NY State Senate Bill S924

Archive: Last Bill Status - In Senate Committee Rules Committee

Introduced
In Committee
On Floor Calendar
- Passed Senate
- Passed Assembly
Delivered to Governor
Signed/Vetoed by Governor

Your Voice

Please enter your contact information

First Name *

Last Name *

Email Address *

A valid email address is required.

Home address search or enter your address manually *

Home address is used to determine the senate district in which you reside. Your support or opposition to this bill is then shared immediately with the senator who represents you.

Optional services from the NY State Senate:

Create an account. An account allows you to officially support or oppose key legislation, sign petitions with a single click, and follow issues, committees, and bills that matter to you. When you create an account, you agree to this platform's terms of participation.

Include a custom message for your Senator? (Optional)

Enter a message to your senator. Many New Yorkers use this to share the reasoning behind their support or opposition to the bill. Others might share a personal anecdote about how the bill would affect them or people they care about.

Leave this field blank

Actions

view actions (15)

	Assembly Actions - Lowercase Senate Actions - UPPERCASE
Jun 20, 2018	committed to rules
May 31, 2018	advanced to third reading
May 30, 2018	2nd report cal.
May 22, 2018	1st report cal.1331
Jan 22, 2018	reported and committed to finance
Jan 03, 2018	referred to veterans, homeland security and military affairs returned to senate died in assembly
Jun 15, 2017	referred to governmental operations delivered to assembly passed senate ordered to third reading cal.1772 committee discharged and committed to rules
Feb 14, 2017	reported and committed to finance
Jan 05, 2017	referred to veterans, homeland security and military affairs

Votes

view votes

May 22, 2018 - Finance committee Vote

S924

committee

Aye

Nay

Aye with Reservations

Absent

Excused

Abstained

Jan 22, 2018 - Veterans, Homeland Security and Military Affairs committee Vote

S924

committee

Aye

Nay

Aye with Reservations

Absent

Excused

Abstained

Jun 15, 2017 - floor Vote

S924

floor

Aye

Nay

Absent

Excused

Abstained

Jun 15, 2017 - Rules committee Vote

S924

committee

Aye

Nay

Aye with Reservations

Absent

Excused

Abstained

Feb 13, 2017 - Veterans, Homeland Security and Military Affairs committee Vote

S924

committee

Aye

Nay

Aye with Reservations

Absent

Excused

Abstained

Co-Sponsors

view additional co-sponsors

S924 (ACTIVE) - Details

See Assembly Version of this Bill:: A3448
Current Committee:: Senate Rules
Law Section:: Executive Law
Laws Affected:: Add §719, Exec L
Versions Introduced in 2015-2016 Legislative Session:: S3407, A6130

S924 (ACTIVE) - Summary

Requires the formation of a cyber security advisory board and the implementation of a cyber security initiative.

S924 (ACTIVE) - Sponsor Memo

 BILL NUMBER:  S924

 TITLE OF BILL :

An act to amend the executive law, in relation to a cyber security
initiative

 PURPOSE OR GENERAL IDEA OF BILL :

This bill would amend the executive law to establish the New York
State Cyber Security Initiative, to create a New York State Cyber
Security Advisory Board, a New York Cyber Security Partnership
Program, and a New York State Cyber Security Information Sharing
Program.

 SUMMARY OF SPECIFIC PROVISIONS :

This bill would add a new section to the executive law to establish
the New York State Cyber Security Initiative.  Specifically, this new
section would:

*Make legislative findings;

*Define "critical infrastructure and information systems";

*Establish within the division of homeland security (DHSES), a Cyber

Security Advisory Board to make recommendations for protecting the
state's critical infrastructure and information systems;

*Establish within DHSES, a Cyber Security Sharing and Threat
Prevention Program, designed to increase the volume, timeliness, and
quality of cyber threat information shared with the public and private
sector; and

*Require DHSES, in consultation with the State Police, the Office of
Information Technology Services, and the Center for Internet Security,
to issue a New York State Cyber Security Critical Infrastructure Risk
Assessment Report, identifying critical infrastructure and where a
cyber security incident could reasonably result in catastrophic
regional or state-wide effects on public:  health or safety, economic
distress, and/or threaten public protection of the people and/or
property of New York State.

 JUSTIFICATION :

According to the such entities as the United States Department of
Homeland Security, Interpol and the New York State White Collar Crime
Task Force, cybercrime is a pervasive and rapidly expanding threat.
New York state is particularly at risk to cybercrime due to its status
as a global hub of international business and commerce. As most major
national and international banks, insurance companies and brokerage
houses also have headquarters or a significant presence within the
state, such present a particularly attractive target to those who wish
to engage in cyber crime or cyber terrorism.

By establishing a Cyber Security Advisory Board in state law, New York
State can identify ways to protect the state's critical infrastructure
and information systems. Innovative, actionable policies developed by
the Advisory Board will further ensure that New York state is in the
forefront of public cyber security defense.

Modeled after a successful federal initiative, the Information Sharing
and Threat Prevention Program, established by this bill, seeks to
assist both the public and private sector to develop practices that
will better protect and defend their interests against cyber threats.
Finally, the Risk Assessment Report, required under this legislation,
will additionally allow New York, to leverage the expertise and advice
of experienced and knowledgeable professionals, to identify security
threats that are facing the state and its businesses and citizens, and
develop effective ways to combat them.

 PRIOR LEGISLATIVE HISTORY :

This is a new bill.

 FISCAL IMPLICATIONS :

None noted.

 EFFECTIVE DATE :
This act would take effect immediately.

S924 (ACTIVE) - Bill Text download pdf


                    S T A T E   O F   N E W   Y O R K
________________________________________________________________________

                                   924

                       2017-2018 Regular Sessions

                            I N  S E N A T E

                             January 5, 2017
                               ___________

Introduced by Sens. CROCI, AKSHAR, AVELLA, DeFRANCISCO, FUNKE, GOLDEN --
  read  twice  and  ordered printed, and when printed to be committed to
  the Committee on Veterans, Homeland Security and Military Affairs

AN ACT to amend the executive law,  in  relation  to  a  cyber  security
  initiative

  THE  PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND ASSEM-
BLY, DO ENACT AS FOLLOWS:

  Section 1. The executive law is amended by adding a new section 719 to
read as follows:
  § 719. NEW YORK STATE CYBER SECURITY INITIATIVE.  1. LEGISLATIVE FIND-
INGS. THE LEGISLATURE FINDS AND DECLARES THAT REPEATED CYBER  INTRUSIONS
INTO CRITICAL INFRASTRUCTURE, EFFECTING GOVERNMENT, PRIVATE SECTOR BUSI-
NESS,  AND CITIZENS OF THE STATE OF NEW YORK, HAVE DEMONSTRATED THE NEED
FOR IMPROVED CYBER SECURITY.
  THE LEGISLATURE FURTHER FINDS AND  DECLARES  THAT  THIS  CYBER  THREAT
CONTINUES TO GROW AND REPRESENTS ONE OF THE MOST SERIOUS PUBLIC SECURITY
CHALLENGES  THAT  NEW  YORK MUST CONFRONT. MOREOVER, THE SECURITY OF THE
STATE OF NEW YORK DEPENDS  ON  THE  RELIABLE  FUNCTIONING  OF  NEW  YORK
STATE'S  CRITICAL INFRASTRUCTURE, AND PRIVATE SECTOR BUSINESS INTERESTS,
AS WELL AS THE PROTECTION OF THE FINANCES AND  INDIVIDUAL  LIBERTIES  OF
EVERY CITIZEN, IN THE FACE OF SUCH THREATS.
  THE  LEGISLATURE  ADDITIONALLY  FINDS AND DECLARES THAT TO ENHANCE THE
SECURITY, PROTECTION AND RESILIENCE OF NEW YORK STATE'S CRITICAL INFRAS-
TRUCTURE,  AND  PRIVATE  SECTOR  BUSINESS  INTERESTS,  AS  WELL  AS  THE
PROTECTION  OF  THE  FINANCES AND INDIVIDUAL LIBERTIES OF EVERY CITIZEN,
THE STATE OF NEW YORK MUST PROMOTE A CYBER ENVIRONMENT  THAT  ENCOURAGES
EFFICIENCY,  INNOVATION,  AND  ECONOMIC PROSPERITY, AND THAT CAN OPERATE
WITH SAFETY, SECURITY,  BUSINESS  CONFIDENTIALITY,  PRIVACY,  AND  CIVIL
LIBERTY.
  THE  LEGISLATURE FURTHER FINDS AND DECLARES THAT TO CREATE SUCH A SAFE
AND SECURE CYBER ENVIRONMENT FOR GOVERNMENT, PRIVATE SECTOR BUSINESS AND

 EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets
                      [ ] is old law to be omitted.

                                                           LBD02129-01-7

S. 924                              2

INDIVIDUAL CITIZENS, NEW YORK MUST ADVANCE, IN ADDITION TO  ITS  CURRENT
EFFORTS  IN THIS FIELD, A NEW YORK STATE CYBER SECURITY INITIATIVE, THAT
ESTABLISHES A NEW YORK STATE CYBER SECURITY ADVISORY BOARD; A  NEW  YORK
STATE  CYBER  SECURITY PARTNERSHIP PROGRAM WITH THE OWNERS AND OPERATORS
OF CRITICAL INFRASTRUCTURE, PRIVATE SECTOR BUSINESS, ACADEMIA, AND INDI-
VIDUAL CITIZENS TO IMPROVE, DEVELOP AND IMPLEMENT  RISK-BASED  STANDARDS
FOR GOVERNMENT, PRIVATE SECTOR BUSINESSES AND INDIVIDUAL CITIZENS; AND A
NEW YORK STATE CYBER SECURITY INFORMATION SHARING PROGRAM.
  2.  CRITICAL  INFRASTRUCTURE  AND INFORMATION SYSTEMS. AS USED IN THIS
SECTION, THE TERM  "CRITICAL  INFRASTRUCTURE  AND  INFORMATION  SYSTEMS"
SHALL MEAN ALL SYSTEMS AND ASSETS, WHETHER PHYSICAL OR VIRTUAL, SO VITAL
TO  THE GOVERNMENT, PRIVATE SECTOR BUSINESSES AND INDIVIDUAL CITIZENS OF
THE STATE OF NEW YORK THAT THE INCAPACITY OR DESTRUCTION OF SUCH SYSTEMS
AND ASSETS WOULD HAVE A DEBILITATING IMPACT TO THE SECURITY, ECONOMY, OR
PUBLIC HEALTH OF THE INDIVIDUAL CITIZENS, GOVERNMENT, OR PRIVATE  SECTOR
BUSINESSES OF THE STATE OF NEW YORK.
  3.  NEW  YORK  STATE CYBER SECURITY ADVISORY BOARD. (A) THERE SHALL BE
WITHIN THE DIVISION OF HOMELAND SECURITY AND EMERGENCY SERVICES,  A  NEW
YORK  STATE CYBER SECURITY ADVISORY BOARD, WHICH SHALL ADVISE THE GOVER-
NOR AND THE LEGISLATURE ON  DEVELOPMENTS  IN  CYBER  SECURITY  AND  MAKE
RECOMMENDATIONS  FOR  PROTECTING THE STATE'S CRITICAL INFRASTRUCTURE AND
INFORMATION SYSTEMS.
  (B) THE BOARD MEMBERS SHALL CONSIST OF ELEVEN MEMBERS APPOINTED BY THE
GOVERNOR, WITH THREE MEMBERS APPOINTED UPON RECOMMENDATION OF THE TEMPO-
RARY PRESIDENT OF THE SENATE, AND THREE MEMBERS APPOINTED AT THE  RECOM-
MENDATION OF THE SPEAKER OF THE ASSEMBLY. ALL MEMBERS SO APPOINTED SHALL
HAVE  EXPERTISE  IN CYBER SECURITY, TELECOMMUNICATIONS, INTERNET SERVICE
DELIVERY, PUBLIC PROTECTION, COMPUTER SYSTEMS AND/OR COMPUTER NETWORKS.
  (C) THE BOARD SHALL  INVESTIGATE,  DISCUSS  AND  MAKE  RECOMMENDATIONS
CONCERNING  CYBER  SECURITY ISSUES INVOLVING BOTH THE PUBLIC AND PRIVATE
SECTORS AND WHAT STEPS CAN BE TAKEN BY NEW YORK STATE TO  PROTECT  CRIT-
ICAL   CYBER   INFRASTRUCTURE,   FINANCIAL  SYSTEMS,  TELECOMMUNICATIONS
NETWORKS, ELECTRICAL GRIDS, SECURITY SYSTEMS,  FIRST  RESPONDER  SYSTEMS
AND  INFRASTRUCTURE,  PHYSICAL  INFRASTRUCTURE  SYSTEMS,  TRANSPORTATION
SYSTEMS, AND SUCH OTHER AND FURTHER SECTORS OF STATE GOVERNMENT AND  THE
PRIVATE SECTOR AS THE ADVISORY BOARD SHALL DEEM PRUDENT.
  (D) THE PURPOSE OF THE ADVISORY BOARD SHALL BE TO PROMOTE THE DEVELOP-
MENT OF INNOVATIVE, ACTIONABLE POLICIES TO ENSURE THAT NEW YORK STATE IS
IN THE FOREFRONT OF PUBLIC CYBER SECURITY DEFENSE.
  (E)  THE  MEMBERS  OF THE ADVISORY BOARD SHALL RECEIVE NO COMPENSATION
FOR THEIR SERVICES, BUT MAY RECEIVE ACTUAL AND NECESSARY  EXPENSES,  AND
SHALL NOT BE DISQUALIFIED FOR HOLDING ANY OTHER PUBLIC OFFICE OR EMPLOY-
MENT BY MEANS OF THEIR SERVICE AS A MEMBER OF THE ADVISORY BOARD.
  (F)  THE  ADVISORY BOARD SHALL BE ENTITLED TO REQUEST AND RECEIVE, AND
SHALL BE PROVIDED WITH, SUCH FACILITIES, RESOURCES AND DATA OF ANY AGEN-
CY, DEPARTMENT, DIVISION, BOARD, BUREAU, COMMISSION, OR PUBLIC AUTHORITY
OF THE STATE, AS THEY MAY REASONABLY  REQUEST,  TO  CARRY  OUT  PROPERLY
THEIR POWERS, DUTIES AND PURPOSE.
  4.  NEW  YORK  STATE  CYBER  SECURITY INFORMATION SHARING AND ANALYSIS
PROGRAM. (A) THE DIVISION OF HOMELAND SECURITY AND  EMERGENCY  SERVICES,
IN  CONSULTATION WITH THE DIVISION OF THE STATE POLICE, THE STATE OFFICE
OF INFORMATION TECHNOLOGY SERVICES, AND THE CENTER FOR INTERNET  SECURI-
TY,  SHALL  ESTABLISH,  WITHIN  SIXTY DAYS OF THE EFFECTIVE DATE OF THIS
SECTION, A VOLUNTARY NEW YORK STATE CYBER SECURITY  INFORMATION  SHARING
AND ANALYSIS PROGRAM.

S. 924                              3

  (B)  IT  SHALL  BE  THE  PURPOSE  OF THE NEW YORK STATE CYBER SECURITY
INFORMATION SHARING AND ANALYSIS PROGRAM TO INCREASE THE VOLUME, TIMELI-
NESS, AND QUALITY OF CYBER THREAT INFORMATION SHARED WITH NEW YORK STATE
PUBLIC AND PRIVATE SECTOR ENTITIES SO THAT  THESE  ENTITIES  MAY  BETTER
PROTECT  AND  DEFEND THEMSELVES AGAINST CYBER THREATS AND TO PROMOTE THE
DEVELOPMENT OF EFFECTIVE DEFENSES AND STRATEGIES TO COMBAT, AND  PROTECT
AGAINST, CYBER THREATS AND ATTACKS.
  (C)  TO  FACILITATE  THE PURPOSES OF THE NEW YORK STATE CYBER SECURITY
INFORMATION SHARING AND ANALYSIS PROGRAM, THE DIVISION OF HOMELAND SECU-
RITY AND EMERGENCY SERVICES, SHALL PROMULGATE REGULATIONS, IN ACCORDANCE
WITH THE PROVISIONS OF THIS SUBDIVISION.
  (D) THE REGULATIONS SHALL PROVIDE FOR THE TIMELY PRODUCTION OF UNCLAS-
SIFIED REPORTS OF CYBER THREATS TO NEW YORK STATE  AND  ITS  PUBLIC  AND
PRIVATE  SECTOR  ENTITIES,  INCLUDING  THREATS  THAT IDENTIFY A SPECIFIC
TARGETED ENTITY.
  (E) THE REGULATIONS SHALL ADDRESS THE NEED TO PROTECT INTELLIGENCE AND
LAW ENFORCEMENT SOURCES, METHODS, OPERATIONS,  AND  INVESTIGATIONS,  AND
SHALL  FURTHER ESTABLISH A PROCESS THAT RAPIDLY DISSEMINATES THE REPORTS
PRODUCED PURSUANT TO PARAGRAPH (D) OF  THIS  SUBDIVISION,  TO  BOTH  ANY
TARGETED  ENTITY  AS  WELL  AS SUCH OTHER AND FURTHER PUBLIC AND PRIVATE
ENTITIES AS THE DIVISION SHALL DEEM NECESSARY TO ADVANCE THE PURPOSES OF
THIS SUBDIVISION.
  (F) THE REGULATIONS SHALL PROVIDE FOR PROTECTIONS FROM  LIABILITY  FOR
ENTITIES SHARING AND RECEIVING INFORMATION WITH THE NEW YORK STATE CYBER
SECURITY  INFORMATION  AND ANALYSIS PROGRAM, SO LONG AS THE ENTITY ACTED
IN GOOD FAITH.
  (G) THE REGULATIONS SHALL FURTHER ESTABLISH A SYSTEM FOR TRACKING  THE
PRODUCTION,  DISSEMINATION,  AND  DISPOSITION OF THE REPORTS PRODUCED IN
ACCORDANCE WITH THE PROVISIONS OF THIS SUBDIVISION.
  (H) THE REGULATIONS SHALL ALSO ESTABLISH AN  ENHANCED  CYBER  SECURITY
SERVICES  PROGRAM,  WITHIN  NEW  YORK  STATE, TO PROVIDE FOR PROCEDURES,
METHODS AND DIRECTIVES, FOR A  VOLUNTARY  INFORMATION  SHARING  PROGRAM,
THAT  WILL PROVIDE CYBER THREAT AND TECHNICAL INFORMATION COLLECTED FROM
BOTH PUBLIC AND PRIVATE SECTOR ENTITIES,  TO  SUCH  PRIVATE  AND  PUBLIC
SECTOR  ENTITIES AS THE DIVISION DEEMS PRUDENT, TO ADVISE ELIGIBLE CRIT-
ICAL INFRASTRUCTURE COMPANIES OR COMMERCIAL SERVICE PROVIDERS THAT OFFER
SECURITY SERVICES TO CRITICAL INFRASTRUCTURE ON CYBER  SECURITY  THREATS
AND DEFENSE MEASURES.
  (I)  THE REGULATIONS SHALL ALSO SEEK TO DEVELOP STRATEGIES TO MAXIMIZE
THE UTILITY OF CYBER THREAT INFORMATION SHARING BETWEEN AND  ACROSS  THE
PRIVATE AND PUBLIC SECTORS, AND SHALL FURTHER SEEK TO PROMOTE THE USE OF
PRIVATE  AND PUBLIC SECTOR SUBJECT MATTER EXPERTS TO ADDRESS CYBER SECU-
RITY NEEDS IN NEW YORK STATE, WITH THESE SUBJECT MATTER EXPERTS  PROVID-
ING  ADVICE  REGARDING  THE CONTENT, STRUCTURE, AND TYPES OF INFORMATION
MOST USEFUL TO CRITICAL INFRASTRUCTURE OWNERS AND OPERATORS IN  REDUCING
AND MITIGATING CYBER RISKS.
  (J)  THE  REGULATIONS  SHALL  FURTHER SEEK TO ESTABLISH A CONSULTATIVE
PROCESS TO COORDINATE IMPROVEMENTS TO THE  CYBER  SECURITY  OF  CRITICAL
INFRASTRUCTURE,  WHERE  AS  PART OF THE CONSULTATIVE PROCESS, THE PUBLIC
AND PRIVATE ENTITIES OF THE STATE OF NEW YORK SHALL ENGAGE AND  CONSIDER
THE  ADVICE OF THE DIVISION OF HOMELAND SECURITY AND EMERGENCY SERVICES,
THE DIVISION OF THE STATE POLICE, THE STATE OFFICE OF INFORMATION  TECH-
NOLOGY  SERVICES,  THE  CENTER FOR INTERNET SECURITY, THE NEW YORK STATE
CYBER SECURITY ADVISORY BOARD, THE PROGRAMS ESTABLISHED BY THIS SUBDIVI-
SION, AND SUCH OTHER AND FURTHER PRIVATE  AND  PUBLIC  SECTOR  ENTITIES,

S. 924                              4

UNIVERSITIES,  AND  CYBER  SECURITY  EXPERTS AS THE DIVISION OF HOMELAND
SECURITY AND EMERGENCY SERVICES MAY DEEM PRUDENT.
  (K)  THE REGULATIONS SHALL FURTHER SEEK TO ESTABLISH A BASELINE FRAME-
WORK TO REDUCE CYBER RISK TO CRITICAL INFRASTRUCTURE, AND SHALL SEEK  TO
HAVE  THE  DIVISION  OF  HOMELAND  SECURITY  AND  EMERGENCY SERVICES, IN
CONSULTATION WITH THE DIVISION OF STATE  POLICE,  THE  STATE  OFFICE  OF
INFORMATION  TECHNOLOGY  SERVICES, AND THE CENTER FOR INTERNET SECURITY,
LEAD THE DEVELOPMENT OF A VOLUNTARY FRAMEWORK TO REDUCE CYBER  RISKS  TO
CRITICAL  INFRASTRUCTURE,  TO  BE KNOWN AS THE CYBER SECURITY FRAMEWORK,
WHICH SHALL:
  (I) INCLUDE A SET OF STANDARDS, METHODOLOGIES, PROCEDURES,  AND  PROC-
ESSES  THAT  ALIGN  POLICY,  BUSINESS,  AND  TECHNOLOGICAL APPROACHES TO
ADDRESS CYBER RISKS;
  (II) INCORPORATE VOLUNTARY CONSENSUS STANDARDS AND INDUSTRY BEST PRAC-
TICES TO THE FULLEST EXTENT POSSIBLE;
  (III) PROVIDE A PRIORITIZED, FLEXIBLE, REPEATABLE,  PERFORMANCE-BASED,
AND COST-EFFECTIVE APPROACH, INCLUDING INFORMATION SECURITY MEASURES AND
CONTROLS,  TO HELP OWNERS AND OPERATORS OF CRITICAL INFRASTRUCTURE IDEN-
TIFY, ASSESS, AND MANAGE CYBER RISK;
  (IV) FOCUS ON IDENTIFYING CROSS-SECTOR SECURITY STANDARDS  AND  GUIDE-
LINES APPLICABLE TO CRITICAL INFRASTRUCTURE;
  (V)  IDENTIFY  AREAS  FOR IMPROVEMENT THAT SHOULD BE ADDRESSED THROUGH
FUTURE COLLABORATION WITH PARTICULAR  SECTORS  AND  STANDARDS-DEVELOPING
ORGANIZATIONS;
  (VI)  ENABLE  TECHNICAL  INNOVATION  AND  ACCOUNT  FOR  ORGANIZATIONAL
DIFFERENCES, TO PROVIDE GUIDANCE THAT IS  TECHNOLOGY  NEUTRAL  AND  THAT
ENABLES  CRITICAL  INFRASTRUCTURE  SECTORS TO BENEFIT FROM A COMPETITIVE
MARKET FOR PRODUCTS AND SERVICES THAT MEET THE STANDARDS, METHODOLOGIES,
PROCEDURES, AND PROCESSES DEVELOPED TO ADDRESS CYBER RISKS;
  (VII) INCLUDE GUIDANCE FOR MEASURING THE PERFORMANCE OF AN  ENTITY  IN
IMPLEMENTING THE CYBER SECURITY FRAMEWORK;
  (VIII)  INCLUDE  METHODOLOGIES TO IDENTIFY AND MITIGATE IMPACTS OF THE
CYBER SECURITY FRAMEWORK AND ASSOCIATED INFORMATION SECURITY MEASURES OR
CONTROLS ON BUSINESS CONFIDENTIALITY, AND TO PROTECT INDIVIDUAL  PRIVACY
AND CIVIL LIBERTIES; AND
  (IX)  ENGAGE IN THE REVIEW OF THREAT AND VULNERABILITY INFORMATION AND
TECHNICAL EXPERTISE.
  (L) THE REGULATIONS SHALL ADDITIONALLY ESTABLISH A VOLUNTARY  CRITICAL
INFRASTRUCTURE  CYBER  SECURITY  PROGRAM  TO SUPPORT THE ADOPTION OF THE
CYBER SECURITY FRAMEWORK BY OWNERS AND OPERATORS OF CRITICAL INFRASTRUC-
TURE AND ANY OTHER INTERESTED ENTITIES, WHERE UNDER THIS PROGRAM  IMPLE-
MENTATION  GUIDANCE  OR  SUPPLEMENTAL  MATERIALS  WOULD  BE DEVELOPED TO
ADDRESS SECTOR-SPECIFIC RISKS AND OPERATING ENVIRONMENTS, AND  RECOMMEND
LEGISLATION FOR ENACTMENT TO ADDRESS CYBER SECURITY ISSUES.
  (M)  IN DEVELOPING THE NEW YORK STATE CYBER SECURITY INFORMATION SHAR-
ING AND ANALYSIS PROGRAM IN  ACCORDANCE  WITH  THE  PROVISIONS  OF  THIS
SUBDIVISION,  THE  DIVISION OF HOMELAND SECURITY AND EMERGENCY SERVICES,
IN CONSULTATION WITH THE DIVISION OF STATE POLICE, THE STATE  OFFICE  OF
INFORMATION  TECHNOLOGY  SERVICES, AND THE CENTER FOR INTERNET SECURITY,
SHALL PRODUCE AND SUBMIT A REPORT, TO THE GOVERNOR, THE TEMPORARY PRESI-
DENT OF THE SENATE, AND THE SPEAKER OF THE ASSEMBLY, MAKING  RECOMMENDA-
TIONS  ON  THE  FEASIBILITY,  SECURITY  BENEFITS, AND RELATIVE MERITS OF
INCORPORATING SECURITY STANDARDS INTO ACQUISITION PLANNING AND  CONTRACT
ADMINISTRATION.  SUCH  REPORT  SHALL  FURTHER  ADDRESS WHAT STEPS CAN BE
TAKEN TO HARMONIZE AND MAKE CONSISTENT EXISTING PROCUREMENT REQUIREMENTS

S. 924                              5

RELATED TO CYBER SECURITY AND THE FEASIBILITY  OF  INCLUDING  RISK-BASED
SECURITY STANDARDS INTO PROCUREMENT AND CONTRACT ADMINISTRATION.
  5.  NEW YORK STATE CYBER SECURITY CRITICAL INFRASTRUCTURE RISK ASSESS-
MENT REPORT.  (A)  THE  DIVISION  OF  HOMELAND  SECURITY  AND  EMERGENCY
SERVICES,  IN  CONSULTATION WITH THE DIVISION OF STATE POLICE, THE STATE
OFFICE OF INFORMATION TECHNOLOGY SERVICES, AND THE CENTER  FOR  INTERNET
SECURITY,  WITHIN  ONE HUNDRED TWENTY DAYS OF THE EFFECTIVE DATE OF THIS
SECTION, SHALL PRODUCE A NEW YORK STATE CYBER SECURITY CRITICAL  INFRAS-
TRUCTURE RISK ASSESSMENT REPORT.
  (B)  THE  PRODUCTION  OF  THE  NEW  YORK STATE CYBER SECURITY CRITICAL
INFRASTRUCTURE RISK ASSESSMENT REPORT SHALL USE A RISK-BASED APPROACH TO
IDENTIFY CRITICAL INFRASTRUCTURE WHERE A CYBER SECURITY  INCIDENT  COULD
REASONABLY  RESULT  IN  CATASTROPHIC  REGIONAL  OR STATE-WIDE EFFECTS ON
PUBLIC HEALTH OR  SAFETY,  ECONOMIC  DISTRESS,  AND/OR  THREATEN  PUBLIC
PROTECTION OF THE PEOPLE AND/OR PROPERTY OF NEW YORK STATE.
  (C)  THE  PRODUCTION  OF THE REPORT SHALL FURTHER USE THE CONSULTATIVE
PROCESS AND DRAW UPON THE EXPERTISE OF AND ADVICE  OF  THE  DIVISION  OF
HOMELAND  SECURITY AND EMERGENCY SERVICES, THE DIVISION OF STATE POLICE,
THE STATE OFFICE OF INFORMATION  TECHNOLOGY  SERVICES,  THE  CENTER  FOR
INTERNET SECURITY, THE NEW YORK STATE CYBER SECURITY ADVISORY BOARD, THE
PROGRAMS ESTABLISHED BY THIS SECTION, AND SUCH OTHER AND FURTHER PRIVATE
AND  PUBLIC SECTOR ENTITIES, UNIVERSITIES, AND CYBER SECURITY EXPERTS AS
THE DIVISION OF  HOMELAND  SECURITY  AND  EMERGENCY  SERVICES  MAY  DEEM
PRUDENT.
  (D)  THE  NEW  YORK  STATE CYBER SECURITY CRITICAL INFRASTRUCTURE RISK
ASSESSMENT REPORT SHALL BE DELIVERED  TO  THE  GOVERNOR,  THE  TEMPORARY
PRESIDENT  OF  THE SENATE, THE SPEAKER OF THE ASSEMBLY, THE CHAIR OF THE
SENATE STANDING COMMITTEE ON VETERANS, HOMELAND  SECURITY  AND  MILITARY
AFFAIRS,  AND  THE  CHAIR  OF THE ASSEMBLY STANDING COMMITTEE ON GOVERN-
MENTAL OPERATIONS.
  (E) WHERE COMPLIANCE WITH THIS SECTION SHALL REQUIRE THE DISCLOSURE OF
CONFIDENTIAL INFORMATION, OR THE  DISCLOSURE  OF  SENSITIVE  INFORMATION
WHICH  IN  THE  JUDGMENT OF THE COMMISSIONER OF THE DIVISION OF HOMELAND
SECURITY AND EMERGENCY SERVICES WOULD JEOPARDIZE THE CYBER  SECURITY  OF
THE STATE:
  (I)  SUCH  CONFIDENTIAL  OR SENSITIVE INFORMATION SHALL BE PROVIDED TO
THE PERSONS ENTITLED TO RECEIVE THE REPORT, IN THE  FORM  OF  A  SUPPLE-
MENTAL APPENDIX TO THE REPORT; AND
  (II)  SUCH SUPPLEMENTAL APPENDIX TO THE REPORT SHALL NOT BE SUBJECT TO
THE PROVISIONS OF THE FREEDOM OF INFORMATION LAW PURSUANT TO ARTICLE SIX
OF THE PUBLIC OFFICERS LAW; AND
  (III) THE PERSONS ENTITLED TO RECEIVE  THE  REPORT  MAY  DISCLOSE  THE
SUPPLEMENTAL  APPENDIX  TO  THE  REPORT TO THEIR PROFESSIONAL STAFF, BUT
SHALL NOT OTHERWISE PUBLICLY DISCLOSE SUCH CONFIDENTIAL OR SECURE INFOR-
MATION.
  § 2. This act shall take effect immediately.

Comments

Open Legislation is a forum for New York State legislation. All comments are subject to review and community moderation is encouraged.

Comments deemed off-topic, commercial, campaign-related, self-promotional; or that contain profanity, hate or toxic speech; or that link to sites outside of the nysenate.gov domain are not permitted, and will not be published. Attempts to intimidate and silence contributors or deliberately deceive the public, including excessive or extraneous posting/posts, or coordinated activity, are prohibited and may result in the temporary or permanent banning of the user. Comment moderation is generally performed Monday through Friday. By contributing or voting you agree to the Terms of Participation and verify you are over 13.

The New York State Senate

senate Bill S924

Sponsored By

Archive: Last Bill Status - In Senate Committee Rules Committee

Your Voice

Actions

Votes

May 22, 2018 - Finance committee Vote

Finance Committee Vote: May 22, 2018

Jan 22, 2018 - Veterans, Homeland Security and Military Affairs committee Vote

Veterans, Homeland Security and Military Affairs Committee Vote: Jan 22, 2018

Jun 15, 2017 - floor Vote

Floor Vote: Jun 15, 2017

Jun 15, 2017 - Rules committee Vote

Rules Committee Vote: Jun 15, 2017

Feb 13, 2017 - Veterans, Homeland Security and Military Affairs committee Vote

Veterans, Homeland Security and Military Affairs Committee Vote: Feb 13, 2017

Co-Sponsors

S924 (ACTIVE) - Details

S924 (ACTIVE) - Summary

S924 (ACTIVE) - Sponsor Memo

S924 (ACTIVE) - Bill Text download pdf

Comments

senate Bill S924

Share this bill

Sponsored By

Archive: Last Bill Status - In Senate Committee Rules Committee

Your Voice

Actions

Votes

May 22, 2018 - Finance committee Vote

Finance Committee Vote: May 22, 2018

Jan 22, 2018 - Veterans, Homeland Security and Military Affairs committee Vote

Veterans, Homeland Security and Military Affairs Committee Vote: Jan 22, 2018

Jun 15, 2017 - floor Vote

Floor Vote: Jun 15, 2017

Jun 15, 2017 - Rules committee Vote

Rules Committee Vote: Jun 15, 2017

Feb 13, 2017 - Veterans, Homeland Security and Military Affairs committee Vote

Veterans, Homeland Security and Military Affairs Committee Vote: Feb 13, 2017

Co-Sponsors

S924 (ACTIVE) - Details

S924 (ACTIVE) - Summary

S924 (ACTIVE) - Sponsor Memo

S924 (ACTIVE) - Bill Text download pdf

Comments