Senate Passes Legislation to Strengthen Cyber Security Defense in New York

The New York State Senate today passed legislation to strengthen New York’s cyber security measures to combat cyber terrorism. The bills sponsored by Senator Thomas Croci (R, Sayville) would help advance protocols to protect state assets, facilitate the sharing of information about threats, and secure the state’s cyber systems.

Senator Croci, Chair of the Senate Veterans, Homeland Security, and Military Affairs Committee, said, “Our enemies have had too many years, millions of dollars, the sanctuary and the ability to plan, train and recruit for attacks on the U.S. Cyber terrorism is a pervasive and rapidly expanding threat that is very real, especially to New York. We need strong legislation that sends an equally strong message saying New York will do whatever is necessary to protect our critical infrastructure including our power grid, public water systems, and our businesses from cyber crimes committed by those wishing us harm. The time is now for the Assembly and the Governor to pass this legislation and put the protection of New York and its citizens first.”

A bill (S3407A) would establish the New York State Cyber Security Initiative to ensure that the state has a proper cyber security defense system in place. It includes:

• The New York State Cyber Security Sharing and Threat Prevention Program to  increase the quality and readiness of cyber threat information that will be shared by the state with the public and private sectors;
• A New York State Cyber Security Partnership Program to improve, develop, and implement risk-based standards for government, private sector businesses, and individual citizens; and
• The New York State Cyber Security Advisory Board, to assist the state in making recommendations and finding ways to protect its critical infrastructure and information systems.

Another bill (S3405A) would require the Division of Homeland Security and Emergency Services to work with the Superintendent of State Police, the Chief Information Officer, and the President of the Center for Internet Security to complete a comprehensive review of New York’s cyber security measures every five years, and create a report to summarize its findings. The report would identify the state’s security needs and detail how those needs are being met to ensure that the best security practices are in place to protect New Yorkers from cyber terrorism.

The Senate also passed a measure (S3406) yesterday that would create a new crime if someone uses a computer or device to carry out a cyber attack that causes financial harm in excess of $100,000 to another person, partnership, or corporation. It also strengthens penalties for the crime of criminal possession of computer related material.
 
Earlier this year the Senate passed a bill (S3404) that would create new penalties for a variety of cyber crimes. Under the measure, it would be a Class A felony for any person found guilty of intimidating, coercing, or affecting the public or a government entity by causing mass injury, damage, or debilitation of people or their property, including computers and related programs, data network, or material. A new Class C felony would include anyone who uses a computer to cause serious financial harm affecting more than 10 people.

All bills have been sent to the Assembly.