OTHER AND
 FURTHER DUTIES AND RESPONSIBILITIES AS THE CYBER  SECURITY  ACTION  PLAN
 MAY  ADDITIONALLY  PRESCRIBE.    THE  CYBER  SECURITY  ACTION PLAN SHALL
 FURTHER DETAIL THAT THE PERSONNEL OF THE CYBER INCIDENT  RESPONSE  TEAMS
 MUST  BE  EXPERT IN COMPUTER AND PROGRAMMING TECHNOLOGY SO AS TO PREVENT
 AND RESPOND TO AN UNAUTHORIZED INVASION,  HACKING  AND  ATTACKS  AGAINST
 COMPUTER  NETWORKS,  SYSTEMS,  DATABASES,  AND  INFORMATION STORAGE. THE
 CYBER SECURITY ACTION PLAN SHALL ADDITIONALLY DETAIL HOW  THE  PERSONNEL
 OF THE CYBER INCIDENT RESPONSE TEAMS MUST HAVE BACKGROUND AND EXPERIENCE
 IN COMPUTER, SYSTEM AND NETWORK OPERATIONS AND VULNERABILITIES, PROGRAM-
 MING  CODE,  DATA RECOVERY AND CYBER SECURITY. THE CYBER SECURITY ACTION

 S. 5946--A                          3
 
 PLAN SHALL ALSO PROVIDE, IN ADDITION TO ANY OTHER TASKS THE COMMISSIONER
 MAY WISH TO ASSIGN THE CYBER INCIDENT RESPONSE TEAMS,  THAT  SUCH  CYBER
 INCIDENT  RESPONSE TEAMS SHALL ALSO BE ASSIGNED THE MISSION OF USING AND
 DEVELOPING  SOFTWARE,  HARDWARE, AND PROTOCOLS TO PREVENT SUCH UNAUTHOR-
 IZED INVASIONS, HACKING AND ATTACKS, AND TO DEVELOP RESPONSE ACTIVITIES,
 PROCEDURES, AND PROTOCOLS TO  ADDRESS  ANY  SUCH  INVASION,  HACKING  OR
 ATTACK  ON ANY STATE COMPUTER NETWORK, SYSTEM, DATABASE, AND/OR INFORMA-
 TION STORAGE.  THE CYBER SECURITY ACTION PLAN SHALL ALSO PROVIDE THAT IT
 WOULD FURTHER BE THE MISSION OF EACH CYBER  INCIDENT  RESPONSE  TEAM  TO
 RESPOND  TO,  AND  HELP THE TARGETED ENTITY TO RECOVER FROM, CYBER INVA-
 SION, HACKING AND ATTACKS. THE CYBER SECURITY  ACTION  PLAN  SHALL  ALSO
 PROVIDE  THAT  WITHIN RESOURCES AVAILABLE, THE COMMISSIONER MAY DEPLOY A
 CYBER INCIDENT RESPONSE TEAM TO A STATE ENTITY, PUBLIC AUTHORITY,  LOCAL
 GOVERNMENT,  PRIVATE SECTOR BUSINESS, OR NOT-FOR-PROFIT CORPORATION THAT
 HAS EXPERIENCED A CYBER ATTACK, TO PROMOTE AND ASSIST IN  SUCH  ENTITY'S
 RESPONSE  AND  RECOVERY  EFFORTS.  THE  CYBER SECURITY ACTION PLAN SHALL
 FURTHER DETAIL HOW THE CYBER INCIDENT RESPONSE TEAM SHOULD INTERACT  AND
 DEPLOY  THE  USE  OF  OTHER  CYBER  EXPERTS, EDUCATORS, LAW ENFORCEMENT,
 INTELLIGENCE EXPERTS, AND OTHER PUBLIC AND PRIVATE  SECTOR  ENTITIES  TO
 ASSIST THEM IN THE PERFORMANCE OF THEIR MISSION.
   4.  CYBER  EDUCATION  AND ATTACK PREVENTION. THE CYBER SECURITY ACTION
 PLAN ESTABLISHED PURSUANT TO  SUBDIVISION  ONE  OF  THIS  SECTION  SHALL
 FURTHER  MAKE RECOMMENDATIONS TO THE GOVERNOR AND THE LEGISLATURE ON THE
 ESTABLISHMENT, WITHIN THE OFFICE OF CYBER SECURITY, OF A CYBER EDUCATION
 AND ATTACK PREVENTION UNIT TO ASSIST STATE AGENCIES, PUBLIC AUTHORITIES,
 LOCAL GOVERNMENTS,  AND/OR  PRIVATE  SECTOR  BUSINESSES,  NOT-FOR-PROFIT
 CORPORATIONS  AND  INDIVIDUALS.  THE  CYBER  SECURITY  ACTION PLAN SHALL
 DETAIL HOW THE CYBER EDUCATION AND ATTACK PREVENTION UNIT WOULD  CONSIST
 OF  SUCH  PERSONS  AS  THE  COMMISSIONER  DEEMS NECESSARY TO PERFORM ITS
 MISSION. THE CYBER SECURITY ACTION PLAN SHALL FURTHER DETAIL THE MISSION
 OF THE CYBER EDUCATION AND ATTACK PREVENTION  UNIT,  WITH  SUCH  MISSION
 BEING  TO HELP EDUCATE STATE AGENCIES, PUBLIC AUTHORITIES, LOCAL GOVERN-
 MENTS, AND/OR PRIVATE SECTOR BUSINESSES, NOT-FOR-PROFIT CORPORATIONS AND
 INDIVIDUALS ON HOW TO PREVENT AND RESPOND TO A  CYBER  ATTACK,  TOGETHER
 WITH  SUCH  OTHER  AND  FURTHER DUTIES AND RESPONSIBILITIES AS THE CYBER
 SECURITY ACTION PLAN MAY  ADDITIONALLY  PRESCRIBE.  THE  CYBER  SECURITY
 ACTION PLAN SHALL FURTHER DETAIL THAT THE COMMISSIONER MAY DEPLOY WITHIN
 RESOURCES  AVAILABLE  THE  CYBER EDUCATION AND ATTACK PREVENTION UNIT TO
 STATE AGENCIES, PUBLIC AUTHORITIES, LOCAL  GOVERNMENTS,  PRIVATE  SECTOR
 BUSINESSES,   AND/OR  NOT-FOR-PROFIT  CORPORATIONS,  TO  EDUCATE  AND/OR
 INSTRUCT SUCH ENTITIES,  HOLD  INFORMATIONAL  PROGRAMS,  AND/OR  PROVIDE
 INSTRUCTIONAL OR INFORMATIONAL MATERIALS. THE CYBER SECURITY ACTION PLAN
 SHALL  FURTHER DETAIL HOW THE CYBER EDUCATION AND ATTACK PREVENTION UNIT
 SHOULD INTERACT AND DEPLOY THE USE OF OTHER  CYBER  EXPERTS,  EDUCATORS,
 LAW  ENFORCEMENT,  INTELLIGENCE  EXPERTS,  AND  OTHER PUBLIC AND PRIVATE
 SECTOR ENTITIES TO ASSIST IT IN THE PERFORMANCE OF ITS MISSION.
   5. REPORTING OF CYBER ENTITIES. THE CYBER SECURITY ACTION PLAN  ESTAB-
 LISHED  PURSUANT  TO  SUBDIVISION ONE OF THIS SECTION SHALL FURTHER MAKE
 RECOMMENDATIONS ON THE REPORTING OF THE NEW STATE OFFICE OF CYBER  SECU-
 RITY.  THE  CYBER  SECURITY  ACTION PLAN SHALL FURTHER REQUIRE THAT SUCH
 REPORTING SHOULD CONTAIN A REQUIREMENT THAT ON OR BEFORE DECEMBER FIRST,
 TWO THOUSAND NINETEEN, AND THEN EVERY YEAR THEREAFTER, THAT THE  COMMIS-
 SIONER  SHALL SUBMIT A REPORT TO THE GOVERNOR, THE SPEAKER OF THE ASSEM-
 BLY, THE TEMPORARY PRESIDENT OF THE SENATE,  THE  CHAIR  OF  THE  SENATE
 STANDING  COMMITTEE ON VETERANS, HOMELAND SECURITY AND MILITARY AFFAIRS,
 AND THE CHAIR OF THE ASSEMBLY STANDING COMMITTEE ON  GOVERNMENTAL  OPER-

 S. 5946--A                          4
 
 ATIONS,  WHICH  PROVIDES A COMPREHENSIVE REVIEW DETAILING ALL THE ACTIV-
 ITIES AND OPERATIONS OF THE OFFICE OF CYBER SECURITY, THE CYBER SECURITY
 DEFENSE UNIT, THE CYBER INCIDENT RESPONSE TEAMS AND THE CYBER  EDUCATION
 AND  ATTACK  PREVENTION  UNIT,  DURING THE PAST YEAR. THE CYBER SECURITY
 ACTION PLAN SHALL FURTHER PROVIDE THAT  WHERE  COMPLIANCE  WITH  SUCH  A
 REPORT  WOULD REQUIRE THE DISCLOSURE OF CONFIDENTIAL INFORMATION, OR THE
 DISCLOSURE OF SENSITIVE  INFORMATION  WHICH  IN  THE  JUDGEMENT  OF  THE
 COMMISSIONER WOULD JEOPARDIZE THE CYBER SECURITY OF THE STATE, THEN SUCH
 CONFIDENTIAL  OR  SENSITIVE INFORMATION SHALL BE PROVIDED TO THE PERSONS
 ENTITLED TO RECEIVE THE REPORT, IN THE FORM OF A  SUPPLEMENTAL  APPENDIX
 TO  THE REPORT, AND THAT SUCH SUPPLEMENTAL APPENDIX TO THE REPORT, SHALL
 NOT BE SUBJECT TO THE PROVISIONS  OF  THE  FREEDOM  OF  INFORMATION  LAW
 PURSUANT  TO  ARTICLE  SIX  OF THE PUBLIC OFFICERS LAW, AND ALTHOUGH THE
 PERSONS ENTITLED TO RECEIVE THE REPORT  MAY  DISCLOSE  THE  SUPPLEMENTAL
 APPENDIX  TO  THE  REPORT  TO  THEIR  PROFESSIONAL STAFF, THEY SHALL NOT
 OTHERWISE PUBLICLY DISCLOSE SUCH CONFIDENTIAL OR SECURE INFORMATION. THE
 CYBER SECURITY ACTION PLAN SHALL FURTHER PROVIDE THAT, EXCEPT  WITH  THE
 RESPECT  TO  ANY  CONFIDENTIAL OR SENSITIVE INFORMATION CONTAINED IN THE
 SUPPLEMENTAL APPENDIX TO THE REPORT, THE COMMISSIONER SHALL DIRECT  THAT
 A COPY OF THE REPORT SHALL BE POSTED ON THE DIVISION'S WEBSITE, NOT MORE
 THAN FIFTEEN DAYS AFTER SUCH REPORT IS DELIVERED TO THE PERSONS ENTITLED
 TO  RECEIVE  SUCH  REPORT. THE CYBER SECURITY ACTION PLAN SHOULD FURTHER
 PROVIDE THAT THE DIVISION MAY FURTHER POST ANY AND ALL ADDITIONAL INFOR-
 MATION IT MAY DEEM APPROPRIATE, ON ITS WEBSITE, REGARDING CYBER  SECURI-
 TY, AND THE PROTECTION OF PUBLIC AND PRIVATE COMPUTER SYSTEMS, NETWORKS,
 HARDWARE AND SOFTWARE.
   6.  REIMBURSEMENT FOR COST OF SERVICE.  THE CYBER SECURITY ACTION PLAN
 ESTABLISHED PURSUANT TO SUBDIVISION ONE OF THIS  SECTION  SHALL  FURTHER
 MAKE  RECOMMENDATIONS  WITH RESPECT TO THE DIVISION CHARGING NON-GOVERN-
 MENTAL ENTITIES FOR THE REASONABLE COST OF THE SERVICES PROVIDED BY  THE
 CYBER  SECURITY  INCIDENT  RESPONSE  TEAMS  AND  THE CYBER EDUCATION AND
 ATTACK PREVENTION UNIT.  THE CYBER SECURITY ACTION  PLAN  SHALL  FURTHER
 DETAIL HOW THE PROCEEDS FROM THE CHARGING FOR SUCH COSTS SHALL BE DEPOS-
 ITED  WITH  THE STATE COMPTROLLER INTO A CYBER SECURITY SUPPORT SERVICES
 ACCOUNT, OF WHICH THE COMPTROLLER WOULD HAVE CUSTODY. THE CYBER SECURITY
 ACTION PLAN SHALL ADDITIONALLY DETAIL HOW THE COMPTROLLER  MAY  DISBURSE
 MONIES HELD IN SUCH CYBER SECURITY ACCOUNT FOR THE PURPOSES OF PROVIDING
 SUPPLEMENTAL  FUNDS  FOR  THE OPERATION OF THE NEW STATE OFFICE OF CYBER
 SECURITY.
   7. TIMING OF CYBER SECURITY  ACTION  PLAN.  THE  COMMISSIONER,  ON  OR
 BEFORE  DECEMBER  FIRST, TWO THOUSAND EIGHTEEN, SHALL  DELIVER A COPY OF
 THE CYBER SECURITY ACTION PLAN REQUIRED TO BE PRODUCED BY THIS  SECTION,
 TO  THE  THE GOVERNOR, THE SPEAKER OF THE ASSEMBLY, THE TEMPORARY PRESI-
 DENT OF THE SENATE, THE CHAIR OF THE SENATE STANDING COMMITTEE ON VETER-
 ANS, HOMELAND SECURITY AND MILITARY AFFAIRS, AND THE CHAIR OF THE ASSEM-
 BLY STANDING COMMITTEE ON GOVERNMENTAL OPERATIONS.
   § 2. This act shall take effect immediately.

Comments

Open Legislation is a forum for New York State legislation. All comments are subject to review and community moderation is encouraged.

Comments deemed off-topic, commercial, campaign-related, self-promotional; or that contain profanity, hate or toxic speech; or that link to sites outside of the nysenate.gov domain are not permitted, and will not be published. Attempts to intimidate and silence contributors or deliberately deceive the public, including excessive or extraneous posting/posts, or coordinated activity, are prohibited and may result in the temporary or permanent banning of the user. Comment moderation is generally performed Monday through Friday. By contributing or voting you agree to the Terms of Participation and verify you are over 13.

Create an account. An account allows you to sign petitions with a single click, officially support or oppose key legislation, and follow issues, committees, and bills that matter to you. When you create an account, you agree to this platform's terms of participation.

Senate Bill S5946A

Sponsored By

Archive: Last Bill Status - In Senate Committee Finance Committee

Jun 13, 2017 - Floor Vote

Floor Vote: Jun 13, 2017

Jan 22, 2018 - Veterans, Homeland Security And Military Affairs Committee Vote

Veterans, Homeland Security And Military Affairs Committee Vote: Jan 22, 2018

May 15, 2017 - Veterans, Homeland Security And Military Affairs Committee Vote

Veterans, Homeland Security And Military Affairs Committee Vote: May 15, 2017

Bill Amendments

2017-S5946 - Details

2017-S5946 - Summary

2017-S5946 - Sponsor Memo

2017-S5946 - Bill Text download pdf

co-Sponsors

2017-S5946A (ACTIVE) - Details

2017-S5946A (ACTIVE) - Summary

2017-S5946A (ACTIVE) - Sponsor Memo

2017-S5946A (ACTIVE) - Bill Text download pdf

Comments

Senate Bill S5946A

Share this bill

Sponsored By

Thomas D. Croci

Archive: Last Bill Status - In Senate Committee Finance Committee

Bill Amendments

2017-S5946 - Details

2017-S5946 - Summary

2017-S5946 - Sponsor Memo

2017-S5946 - Bill Text download pdf

co-Sponsors

Kathleen A. Marchione

2017-S5946A (ACTIVE) - Details

2017-S5946A (ACTIVE) - Summary

2017-S5946A (ACTIVE) - Sponsor Memo

2017-S5946A (ACTIVE) - Bill Text download pdf

Comments