Assembly Actions -
Lowercase Senate Actions - UPPERCASE |
|
---|---|
Jun 20, 2018 |
committed to rules |
May 31, 2018 |
advanced to third reading |
May 30, 2018 |
2nd report cal. |
May 22, 2018 |
1st report cal.1331 |
Jan 22, 2018 |
reported and committed to finance |
Jan 03, 2018 |
referred to veterans, homeland security and military affairs returned to senate died in assembly |
Jun 15, 2017 |
referred to governmental operations delivered to assembly passed senate ordered to third reading cal.1772 committee discharged and committed to rules |
Feb 14, 2017 |
reported and committed to finance |
Jan 05, 2017 |
referred to veterans, homeland security and military affairs |
Senate Bill S924
2017-2018 Legislative Session
Requires the formation of a cyber security advisory board and the implementation of a cyber security initiative
download bill text pdfSponsored By
(R) Senate District
Archive: Last Bill Status - In Senate Committee Rules Committee
- Introduced
-
- In Committee Assembly
- In Committee Senate
-
- On Floor Calendar Assembly
- On Floor Calendar Senate
-
- Passed Assembly
- Passed Senate
- Delivered to Governor
- Signed By Governor
Actions
Votes
-
-
-
-
Floor Vote: Jun 15, 2017
aye (60)- Addabbo Jr.
- Akshar
- Alcantara
- Amedore
- Avella
- Benjamin
- Bonacic
- Boyle
- Breslin
- Brooks
- Carlucci
- Comrie
- Croci
- DeFrancisco
- Dilan
- Felder
- Flanagan
- Funke
- Gallivan
- Gianaris
- Golden
- Griffo
- Hamilton
- Hannon
- Helming
- Hoylman-Sigal
- Jacobs
- Kaminsky
- Kennedy
- Klein
- Krueger
- LaValle
- Lanza
- Larkin
- Latimer
- Little
- Marchione
- Montgomery
- Murphy
- O'Mara
- Ortt
- Parker
- Peralta
- Persaud
- Phillips
- Ranzenhofer
- Ritchie
- Rivera
- Robach
- Sanders Jr.
- Savino
- Serino
- Serrano
- Seward
- Squadron
- Stavisky
- Stewart-Cousins
- Tedisco
- Valesky
- Young
excused (3)
-
Jan 22, 2018 - Veterans, Homeland Security And Military Affairs Committee Vote
S92413Aye0Nay0Aye with Reservations0Absent0Excused0AbstainedFeb 13, 2017 - Veterans, Homeland Security And Military Affairs Committee Vote
S92413Aye0Nay0Aye with Reservations0Absent0Excused0AbstainedJun 15, 2017 - Rules Committee Vote
S92425Aye0Nay0Aye with Reservations0Absent0Excused0AbstainedMay 22, 2018 - Finance Committee Vote
S92431Aye2Nay4Aye with Reservations0Absent0Excused0Abstained -
-
co-Sponsors
(R, C, IP, RFM) Senate District
(D) Senate District
(D) Senate District
(R, C, IP) Senate District
(R, C, IP) Senate District
(R, C, IP) Senate District
(R, C, IP) 54th Senate District
(R, C, IP) Senate District
(R, C, IP) Senate District
(R, C, IP) Senate District
(R, C, IP) Senate District
2017-S924 (ACTIVE) - Details
- See Assembly Version of this Bill:
- A3448
- Current Committee:
- Senate Rules
- Law Section:
- Executive Law
- Laws Affected:
- Add §719, Exec L
- Versions Introduced in 2015-2016 Legislative Session:
-
S3407, A6130
2017-S924 (ACTIVE) - Sponsor Memo
BILL NUMBER: S924 TITLE OF BILL : An act to amend the executive law, in relation to a cyber security initiative PURPOSE OR GENERAL IDEA OF BILL : This bill would amend the executive law to establish the New York State Cyber Security Initiative, to create a New York State Cyber Security Advisory Board, a New York Cyber Security Partnership Program, and a New York State Cyber Security Information Sharing Program. SUMMARY OF SPECIFIC PROVISIONS : This bill would add a new section to the executive law to establish the New York State Cyber Security Initiative. Specifically, this new section would: *Make legislative findings; *Define "critical infrastructure and information systems"; *Establish within the division of homeland security (DHSES), a Cyber
Security Advisory Board to make recommendations for protecting the state's critical infrastructure and information systems; *Establish within DHSES, a Cyber Security Sharing and Threat Prevention Program, designed to increase the volume, timeliness, and quality of cyber threat information shared with the public and private sector; and *Require DHSES, in consultation with the State Police, the Office of Information Technology Services, and the Center for Internet Security, to issue a New York State Cyber Security Critical Infrastructure Risk Assessment Report, identifying critical infrastructure and where a cyber security incident could reasonably result in catastrophic regional or state-wide effects on public: health or safety, economic distress, and/or threaten public protection of the people and/or property of New York State. JUSTIFICATION : According to the such entities as the United States Department of Homeland Security, Interpol and the New York State White Collar Crime Task Force, cybercrime is a pervasive and rapidly expanding threat. New York state is particularly at risk to cybercrime due to its status as a global hub of international business and commerce. As most major national and international banks, insurance companies and brokerage houses also have headquarters or a significant presence within the state, such present a particularly attractive target to those who wish to engage in cyber crime or cyber terrorism. By establishing a Cyber Security Advisory Board in state law, New York State can identify ways to protect the state's critical infrastructure and information systems. Innovative, actionable policies developed by the Advisory Board will further ensure that New York state is in the forefront of public cyber security defense. Modeled after a successful federal initiative, the Information Sharing and Threat Prevention Program, established by this bill, seeks to assist both the public and private sector to develop practices that will better protect and defend their interests against cyber threats. Finally, the Risk Assessment Report, required under this legislation, will additionally allow New York, to leverage the expertise and advice of experienced and knowledgeable professionals, to identify security threats that are facing the state and its businesses and citizens, and develop effective ways to combat them. PRIOR LEGISLATIVE HISTORY : This is a new bill. FISCAL IMPLICATIONS : None noted. EFFECTIVE DATE : This act would take effect immediately.
2017-S924 (ACTIVE) - Bill Text download pdf
S T A T E O F N E W Y O R K ________________________________________________________________________ 924 2017-2018 Regular Sessions I N S E N A T E January 5, 2017 ___________ Introduced by Sens. CROCI, AKSHAR, AVELLA, DeFRANCISCO, FUNKE, GOLDEN -- read twice and ordered printed, and when printed to be committed to the Committee on Veterans, Homeland Security and Military Affairs AN ACT to amend the executive law, in relation to a cyber security initiative THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND ASSEM- BLY, DO ENACT AS FOLLOWS: Section 1. The executive law is amended by adding a new section 719 to read as follows: § 719. NEW YORK STATE CYBER SECURITY INITIATIVE. 1. LEGISLATIVE FIND- INGS. THE LEGISLATURE FINDS AND DECLARES THAT REPEATED CYBER INTRUSIONS INTO CRITICAL INFRASTRUCTURE, EFFECTING GOVERNMENT, PRIVATE SECTOR BUSI- NESS, AND CITIZENS OF THE STATE OF NEW YORK, HAVE DEMONSTRATED THE NEED FOR IMPROVED CYBER SECURITY. THE LEGISLATURE FURTHER FINDS AND DECLARES THAT THIS CYBER THREAT CONTINUES TO GROW AND REPRESENTS ONE OF THE MOST SERIOUS PUBLIC SECURITY CHALLENGES THAT NEW YORK MUST CONFRONT. MOREOVER, THE SECURITY OF THE STATE OF NEW YORK DEPENDS ON THE RELIABLE FUNCTIONING OF NEW YORK STATE'S CRITICAL INFRASTRUCTURE, AND PRIVATE SECTOR BUSINESS INTERESTS, AS WELL AS THE PROTECTION OF THE FINANCES AND INDIVIDUAL LIBERTIES OF EVERY CITIZEN, IN THE FACE OF SUCH THREATS. THE LEGISLATURE ADDITIONALLY FINDS AND DECLARES THAT TO ENHANCE THE SECURITY, PROTECTION AND RESILIENCE OF NEW YORK STATE'S CRITICAL INFRAS- TRUCTURE, AND PRIVATE SECTOR BUSINESS INTERESTS, AS WELL AS THE PROTECTION OF THE FINANCES AND INDIVIDUAL LIBERTIES OF EVERY CITIZEN, THE STATE OF NEW YORK MUST PROMOTE A CYBER ENVIRONMENT THAT ENCOURAGES EFFICIENCY, INNOVATION, AND ECONOMIC PROSPERITY, AND THAT CAN OPERATE WITH SAFETY, SECURITY, BUSINESS CONFIDENTIALITY, PRIVACY, AND CIVIL LIBERTY. THE LEGISLATURE FURTHER FINDS AND DECLARES THAT TO CREATE SUCH A SAFE AND SECURE CYBER ENVIRONMENT FOR GOVERNMENT, PRIVATE SECTOR BUSINESS AND EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets [ ] is old law to be omitted.
LBD02129-01-7 S. 924 2 INDIVIDUAL CITIZENS, NEW YORK MUST ADVANCE, IN ADDITION TO ITS CURRENT EFFORTS IN THIS FIELD, A NEW YORK STATE CYBER SECURITY INITIATIVE, THAT ESTABLISHES A NEW YORK STATE CYBER SECURITY ADVISORY BOARD; A NEW YORK STATE CYBER SECURITY PARTNERSHIP PROGRAM WITH THE OWNERS AND OPERATORS OF CRITICAL INFRASTRUCTURE, PRIVATE SECTOR BUSINESS, ACADEMIA, AND INDI- VIDUAL CITIZENS TO IMPROVE, DEVELOP AND IMPLEMENT RISK-BASED STANDARDS FOR GOVERNMENT, PRIVATE SECTOR BUSINESSES AND INDIVIDUAL CITIZENS; AND A NEW YORK STATE CYBER SECURITY INFORMATION SHARING PROGRAM. 2. CRITICAL INFRASTRUCTURE AND INFORMATION SYSTEMS. AS USED IN THIS SECTION, THE TERM "CRITICAL INFRASTRUCTURE AND INFORMATION SYSTEMS" SHALL MEAN ALL SYSTEMS AND ASSETS, WHETHER PHYSICAL OR VIRTUAL, SO VITAL TO THE GOVERNMENT, PRIVATE SECTOR BUSINESSES AND INDIVIDUAL CITIZENS OF THE STATE OF NEW YORK THAT THE INCAPACITY OR DESTRUCTION OF SUCH SYSTEMS AND ASSETS WOULD HAVE A DEBILITATING IMPACT TO THE SECURITY, ECONOMY, OR PUBLIC HEALTH OF THE INDIVIDUAL CITIZENS, GOVERNMENT, OR PRIVATE SECTOR BUSINESSES OF THE STATE OF NEW YORK. 3. NEW YORK STATE CYBER SECURITY ADVISORY BOARD. (A) THERE SHALL BE WITHIN THE DIVISION OF HOMELAND SECURITY AND EMERGENCY SERVICES, A NEW YORK STATE CYBER SECURITY ADVISORY BOARD, WHICH SHALL ADVISE THE GOVER- NOR AND THE LEGISLATURE ON DEVELOPMENTS IN CYBER SECURITY AND MAKE RECOMMENDATIONS FOR PROTECTING THE STATE'S CRITICAL INFRASTRUCTURE AND INFORMATION SYSTEMS. (B) THE BOARD MEMBERS SHALL CONSIST OF ELEVEN MEMBERS APPOINTED BY THE GOVERNOR, WITH THREE MEMBERS APPOINTED UPON RECOMMENDATION OF THE TEMPO- RARY PRESIDENT OF THE SENATE, AND THREE MEMBERS APPOINTED AT THE RECOM- MENDATION OF THE SPEAKER OF THE ASSEMBLY. ALL MEMBERS SO APPOINTED SHALL HAVE EXPERTISE IN CYBER SECURITY, TELECOMMUNICATIONS, INTERNET SERVICE DELIVERY, PUBLIC PROTECTION, COMPUTER SYSTEMS AND/OR COMPUTER NETWORKS. (C) THE BOARD SHALL INVESTIGATE, DISCUSS AND MAKE RECOMMENDATIONS CONCERNING CYBER SECURITY ISSUES INVOLVING BOTH THE PUBLIC AND PRIVATE SECTORS AND WHAT STEPS CAN BE TAKEN BY NEW YORK STATE TO PROTECT CRIT- ICAL CYBER INFRASTRUCTURE, FINANCIAL SYSTEMS, TELECOMMUNICATIONS NETWORKS, ELECTRICAL GRIDS, SECURITY SYSTEMS, FIRST RESPONDER SYSTEMS AND INFRASTRUCTURE, PHYSICAL INFRASTRUCTURE SYSTEMS, TRANSPORTATION SYSTEMS, AND SUCH OTHER AND FURTHER SECTORS OF STATE GOVERNMENT AND THE PRIVATE SECTOR AS THE ADVISORY BOARD SHALL DEEM PRUDENT. (D) THE PURPOSE OF THE ADVISORY BOARD SHALL BE TO PROMOTE THE DEVELOP- MENT OF INNOVATIVE, ACTIONABLE POLICIES TO ENSURE THAT NEW YORK STATE IS IN THE FOREFRONT OF PUBLIC CYBER SECURITY DEFENSE. (E) THE MEMBERS OF THE ADVISORY BOARD SHALL RECEIVE NO COMPENSATION FOR THEIR SERVICES, BUT MAY RECEIVE ACTUAL AND NECESSARY EXPENSES, AND SHALL NOT BE DISQUALIFIED FOR HOLDING ANY OTHER PUBLIC OFFICE OR EMPLOY- MENT BY MEANS OF THEIR SERVICE AS A MEMBER OF THE ADVISORY BOARD. (F) THE ADVISORY BOARD SHALL BE ENTITLED TO REQUEST AND RECEIVE, AND SHALL BE PROVIDED WITH, SUCH FACILITIES, RESOURCES AND DATA OF ANY AGEN- CY, DEPARTMENT, DIVISION, BOARD, BUREAU, COMMISSION, OR PUBLIC AUTHORITY OF THE STATE, AS THEY MAY REASONABLY REQUEST, TO CARRY OUT PROPERLY THEIR POWERS, DUTIES AND PURPOSE. 4. NEW YORK STATE CYBER SECURITY INFORMATION SHARING AND ANALYSIS PROGRAM. (A) THE DIVISION OF HOMELAND SECURITY AND EMERGENCY SERVICES, IN CONSULTATION WITH THE DIVISION OF THE STATE POLICE, THE STATE OFFICE OF INFORMATION TECHNOLOGY SERVICES, AND THE CENTER FOR INTERNET SECURI- TY, SHALL ESTABLISH, WITHIN SIXTY DAYS OF THE EFFECTIVE DATE OF THIS SECTION, A VOLUNTARY NEW YORK STATE CYBER SECURITY INFORMATION SHARING AND ANALYSIS PROGRAM. S. 924 3 (B) IT SHALL BE THE PURPOSE OF THE NEW YORK STATE CYBER SECURITY INFORMATION SHARING AND ANALYSIS PROGRAM TO INCREASE THE VOLUME, TIMELI- NESS, AND QUALITY OF CYBER THREAT INFORMATION SHARED WITH NEW YORK STATE PUBLIC AND PRIVATE SECTOR ENTITIES SO THAT THESE ENTITIES MAY BETTER PROTECT AND DEFEND THEMSELVES AGAINST CYBER THREATS AND TO PROMOTE THE DEVELOPMENT OF EFFECTIVE DEFENSES AND STRATEGIES TO COMBAT, AND PROTECT AGAINST, CYBER THREATS AND ATTACKS. (C) TO FACILITATE THE PURPOSES OF THE NEW YORK STATE CYBER SECURITY INFORMATION SHARING AND ANALYSIS PROGRAM, THE DIVISION OF HOMELAND SECU- RITY AND EMERGENCY SERVICES, SHALL PROMULGATE REGULATIONS, IN ACCORDANCE WITH THE PROVISIONS OF THIS SUBDIVISION. (D) THE REGULATIONS SHALL PROVIDE FOR THE TIMELY PRODUCTION OF UNCLAS- SIFIED REPORTS OF CYBER THREATS TO NEW YORK STATE AND ITS PUBLIC AND PRIVATE SECTOR ENTITIES, INCLUDING THREATS THAT IDENTIFY A SPECIFIC TARGETED ENTITY. (E) THE REGULATIONS SHALL ADDRESS THE NEED TO PROTECT INTELLIGENCE AND LAW ENFORCEMENT SOURCES, METHODS, OPERATIONS, AND INVESTIGATIONS, AND SHALL FURTHER ESTABLISH A PROCESS THAT RAPIDLY DISSEMINATES THE REPORTS PRODUCED PURSUANT TO PARAGRAPH (D) OF THIS SUBDIVISION, TO BOTH ANY TARGETED ENTITY AS WELL AS SUCH OTHER AND FURTHER PUBLIC AND PRIVATE ENTITIES AS THE DIVISION SHALL DEEM NECESSARY TO ADVANCE THE PURPOSES OF THIS SUBDIVISION. (F) THE REGULATIONS SHALL PROVIDE FOR PROTECTIONS FROM LIABILITY FOR ENTITIES SHARING AND RECEIVING INFORMATION WITH THE NEW YORK STATE CYBER SECURITY INFORMATION AND ANALYSIS PROGRAM, SO LONG AS THE ENTITY ACTED IN GOOD FAITH. (G) THE REGULATIONS SHALL FURTHER ESTABLISH A SYSTEM FOR TRACKING THE PRODUCTION, DISSEMINATION, AND DISPOSITION OF THE REPORTS PRODUCED IN ACCORDANCE WITH THE PROVISIONS OF THIS SUBDIVISION. (H) THE REGULATIONS SHALL ALSO ESTABLISH AN ENHANCED CYBER SECURITY SERVICES PROGRAM, WITHIN NEW YORK STATE, TO PROVIDE FOR PROCEDURES, METHODS AND DIRECTIVES, FOR A VOLUNTARY INFORMATION SHARING PROGRAM, THAT WILL PROVIDE CYBER THREAT AND TECHNICAL INFORMATION COLLECTED FROM BOTH PUBLIC AND PRIVATE SECTOR ENTITIES, TO SUCH PRIVATE AND PUBLIC SECTOR ENTITIES AS THE DIVISION DEEMS PRUDENT, TO ADVISE ELIGIBLE CRIT- ICAL INFRASTRUCTURE COMPANIES OR COMMERCIAL SERVICE PROVIDERS THAT OFFER SECURITY SERVICES TO CRITICAL INFRASTRUCTURE ON CYBER SECURITY THREATS AND DEFENSE MEASURES. (I) THE REGULATIONS SHALL ALSO SEEK TO DEVELOP STRATEGIES TO MAXIMIZE THE UTILITY OF CYBER THREAT INFORMATION SHARING BETWEEN AND ACROSS THE PRIVATE AND PUBLIC SECTORS, AND SHALL FURTHER SEEK TO PROMOTE THE USE OF PRIVATE AND PUBLIC SECTOR SUBJECT MATTER EXPERTS TO ADDRESS CYBER SECU- RITY NEEDS IN NEW YORK STATE, WITH THESE SUBJECT MATTER EXPERTS PROVID- ING ADVICE REGARDING THE CONTENT, STRUCTURE, AND TYPES OF INFORMATION MOST USEFUL TO CRITICAL INFRASTRUCTURE OWNERS AND OPERATORS IN REDUCING AND MITIGATING CYBER RISKS. (J) THE REGULATIONS SHALL FURTHER SEEK TO ESTABLISH A CONSULTATIVE PROCESS TO COORDINATE IMPROVEMENTS TO THE CYBER SECURITY OF CRITICAL INFRASTRUCTURE, WHERE AS PART OF THE CONSULTATIVE PROCESS, THE PUBLIC AND PRIVATE ENTITIES OF THE STATE OF NEW YORK SHALL ENGAGE AND CONSIDER THE ADVICE OF THE DIVISION OF HOMELAND SECURITY AND EMERGENCY SERVICES, THE DIVISION OF THE STATE POLICE, THE STATE OFFICE OF INFORMATION TECH- NOLOGY SERVICES, THE CENTER FOR INTERNET SECURITY, THE NEW YORK STATE CYBER SECURITY ADVISORY BOARD, THE PROGRAMS ESTABLISHED BY THIS SUBDIVI- SION, AND SUCH OTHER AND FURTHER PRIVATE AND PUBLIC SECTOR ENTITIES, S. 924 4 UNIVERSITIES, AND CYBER SECURITY EXPERTS AS THE DIVISION OF HOMELAND SECURITY AND EMERGENCY SERVICES MAY DEEM PRUDENT. (K) THE REGULATIONS SHALL FURTHER SEEK TO ESTABLISH A BASELINE FRAME- WORK TO REDUCE CYBER RISK TO CRITICAL INFRASTRUCTURE, AND SHALL SEEK TO HAVE THE DIVISION OF HOMELAND SECURITY AND EMERGENCY SERVICES, IN CONSULTATION WITH THE DIVISION OF STATE POLICE, THE STATE OFFICE OF INFORMATION TECHNOLOGY SERVICES, AND THE CENTER FOR INTERNET SECURITY, LEAD THE DEVELOPMENT OF A VOLUNTARY FRAMEWORK TO REDUCE CYBER RISKS TO CRITICAL INFRASTRUCTURE, TO BE KNOWN AS THE CYBER SECURITY FRAMEWORK, WHICH SHALL: (I) INCLUDE A SET OF STANDARDS, METHODOLOGIES, PROCEDURES, AND PROC- ESSES THAT ALIGN POLICY, BUSINESS, AND TECHNOLOGICAL APPROACHES TO ADDRESS CYBER RISKS; (II) INCORPORATE VOLUNTARY CONSENSUS STANDARDS AND INDUSTRY BEST PRAC- TICES TO THE FULLEST EXTENT POSSIBLE; (III) PROVIDE A PRIORITIZED, FLEXIBLE, REPEATABLE, PERFORMANCE-BASED, AND COST-EFFECTIVE APPROACH, INCLUDING INFORMATION SECURITY MEASURES AND CONTROLS, TO HELP OWNERS AND OPERATORS OF CRITICAL INFRASTRUCTURE IDEN- TIFY, ASSESS, AND MANAGE CYBER RISK; (IV) FOCUS ON IDENTIFYING CROSS-SECTOR SECURITY STANDARDS AND GUIDE- LINES APPLICABLE TO CRITICAL INFRASTRUCTURE; (V) IDENTIFY AREAS FOR IMPROVEMENT THAT SHOULD BE ADDRESSED THROUGH FUTURE COLLABORATION WITH PARTICULAR SECTORS AND STANDARDS-DEVELOPING ORGANIZATIONS; (VI) ENABLE TECHNICAL INNOVATION AND ACCOUNT FOR ORGANIZATIONAL DIFFERENCES, TO PROVIDE GUIDANCE THAT IS TECHNOLOGY NEUTRAL AND THAT ENABLES CRITICAL INFRASTRUCTURE SECTORS TO BENEFIT FROM A COMPETITIVE MARKET FOR PRODUCTS AND SERVICES THAT MEET THE STANDARDS, METHODOLOGIES, PROCEDURES, AND PROCESSES DEVELOPED TO ADDRESS CYBER RISKS; (VII) INCLUDE GUIDANCE FOR MEASURING THE PERFORMANCE OF AN ENTITY IN IMPLEMENTING THE CYBER SECURITY FRAMEWORK; (VIII) INCLUDE METHODOLOGIES TO IDENTIFY AND MITIGATE IMPACTS OF THE CYBER SECURITY FRAMEWORK AND ASSOCIATED INFORMATION SECURITY MEASURES OR CONTROLS ON BUSINESS CONFIDENTIALITY, AND TO PROTECT INDIVIDUAL PRIVACY AND CIVIL LIBERTIES; AND (IX) ENGAGE IN THE REVIEW OF THREAT AND VULNERABILITY INFORMATION AND TECHNICAL EXPERTISE. (L) THE REGULATIONS SHALL ADDITIONALLY ESTABLISH A VOLUNTARY CRITICAL INFRASTRUCTURE CYBER SECURITY PROGRAM TO SUPPORT THE ADOPTION OF THE CYBER SECURITY FRAMEWORK BY OWNERS AND OPERATORS OF CRITICAL INFRASTRUC- TURE AND ANY OTHER INTERESTED ENTITIES, WHERE UNDER THIS PROGRAM IMPLE- MENTATION GUIDANCE OR SUPPLEMENTAL MATERIALS WOULD BE DEVELOPED TO ADDRESS SECTOR-SPECIFIC RISKS AND OPERATING ENVIRONMENTS, AND RECOMMEND LEGISLATION FOR ENACTMENT TO ADDRESS CYBER SECURITY ISSUES. (M) IN DEVELOPING THE NEW YORK STATE CYBER SECURITY INFORMATION SHAR- ING AND ANALYSIS PROGRAM IN ACCORDANCE WITH THE PROVISIONS OF THIS SUBDIVISION, THE DIVISION OF HOMELAND SECURITY AND EMERGENCY SERVICES, IN CONSULTATION WITH THE DIVISION OF STATE POLICE, THE STATE OFFICE OF INFORMATION TECHNOLOGY SERVICES, AND THE CENTER FOR INTERNET SECURITY, SHALL PRODUCE AND SUBMIT A REPORT, TO THE GOVERNOR, THE TEMPORARY PRESI- DENT OF THE SENATE, AND THE SPEAKER OF THE ASSEMBLY, MAKING RECOMMENDA- TIONS ON THE FEASIBILITY, SECURITY BENEFITS, AND RELATIVE MERITS OF INCORPORATING SECURITY STANDARDS INTO ACQUISITION PLANNING AND CONTRACT ADMINISTRATION. SUCH REPORT SHALL FURTHER ADDRESS WHAT STEPS CAN BE TAKEN TO HARMONIZE AND MAKE CONSISTENT EXISTING PROCUREMENT REQUIREMENTS S. 924 5 RELATED TO CYBER SECURITY AND THE FEASIBILITY OF INCLUDING RISK-BASED SECURITY STANDARDS INTO PROCUREMENT AND CONTRACT ADMINISTRATION. 5. NEW YORK STATE CYBER SECURITY CRITICAL INFRASTRUCTURE RISK ASSESS- MENT REPORT. (A) THE DIVISION OF HOMELAND SECURITY AND EMERGENCY SERVICES, IN CONSULTATION WITH THE DIVISION OF STATE POLICE, THE STATE OFFICE OF INFORMATION TECHNOLOGY SERVICES, AND THE CENTER FOR INTERNET SECURITY, WITHIN ONE HUNDRED TWENTY DAYS OF THE EFFECTIVE DATE OF THIS SECTION, SHALL PRODUCE A NEW YORK STATE CYBER SECURITY CRITICAL INFRAS- TRUCTURE RISK ASSESSMENT REPORT. (B) THE PRODUCTION OF THE NEW YORK STATE CYBER SECURITY CRITICAL INFRASTRUCTURE RISK ASSESSMENT REPORT SHALL USE A RISK-BASED APPROACH TO IDENTIFY CRITICAL INFRASTRUCTURE WHERE A CYBER SECURITY INCIDENT COULD REASONABLY RESULT IN CATASTROPHIC REGIONAL OR STATE-WIDE EFFECTS ON PUBLIC HEALTH OR SAFETY, ECONOMIC DISTRESS, AND/OR THREATEN PUBLIC PROTECTION OF THE PEOPLE AND/OR PROPERTY OF NEW YORK STATE. (C) THE PRODUCTION OF THE REPORT SHALL FURTHER USE THE CONSULTATIVE PROCESS AND DRAW UPON THE EXPERTISE OF AND ADVICE OF THE DIVISION OF HOMELAND SECURITY AND EMERGENCY SERVICES, THE DIVISION OF STATE POLICE, THE STATE OFFICE OF INFORMATION TECHNOLOGY SERVICES, THE CENTER FOR INTERNET SECURITY, THE NEW YORK STATE CYBER SECURITY ADVISORY BOARD, THE PROGRAMS ESTABLISHED BY THIS SECTION, AND SUCH OTHER AND FURTHER PRIVATE AND PUBLIC SECTOR ENTITIES, UNIVERSITIES, AND CYBER SECURITY EXPERTS AS THE DIVISION OF HOMELAND SECURITY AND EMERGENCY SERVICES MAY DEEM PRUDENT. (D) THE NEW YORK STATE CYBER SECURITY CRITICAL INFRASTRUCTURE RISK ASSESSMENT REPORT SHALL BE DELIVERED TO THE GOVERNOR, THE TEMPORARY PRESIDENT OF THE SENATE, THE SPEAKER OF THE ASSEMBLY, THE CHAIR OF THE SENATE STANDING COMMITTEE ON VETERANS, HOMELAND SECURITY AND MILITARY AFFAIRS, AND THE CHAIR OF THE ASSEMBLY STANDING COMMITTEE ON GOVERN- MENTAL OPERATIONS. (E) WHERE COMPLIANCE WITH THIS SECTION SHALL REQUIRE THE DISCLOSURE OF CONFIDENTIAL INFORMATION, OR THE DISCLOSURE OF SENSITIVE INFORMATION WHICH IN THE JUDGMENT OF THE COMMISSIONER OF THE DIVISION OF HOMELAND SECURITY AND EMERGENCY SERVICES WOULD JEOPARDIZE THE CYBER SECURITY OF THE STATE: (I) SUCH CONFIDENTIAL OR SENSITIVE INFORMATION SHALL BE PROVIDED TO THE PERSONS ENTITLED TO RECEIVE THE REPORT, IN THE FORM OF A SUPPLE- MENTAL APPENDIX TO THE REPORT; AND (II) SUCH SUPPLEMENTAL APPENDIX TO THE REPORT SHALL NOT BE SUBJECT TO THE PROVISIONS OF THE FREEDOM OF INFORMATION LAW PURSUANT TO ARTICLE SIX OF THE PUBLIC OFFICERS LAW; AND (III) THE PERSONS ENTITLED TO RECEIVE THE REPORT MAY DISCLOSE THE SUPPLEMENTAL APPENDIX TO THE REPORT TO THEIR PROFESSIONAL STAFF, BUT SHALL NOT OTHERWISE PUBLICLY DISCLOSE SUCH CONFIDENTIAL OR SECURE INFOR- MATION. § 2. This act shall take effect immediately.
Comments
Open Legislation is a forum for New York State legislation. All comments are subject to review and community moderation is encouraged.
Comments deemed off-topic, commercial, campaign-related, self-promotional; or that contain profanity, hate or toxic speech; or that link to sites outside of the nysenate.gov domain are not permitted, and will not be published. Attempts to intimidate and silence contributors or deliberately deceive the public, including excessive or extraneous posting/posts, or coordinated activity, are prohibited and may result in the temporary or permanent banning of the user. Comment moderation is generally performed Monday through Friday. By contributing or voting you agree to the Terms of Participation and verify you are over 13.
Create an account. An account allows you to sign petitions with a single click, officially support or oppose key legislation, and follow issues, committees, and bills that matter to you. When you create an account, you agree to this platform's terms of participation.