Governor Kathy Hochul has introduced New York's first-ever statewide cybersecurity strategy, reinforced by a $600m commitment.
The strategy emerges as a core State of the State priority, aiming to heighten New York’s resilience against contemporary cyber-threats.
“Our interconnected world demands an interconnected defense leveraging every resource available,” Governor Hochul emphasized. “This strategy sets forth a nation-leading blueprint to ensure New York State stands ready and resilient in the face of cyber threats.”
The initiative is designed to shield critical infrastructure, data, networks and technology systems from malicious attacks. By uniting both public and private stakeholders, including local governments, it seeks to orchestrate a unified front against cyber adversaries.
The strategy’s primary pillars – unification, resilience and preparedness – are designed to enable New York State to not only deter cyber-attacks but also neutralize potential threats effectively.
The commitment also includes allocating $90m to centralize cybersecurity, with $30m designated for shared services strengthening local governments’ cybersecurity. An additional $500m will be invested in healthcare information technology cybersecurity infrastructure, and $7.4m will expand New York State Police’s cyber units.
Additionally, the governor signed legislation to boost New York’s technology talent pool, providing necessary funding for employers to acquire and retain cybersecurity professionals.
Governor Hochul’s comprehensive vision has already garnered broad support, including acting national cyber director, Kemba Walden, who likened the strategy to the national cybersecurity strategy’s core principles.
“The President’s National Cybersecurity Strategy articulates an affirmative vision for a defensible, resilient, and values-aligned digital ecosystem that benefits all Americans and enables our grandest national ambitions,” Walden said.
“The New York strategy similarly articulates a fundamentally affirmative vision for cyberspace – that is, it is not simply reactive to threat actor behavior – and advances policy in areas such as public-private operational collaboration, regulation of critical infrastructure, cyber education and workforce development and IT modernization.”