Senator Patrick M. Gallivan (R-C-I, Elma) says the New York State Senate has passed legislation to strengthen New York’s cyber security measures to combat cyber terrorism. The bills would help advance protocols to protect state assets, facilitate the sharing of information about threats, and secure the state’s cyber systems.
“Cyber terrorism is a threat that demands our full attention,” Gallivan said. “This legislation will help secure our power grid, water systems and other critical infrastructure. It also requires various state agencies to share information about threats and security needs to better protect all New Yorkers from the threat posed by cyber terrorists.”
A bill (S3407A) would establish the New York State Cyber Security Initiative to ensure that the state has a proper cyber security defense system in place. It includes:
- The New York State Cyber Security Sharing and Threat Prevention Program to increase the quality and readiness of cyber threat information that will be shared by the state with the public and private sectors;
- A New York State Cyber Security Partnership Program to improve, develop, and implement risk-based standards for government, private sector businesses, and individual citizens; and
- The New York State Cyber Security Advisory Board, to assist the state in making recommendations and finding ways to protect its critical infrastructure and information systems.
Another bill (S3405A) would require the Division of Homeland Security and Emergency Services to work with the Superintendent of State Police, the Chief Information Officer, and the President of the Center for Internet Security to complete a comprehensive review of New York’s cyber security measures every five years and create a report to summarize its findings. The report would identify the state’s security needs and detail how those needs are being met to ensure that the best security practices are in place to protect New Yorkers from cyber terrorism.
The Senate also passed a measure (S3406) that would create a new crime if someone uses a computer or device to carry out a cyber attack that causes financial harm in excess of $100,000 to another person, partnership, or corporation. It also strengthens penalties for the crime of criminal possession of computer related material.
Earlier this year the Senate passed a bill (S3404) that would create new penalties for a variety of cyber crimes. Under the measure, it would be a Class A felony for any person found guilty of intimidating, coercing, or affecting the public or a government entity by causing mass injury, damage, or debilitation of people or their property, including computers and related programs, data network, or material. A new Class C felony would include anyone who uses a computer to cause serious financial harm affecting more than 10 people.
All bills have been sent to the Assembly.