- New York Gov. Kathy Hochul and New York City Mayor Eric Adams, along with the mayors of Albany, Syracuse, Buffalo, Rochester and Yonkers, unveiled the creation of a Joint Security Operations Center (JSOC) last week. It will be a first-of-its-kind center for cybersecurity coordination across the state, Hochul and Adams said.
- The state's institutions, governments and critical infrastructure – including water, transportation and power sources – are all vulnerable, Hochul said at a press conference last week. "We cannot expect cities and counties to go it alone," she said.
- Adams also signed an executive order that requires each New York City agency to designate a cyber command liaison to "share information, monitor threats and adopt best practices around cybersecurity," according to the announcement.
The cybersecurity coordination effort in New York came just ahead of Russia's invasion of Ukraine last week. Destructive malware spread across computers in Ukraine and beyond as fighting continued in the country.
U.S. local and state governments should look to the Russian attack on Ukraine as a wake-up call, according to Alison Post, associate professor of political science and global metropolitan studies at the University of California at Berkeley.
A variety of critical infrastructure systems that local governments operate could be targeted, she said in an email interview, including traffic and street lighting systems and emergency and security alert systems.
"Serious, successful cyberattacks on such systems would allow attackers to disable services and create panic," Post said. "For example, if false emergency alerts were to be issued, these could even decrease citizen trust, and lead fewer to believe them and respond in the future."
"We've entered a new normal when it comes to cybersecurity."
New York State Office of Information Technology Services spokesperson
New York's collaborative approach to cybersecurity could become a potential model for other cities, regions and states to follow, an outcome Hochul said she hopes the JSOC will inspire.
The approach is intended to foster better coordination on threat intelligence, reduce response times and expedite remediation following a potential cyber incident, according to the announcement. It brings all of the state, city, local and authority-level cyber defense assets "under one umbrella."
New York's reworking of its cybersecurity strategy comes as cities from New Orleans to Knoxville, Tennessee have experienced a growing number of cyberattacks in recent years. Researchers have also warned that essential transportation systems and smart city infrastructure are not prepared for cyberattacks.
"We've entered a new normal when it comes to cybersecurity," said Scott Reif, a spokesperson with the state's Office of Information Technology Services, in an email interview.
"There are more attempted attacks than ever before, greater risk and threats facing every level of government," Reif said. "This new collaborative approach ... will go a long way in protecting our infrastructure and thwarting cyber criminals."
Small and mid-sized cities have long struggled to address cyberthreats due to staffing and budget limitations. Many local governments don't have the resources to assess their vulnerabilities and provide proper training to personnel, Post said.
She added that a useful regional approach would involve training for local government officials, outside evaluations of the robustness of local government cyber protections and grant funding for enhancing those protections.
Local leaders should take the threats seriously, Post said.
"Make sure cybersecurity is taken into consideration when procuring IT systems," she said. "Train your personnel to avoid phishing attacks and use two-factor authentication. And take advantage of programs offered by the Department of Homeland Security to bring your staff up to speed on threats."