The New York JSOC Will Serve as a First-of-its-Kind Hub for Data Sharing and Cyber Coordination Across New York State, New York City, the Five Major Upstate Cities, Local and Regional Governments, Critical Infrastructure and Federal Partners

Announcement Builds on Governor Hochul’s Unprecedented $61.9 Million Investment in the State’s Cybersecurity Infrastructure as Part of FY23 Budget

Governor Proposes Historic New $30 Million Program for Localities to Help Bolster Cyber Defenses Statewide

As reports have come in about cyberattacks to cripple Ukraine, New York State Governor Kathy Hochul announced the creation of a Joint Security Operations Center in Brooklyn that will serve as the nerve center for joint local, state and federal cyber efforts, including data collection, response efforts and information sharing.  A partnership  launched with New York City Mayor Eric Adams, Albany Mayor Kathy Sheehan, Syracuse Mayor Ben Walsh, Buffalo Mayor Byron Brown, Rochester Mayor Malik Evans, Yonkers Mayor Mike Spano, and cyber leaders across the state, the JSOC is the nation’s first-of-its-kind cyber command center that will provide a statewide view of the cyber-threat landscape and improve coordination on threat intelligence and incident response.

“There is a new type of emerging risk that threatens our daily lives, and just as we improved our physical security infrastructure in the aftermath of 9/11, we must now transform how we approach cybersecurity with that same rigor and seriousness,” Governor Hochul said. “I’m proud to announce this dynamic and innovative partnership to establish the Joint Security Operations Center in collaboration with New York City, our upstate cities, and government and business leaders across the state. Cybersecurity has been a priority for my administration since Day 1, and this command center will strengthen our ability to protect New York’s institutions, infrastructure, our citizens and public safety.” 

This innovative collaboration has been months in the making and is the result of Governor Hochul and her team’s early vision and commitment to enhancing the State’s cybersecurity posture. No other state has brought together cybersecurity teams in a shared command space at this scale including federal, state, city, and county governments, critical businesses and utilities, and state entities like Division of Homeland Security and Emergency Services, Office of Information Technology Services, New York State Police, MTA, Port Authority of New York and New Jersey, the New York Power Authority, among others.

New York’s leadership in finance, energy, transportation, healthcare, and other critical fields makes the State an attractive target for cyberattacks that can disrupt operations, including critical infrastructure and services to citizens. While government entities across the State have historically taken an independent approach to cyber defense and protecting the safety of their technology assets, acting alone is no longer optimal. As the frequency and sophistication of cyberattacks have grown, so too has the need for a “whole of government” approach.

The JSOC, headquartered in Brooklyn and staffed by both physical and virtual participants from across the state, will improve defenses by allowing cyber teams to have a centralized viewpoint of threat data. This will yield better collaboration on threat intelligence, reduction in response time, and quicker remediation in the event of a major cyber incident. It will help participating entities respond to potential issues and elevate systemic trends that may have otherwise gone undetected. This approach leverages all the cyber defense assets at the state, city, local and authority-level under one umbrella.

New York State will collaborate with city and regional leaders on cyber trainings and exercises as the JSOC becomes operational over the coming months. The Governor and her team will continue ongoing conversations with the White House and federal partners to ensure coordination.

This builds on Governor Hochul’s historic proposal in this year’s budget for investment in New York State’s cyber protections, which includes $61.9 million for cybersecurity, doubling the previous investment. These investments will fund critical protections, including the expansion of the state’s cyber Red Team program to provide additional penetration testing, an expanded phishing exercise program, vulnerability scanning and additional cyber incident response services. These investments help ensure that if one part of the network is attacked, the State can isolate and protect the rest of the system.

As part of this proposal, the Governor is also proposing a $30 million “shared services” program to help local governments and other regional partners acquire and deploy high quality cybersecurity services to bolster their cyber defenses. The interconnected nature of the state’s networks and IT programs means that attacks can quickly spread across the state. Many government entities often do not have the funding or resources necessary to protect their systems, some which provide critical services like healthcare, law enforcement, emergency management, water treatment, and unemployment insurance, to name a few. 

In remarks announcing the new cybersecurity effort, Governor Hochul said, “Given the increasingly volatile geopolitical circumstances with Russia and Ukraine. And we just heard from President Biden moments ago on the advancing troops from Russia, we can no longer act independently. And that has been the case where the state of New York has its plan. City of New York has a plan. Our mayors, our local governments throughout the state of New York. And that is not sustainable in light of the threats that we’re seeing. And we can’t expect cities and counties to go it alone. They don’t have the resources, they don’t have the technological know-how and we’re rethinking our entire approach to cybersecurity really based on the model that was put together after 9/11, when we had a fight and talk about how we can bring people together for our physical security. And that was the genesis of the joint terrorism task force…

We realized that we’re only as strong as our weakest link and the synergy between even our local governments, our cities, and our counties, they’re connected to our state operations. So an attack on them could lead to a larger attack and disruption of service from the state as well. So again, breaking down the silos, the data sharing that has not gone on and bringing it together under one place, and we can strengthen our defenses exponentially.

“And we all know that cyber criminals are relentless. They are motivated, whether they’re state actors, whether they’re rogue individuals, they’re trying to disrupt our operations. Their intent is truly malicious, and that’s why we want to take serious steps here today.

“They’re trying to disrupt our systems and sometimes even extort us for money. And we’ve seen that with hospitals and schools and universities in our own state. And in fact that right now, even costs us $5 to $10 billion a year annually. And just in the last year, 2020 to 21, we’ve had actually 85 serious attacks. And this is even before we’re dealing with the geopolitical situation that I referenced earlier.

“So we know cyber-attacks will continue to happen. And in the long term, this joint security operation, which we call JSOC, you always have to have an acronym if you’re talking about anything in law enforcement, JSOC, this’ll be the tip of the spear for our cybersecurity operations in the state.

“So we know cyber-attacks will continue to happen. And in the long term, this joint security operation, which we call JSOC, you always have to have an acronym if you’re talking about anything in law enforcement, JSOC, this’ll be the tip of the spear for our cybersecurity operations in the state.

“And here we are at 11 MetroTech. And again, this will allow us to have a statewide view and operation sharing. They’ll be doing tabletop exercises. They’ll be working closely together. And I have to tell you, this is absolutely unprecedented. I anticipate that this will be a model for other states. Other areas should be dealing with the same sense of urgency that we [bring] to this. But we know New York state, New York City, we are always going to be in the line of sight for the terrorists and those who want to disrupt our way of life. And knowing that we are the epicenter of financial institutions, and our operations are large infrastructure, and our transportation systems, the MTA, the Port Authority. So that is why we were working so closely with them. And I want to thank Mayor Adams and Chief Technology Officer, Matt Fraser for their partnership.

“We just had a tour of the facility. It is state-of-the-art. This, again, is an incredible model of what collaboration and partner looks like as well. As I mentioned, Albany Mayor Sheehan and, Mayor Spano, who’ve traveled here together today. So this is what collaboration looks like. Physically here, but also we have to put money behind this. And I realized as Governor, and I started asking questions about what we’ve done, where our investments have been, they have been lacking. And I’m proud that my administration is proposing a historic $62 million investment in cybersecurity. More than double what has been spent in previous years and making sure that we have the resource.”

Local governments will get $30 million to buy, at a subsidized price, the technological know-how they need to defend themselves.

Hochul said the state would also be increasing the number of cybersecurity professionals in the state’s workforce, with a plan to hire 70 immediately. “We’re going to be aggressive about identifying cybersecurity individuals who are early in their careers through our Excelsior Fellows program. Also mid-year technologists who have specialties in this, offering them 18 months deployments to become embedded with these operations right here, an incredible experience for them and we’ll take from their experience as well.”

SUNY and CUNY systems are also primed to be training the next generation of professionals. The College Of Emergency Preparedness and Homeland Security at the University of Albany is the first of its kind in the nation. “We need to replicate this. So we have cybersecurity degrees all over the State of New York. These are our ways that we’re going to be attracting more people getting more talent here and using, the very best and the brightest that we can to address this threat.”

Hochul added, “This is also an individual challenge. And I’m afraid that many of members of the public become desensitized when they say, well, ‘You need to make sure that you have a strong passwords and multifactor authentication,’ which people not even quite sure what that means. You need to protect yourself and change your passwords. Be prepared. Act as if you know that attack is coming, because if it comes and you’re not ready, it can be devastating. Your access to your money, your ability to make purchases. You do not want to be there at a place where you would say to yourself, ‘I wish I had taken steps.’

“This is the warning. This is the warning in light of what’s happening globally. This is what is happening, throughout a normal course of our years, as we’ve seen with these attacks, we’ve experienced over the last decade. And so, now is the time for New Yorkers to be prepared. And those of us with older parents or grandparents, tell them not to open up an email if they do not know, it’s not pictures from their grandchildren, don’t open it up. Because there really is a lot of phishing going on, a lot of opportunities for people to really take your personal information and use it in nefarious ways. And so we want to make sure that our older loved ones hear this warning, understand what they need to do, or not do, in a circumstance that we’re describing here as well.

“So, I’ll close by saying the threat of cyber-attacks is very real. Particularly now, that is the warning we’re receiving out of Washington, particularly for a place like New York, and therefore our state and our cities will be taking a leading role in fortifying our defenses in the battlefield against cyber warfare.

“And we will be as relentless in our defense as the criminals are in their aggression. Mark my words, we will thwart them at every step of the way. And this is proof of what we’re doing here today. Again,first in the nation. And I do hope that other states and other governors will follow the lead of what we’re doing here today.”

New York City Mayor Eric Adams said,”New York City is a prime target for those who want to attack our cyber infrastructure to cause destruction. While New York City Cyber Command is already a national model for impeding these threats, it’s time our cybersecurity moved to the next level. We know that when it comes to cyberattacks, the difference between a minor disruption and a catastrophe can be a matter of minutes. That is why the new Joint Security Operations Center will take an integrated and holistic approach to hardening our cyber defenses across the state. I thank Governor Hochul and our fellow mayors for their partnership, and look forward to working with them to confront this common threat.”

Cybersecurity and Infrastructure Security Agency Director Jen Easterly said, “In today’s globally interconnected world, everyone plays a role in protecting Americans against the threat of cyberattacks. The Cybersecurity and Infrastructure Security Agency (CISA) applauds the creation of the NY JSOC and, as always, stands ready to partner with our state and local counterparts in keeping New York’s critical infrastructure safe and secure. Proactive cybersecurity incident response and recovery planning will help mitigate risk and ensure a unified response when an incident happens. Collaboration is at the heart of CISA’s mission, and we look forward to supporting this effort as it becomes operational.”

Division of Homeland Security and Emergency Services Commissioner Jackie Bray said, “Thanks to Governor Hochul’s leadership and vision, we are bringing an integrated, statewide approach to cybersecurity with our government partners. The JSOC will become the nerve center for collecting intelligence on potential threats, keeping an eye out for intruders and breaches, and responding to cybersecurity threats and incidents.”

New York State Office of Information Technology Services Chief Information Officer Angelo “Tony” Riddick said,”Governor Hochul’s commitment to safeguard our state’s infrastructure and the personal information of all New Yorkers has been a priority since her first day in office. The new normal of constant cyber risks threaten every level of government, so we must take innovative steps and work together. Creation of a JSOC will better protect our information and ensure we remain even more vigilant against cybercrime while keeping New Yorkers safe.”

New York State Police Superintendent Kevin Bruen said,”Collaboration and information sharing are crucially important when it comes to providing security and assessing threats.  We appreciate the efforts by Governor Hochul to form this innovative partnership, which will help strengthen cybersecurity efforts and improve response to future incidents.”

Port Authority Executive Director Rick Cotton said, “The safety and security of the Port Authority’s transportation facilities remain the highest priority of the Port Authority – including a relentless focus on cybersecurity. We applaud Governor Hochul, Mayor Adams and leaders from across the state for creating the JSOC that will enhance the ability of government agencies to identify, resource and implement best practices TO combat cyber threats as they continue to evolve.”

Interim President and CEO of New York Power Authority Justin E. Driscoll said,”As the nation’s largest public state utility, cybersecurity is of utmost importance to NYPA. We are thankful to our city and state partners for their collaboration in creating the JSOC. This center will help NYPA keep our systems safe and enable us to continue to generate clean electricity and maintain one-third of the state’s transmission system without incident or interruption, all while providing a whole-of-state approach to protecting New York State from emerging threats.”

MTA Chair and CEO Janno Lieber said, “Cross-agency collaboration is key to providing the best cyber defenses. We are eager to share information and expertise about the MTA’s multilayered cybersecurity systems as we work to protect the state against potential threats.”

Albany Mayor Kathy Sheehan said, “Every day, the City of Albany – like organizations across the nation – defends itself against cyber attacks originating from across the globe. As the victim of a successful ransomeware attack in 2019, the City of Albany knows full well the impact this cybersecurity threat can have on the systems that serve our residents and protect our infrastructure. Thankfully, New York State was there for us when it mattered most, and now we will proactively partner within the Joint Security Operations Center to help identify and respond to cybersecurity threats not only to our city, but other local and state agencies across New York. Thank you to Governor Hochul, Commissioner Bray, and Chief Information Officer Riddick for making this investment and deepening the vital partnerships that will help protect our entire state.” 

Buffalo Mayor Byron Brown said, “Cyber attacks are an emerging threat that state and local governments must take swift action to protect against, and I am thankful Governor Hochul has the vision to apply a statewide, all-hands-on-deck approach to ensure our safety. I am pleased that Buffalo is part of the launch of this first-of-its-kind Joint Security Operations Center that will position us to be better prepared to prevent, protect against, respond to and recover from cyberattacks.”

Rochester Mayor Malik Evans said, “We look forward to working with the state and our other municipal partners to address the critical issue of cybersecurity. We appreciate the Governor’s investment to protect our data. Any attacks on our technical infrastructure systems is actually an attack on the citizens we serve, so bolstering our defenses is a wholly worthwhile endeavor.”

Syracuse Mayor Ben Walsh said,”Cybersecurity is a challenge facing every public and private sector organization every day. Cities are dealing with very similar vulnerabilities, threats and risks. Through the JSOC we will be better able to share intelligence and solutions and better protect our critical assets and the people we serve. I thank Governor Hochul for not just providing resources to our communities but for creating a command center so the state can share more data, information and expertise to confront this always-changing risk. We are always stronger working together.”

Yonkers Mayor Mike Spano said,”The recent wave of cyber security attacks serves as a wake-up call for cities across our country. I thank Governor Hochul for her proactive approach in giving Mayors, who are the generals on the frontlines, a seat at the table to work one on one with some of the most brilliant cyber defense minds in the country as we amplify our cyber security.”