The Green Sheet Online Edition
October 10, 2016 • Issue 16:10:01
New York set to enact cybersecurity law
New York State Governor Andrew Cuomo, in cooperation with the state's Department of Financial Services (DFS), proposed legislation requiring New York banks, insurance companies and financial institutions to implement cybersecurity programs aimed at protecting consumers and the financial services sector. Introduced Sept. 13, 2016, the bill will be subject to a 45-day public comment period prior to being enacted into law.
Cuomo called New York the financial capitol of the world and said it leads the nation in protecting the U.S. financial system and consumers from economic harm by rogue state-sponsored organizations, global terrorist networks and other criminal enterprises. "This regulation helps guarantee the financial services industry upholds its obligation to protect consumers and ensure that its systems are sufficiently constructed to prevent cyber-attacks to the fullest extent possible," he stated.
Cuomo's interest in protecting individuals and businesses from the scourge of cybercrime dates to 2011, when he was first elected to office, according to Mahesh Nattanmai, Executive Deputy Chief Information Officer in New York's Office of Information Technology Services. Nattanmai is leading efforts to streamline and improve consumer access to government services. "We have to know what we run, what we own," he said. "We need to take standardization as our first step, then get into security and transforming the applications."
To gain insight into what will be required to consistently safeguard sensitive information, the state surveyed nearly 200 banks and insurance companies regarding their data security practices. The agency also met with cybersecurity experts to explore the evolving threat landscape and due diligence processes, policies and procedures related to working with third-party solutions providers. Three reports resulting from these meetings, along with the surveys, were used in the rulemaking process, the DFS stated.
In June 2016, leading security analysts were among 1,200 attendees at the 19th annual New York State Cyber Security Conference, held in Albany, N.Y. The event, co-hosted by the New York State Office of Information Technology Services, the NYS Forum Inc. and the State University of New York's Albany School of Business, highlighted New York's continuing commitment to improving security awareness, education and best practices. A threat simulation exercise enabled attendees to role-play incident response scenarios. Additional presentations and breakout sessions addressed a range of issues facing end users and IT professionals.
"Consumers must be confident that their sensitive nonpublic information is being protected and handled appropriately by the financial institutions that they are doing business with,' said DFS Superintendent Maria T. Vullo. "Regulated entities will be held accountable and must annually certify compliance with this regulation by assessing their specific risk profiles and designing programs that vigorously address those risks."
New York was the first state to introduce cybersecurity regulations. If enacted, a Chief Information Security Officer will be appointed to oversee and enforce policies and procedures. The regulations are designed to be flexible and promote innovation. Additional information is available at < a href='www.governor.ny.gov/sites/governor.ny.gov/files/atoms/files/DFSCybersecurityRegulations.pdf' target="blank">www.governor.ny.gov/sites/governor.ny.gov/files/atoms/files/DFSCybersecurityRegulations.pdf.
October 2016 will mark the 13th anniversary of National Cyber Security Awareness Month, a public effort to raise cyber security awareness in public and private sectors. The multi-agency initiative is co-sponsored by the U.S. Department of Homeland Security, National Cyber Security Alliance, National Association of State Chief Information Officers and Multi-State Information Sharing and Analysis Center.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.