New York Gov. Kathy Hochul announced the first-ever statewide cybersecurity strategy aimed at protecting the State’s digital infrastructure from today’s cyber threats.

The Strategy articulates, for the first time, a set of high-level objectives for cybersecurity and resilience across New York. It clarifies agency roles and responsibilities, outlines how existing and planned initiatives and investments knit together into a unified approach, and reiterates the State's commitment to providing services, advice, and assistance to county and local governments.

New York State’s cybersecurity strategy provides public and private stakeholders with a roadmap for cyber risk mitigation and outlines a plan to protect critical infrastructure, networks, data, and technology systems.

"Our interconnected world demands an interconnected defense leveraging every resource available," Gov. Hochul said. "This strategy sets forth a nation-leading blueprint to ensure New York State stands ready and resilient in the face of cyber threats."  

New York’s Strategy

The strategy unifies New York’s cybersecurity services to safeguard critical infrastructure, personal information, and digital assets from malicious actors. It also provides a framework to align the actions and resources of both private and public stakeholders, including county and other local governments.

New York's cybersecurity strategy is not just about protecting our digital assets. It is about ensuring the safety and security of all New Yorkers and maintaining the ability to function and thrive in the digital age. This strategy highlights the Governor's commitment to cybersecurity, not just for State Government systems but for New Yorkers everywhere, as a core responsibility of the State.

The Announcement

Gov. Hochul announced her commitment to bolster New York State’s centralized cybersecurity during this year’s State of the State address. The historic $90 million investment for cybersecurity included in the Fiscal Year 2024 Budget made $30 million in shared services funding available to assist local governments in strengthening their own defenses against cyber threats.

The initiative signaled a new and stronger collaboration between the state and its local governments on this critical and evolving issue. A part of this strategy includes providing $500 million to enhance New York State’s healthcare information technology and primarily cybersecurity infrastructure, as well as $7.4 million to expand the New York State Police’s Cyber Analysis Unit, Computer Crimes Unit, and Internet Crimes Against Children Center.

The state’s comprehensive cybersecurity strategy is defined by three central principles:

• Unification

• Resilience

• Preparedness

When taken together, New York State can lean on these tenets to present a unified and more resilient defense against new and more sophisticated cyber threats; preventing the vast majority of attacks but also isolating, controlling, and mitigating potential threats; and preparing, adapting, and always being ready for the cyber challenges of the future. The strategy offers a blueprint for cybersecurity stakeholders across New York, from State agencies to local governments, to understand how they fit into a larger plan. The blueprint provides objectives, lines of effort, and a commitment from the Governor that they can use when doing future planning and program design.

Gov. Hochul also signed legislation to expand New York's technology talent pool and provide funding to help ensure that New York-based employers are able to hire and retain necessary cybersecurity personnel. She acknowledged the importance of strengthening this sector during the announcement, which was attended by recent graduates of the MTA’s Operational Technology Cybersecurity Program.