This release was originally distributed by the Governor's Press Office. The original can be viewed on the Governor's website.
Governor Kathy Hochul today announced the start of New York State's $30 million shared services program designed to assist counties with cybersecurity for government systems across the state, including tools to protect against ransomware attacks. Today's announcement complements the work of the State's recently announced Joint Security Operations Center in Brooklyn, the nation's first-of-its-kind cyber command center that houses cybersecurity assets from multiple levels of government partners under one roof.
"My administration is laser focused on providing cyber security resources for local governments," Governor Hochul said. "By launching this new $30 million program, we are bolstering the state's capabilities to respond to the evolving threat of cyberattacks and strengthening our ability to protect New York's institutions, infrastructure, citizens and public safety."
"As ransomware attacks become more frequent, it is essential for us to protect sensitive information at local governments across the state," said Lieutenant Governor Antonio Delgado. "The shared services program will provide counties with the assistance and support they need to enhance their cyber defenses."
As part of the shared services program, New York's counties and the State's initial JSOC partners: the Cities of Albany, Buffalo, Syracuse, Rochester, and Yonkers, will be offered CrowdStrike endpoint detection and response (EDR) services at no cost to them. EDR is a technology used to protect endpoints, often computers or servers, by monitoring and reacting to cyber threats in real-time. These services can protect entire networks by detecting and isolating a compromised endpoint and will enable New York State cyber security teams to effectively track sophisticated attacks and promptly uncover incidents, as well as triage, validate and prioritize them, leading to faster and more precise remediation.
The JSOC is taking a centralized approach to managing cyber security risk, as the interconnected nature of the state's networks and IT programs can lead to an attack spreading quickly across the state. By opting-in for these services, counties will contribute to enhancing security of government assets throughout New York State. These services will be provided to counties, and the cities mentioned above, at no cost to them, thanks to the State's consolidated licensing and economies of scale. Many local governments currently do not have resources necessary to protect their systems from cyberattacks and ransomware, including systems which provide critical services such as healthcare, emergency management, utility services as well as law enforcement.
State Division of Homeland Security and Emergency Services Commissioner Jackie Bray said, "We know local governments remain vulnerable to cyberattacks which can cripple critical systems that New Yorkers rely upon. As part of the Governor's shared services plan, we are now offering reliable protection services to every county in the state. This is an important step forward in enhancing our cyber defenses and building out our JSOC partnerships."
New York State Chief Information Officer and Director of the Office of Information Technology Services Angelo Riddick said, "Since her very first day in office, Governor Hochul has prioritized doing everything possible to create a more robust cybersecurity posture across all levels of government. Whether it is shining a bright light on the threats that exist, establishing the Joint Security Operations Center, or advancing this shared services initiative to assist local governments in securing endpoint detection to better defend their own assets, New York State is clearly all-in when it comes to cybersecurity. With ITS charged by statute with safeguarding the state's systems and its data, we know the threats are more numerous and more sophisticated than ever, and we understand the stakes. I commend the Governor for her ongoing and steadfast commitment to finding real solutions that protect all New Yorkers."
New York State Chief Cyber Officer Colin Ahern said, "Today's announcement is an important step forward in bolstering our statewide cybersecurity infrastructure. I thank Governor Hochul for her commitment to leading the nation on cybersecurity and we are excited to partner with our colleagues in local government on this shared services program strengthening our overall cyber defenses."
University at Albany's Center for Technology in Government Program Director and Founder of the NYS City CIO Workgroup Meghan Cook said, "CTG UAlbany has been the hub of IT and security information sharing among NYS state and local governments for over 25 years and with the increased attention on building cyber capabilities among county, city, town, and village leaders, this well-crafted endpoint and secure operations shared service is a welcome and strategic investment. NYS DHSES and NYS ITS continue to work collaboratively with local government leaders, matching valuable resources and opportunities and ultimately strengthening NYS's whole of state approach to cybersecurity. "
New York State Association of Counties Executive Director Stephen Acquario said, "Every day, local governments across the state face cyber-attacks that can result in hundreds of thousands of dollars in damages and put critical local services - like public health and safety - in jeopardy. Every level of government needs to be working together to counter this threat and counties applaud Governor Hochul for providing local governments with this investment in the state of the art resources we need to ensure New Yorkers' data is safe and that our local agencies can provide the services our residents rely on. We look forward to continuing to work with Governor Hochul and the State Division of Homeland Security and Emergency Services to expand our understanding of what local governments need to better protect public assets from cyber-attacks."
New York State Local Government Information Technology Directors Association (NYSLGITDA) President Paul Lutwak said, "New York State's formation of a Joint Security Operations Center (JSOC) along with a large investment in cyber defense has the potential to be a game-changer for counties and municipalities statewide. Most counties can't possibly afford all of the defense systems needed to protect our networks and data, and no single county can do what the state can do: Get excellent deals on resources, such as the endpoint antivirus protection JSOC is purchasing for us; track data and detect trends across the whole state; and provide an early warning system when cyber threats are imminent. This statewide approach to cybersecurity makes sense, saves money, and will help us establish a strong defense. NYSLGITDA looks forward to working collaboratively with the NYS ITS and the NYS Division of Homeland Security and Emergency Services to refine this essential service and make it all that it can be."
CrowdStrike Chief Security Officer and President of Services Shawn Henry said, "The endpoint continues to expand as an increased area of risk, and CrowdStrike's industry-leading technology provides teams with actionable intelligence to uncover hidden adversaries, triage threats faster and decisively remediate cyber incidents. Through the JSOC, cities and counties across New York State will now be empowered with CrowdStrike's unparalleled technology to stop threats in their tracks. Our comprehensive platform approach will help to share crucial intelligence and security data to improve coordination across the state and keep bad actors off networks for good. We look forward to serving the people of New York as a key partner in the fight against cyber threats."
The JSOC, announced earlier this year by Governor Hochul, is headquartered in Brooklyn and staffed by both physical and virtual participants from across the state. The center is designed to improve defenses by allowing cyber teams to have a centralized viewpoint of threat data, resulting in better collaboration between government partners on intelligence, response times and remediation in the event of a cyber incident.
The New York State Office of Information Technology Services (ITS) was created in 2012 to transform IT services in an effort to make New York State government work smarter for its citizens and enable the state to be accessible for businesses through the use of technology. ITS provides statewide IT strategic direction, directs IT policy and delivers centralized IT products and services that support the mission of the State. ITS operates data centers 24 hours a day, 365 days a year to support statewide mission-critical applications for over 50 Agencies, over 17 million citizen accounts, 120,000 employee accounts, 60,000 phones, 99,000 desktops and laptops, and 3,433 Virtual Desktop remote connections. ITS operates a secure network of over 1,600 miles of fiber to deliver telecommunications, Internet and Intranet services, enterprise email systems and support, IT training, networking, data storage and processing to State government entities in addition to developing new services in support of citizens, businesses and State Agencies.