New York City

The long view for DoITT and LinkNYC

An interview with Samir Saini, commissioner of the New York City Department of Information Technology and Telecommunications.

A linknyc booth in manhattan

A linknyc booth in manhattan Michael Appleton/Mayoral Photography Office

New York City Department of Information Technology and Telecommunications Commissioner Samir Saini is just two months into his new job, but he already has big plans for his department. In an interview with City & State, Saini described how he plans to reshape the department while continuing to meet Mayor Bill de Blasio’s goal of providing broadband for all New Yorkers, from free public Wi-Fi to home broadband service. Saini also weighed in on cybersecurity in the city and his own transition from his previous role as Atlanta’s chief information officer.

C&S: How is the OneNYC initiative to bring broadband to all New Yorkers going?

SS: It’s going well. There are different parts to the program. The first part is the effort to bring broadband on our streets, which is the public Wi-Fi, the high-speed public Wi-Fi strategy. And that is largely tied to the LinkNYC kiosks. So the Link deployments, things are going very well. We just briefed the City Council on this and we have another briefing as part of a budget hearing next week on it. But we have, as of today, about 1,500 Links, active Links deployed delivering, from what I’m getting on average, about 300-350 megabit per second up and down with a 200-foot radius range from each Link. So we have 1,500 Links deployed, scattered across the boroughs and that’s going quite well. I think it’s 3.5 million active subscribers using free, high-speed public Wi-Fi from the Links. And I think the other metric I just saw is we’re seeing double-digit growth in the number of subscribers every year since we deployed the Links. So Link is going well. That’s one piece.

C&S: And the other pieces?

SS: The other piece is broadband in the home. That’s also moving forward. So broadband in the home is largely driven by DoITT’s role to administer a set of franchise agreements. There are eight franchise agreements with cable providers. I guess the big issue there is broadband in the home, but it’s really largely provided by two suppliers in the city: Verizon Fios and Charter/Spectrum. And what I think what you’re going to be seeing from DoITT as part of a strategic plan we’re going to launch very soon, before July 1, is new strategies we’re going to deploy to help accelerate the deployment of affordable broadband in the home, and the equitable distribution of it because there are parts of the city that don’t have broadband. The Mayor's Office of the Chief Technology Officer just issued a broadband report two weeks ago that’s actually quite enlightening. Some of the highlights over here are that, No. 1, roughly 31 percent of New Yorkers don’t have broadband in the home today, and that’s the equivalent to the entire population of the city of Houston. So that’s a problem. There’s also issues around affordability for the current broadband services that are offered. And I think the obvious issue is there is a minimal level of choice for broadband. So all these things we’re tackling, and I think you’re going to see this in the strategic plan, ways in which we’re going to change this game to deliver more equitable, affordable broadband to more New Yorkers to really hit the mayor’s commitment of broadband for all New Yorkers by 2025.

Samir Saini
C&S: What can you tell me about ongoing difficulties with Charter/Spectrum? In what ways are they possibly violating their franchise agreement with the city?

SS: There were two audits that we conducted against Spectrum. One was an audit that was financially related around evaluating how revenue was being calculated and generated. And the second audit was more on labor. And really the audits were meant to ensure and validate that Charter was in fact complying to the letter of the franchise agreement we have in place with them. So that’s all public knowledge. On the financial audit, we asked for a bunch of financial data from Charter. They provided it ... and we’re analyzing it. So that’s in process. On the audit regarding whether they violated any labor issues, we made some initial findings, however there’s other concerns from other entities around whether this is a violation of labor provisions within the franchise agreement that are still pending a final determination.

C&S: You’re fairly new to the job. What has your transition been like and what do you consider to be your most important role?

SS: I’m still two months in. But really, I’ve broken down our core objectives into three parts. The first is going all-in into achieving digital equity for all New Yorkers. Digital equity implying equitably distributed, affordable broadband in every home, on every street, in every borough. The second one is really a focus on DoITT as a shared services provider. DoITT provides a set of IT services to serve our internal agencies. We have over 100 agencies that we support in different ways. So the first objective I’ll have for our agency is to really transform ourselves more fully and entirely into operating like an external service company. Less a call center, internal service order taker. So it’s a big cultural shift for us, but the idea is to really start transforming how we interact with agencies: treat them like customers, have a menu of services that are really easily understood and explainable and measurable. So it’s really running our internal shop better than we do today and then transforming ourselves from order taker to a service management orientation.

The second objective is really around relooking at the services we provide to the agencies. We provide about 60 high-level services today – relooking at these 60, asking our customers, “What services do you want from us?” And then optimizing the service portfolio to align to the needs of the agencies today and what they’ll need over the foreseeable future. This hasn’t happened in a long time. Up to this point, DoITT has built its service portfolio based on random requests from different agencies. If you wanted a pizza, DoITT would figure out how to make a pizza and give you a pizza. If you wanted a hamburger, we’d figure that out and give you a hamburger. If you wanted a steak, we did that. Now we have a kitchen and a bunch of chefs that can make all sorts of stuff. But the question is, should we? Or do we want to be a pizza joint? What do we actually want to be? It’s a good problem to have because we’ve built a lot of relationships and we have a wide menu, but it’s now becoming a point where we want to be more strategic about what we want to put on our menu based on what really our customers want from us – especially if people aren’t ordering burgers anymore.

C&S: Cybersecurity has been a very large concern recently, especially with the upcoming elections. What is the city doing to shore up its defenses against cyberattacks?

SS: There was a press release from the mayor’s office announcing the preliminary budget that’s going to the City Council for review over the next few weeks. In that budget is an inclusion for over $40 million dedicated for Geoff Brown and the new cyber command unit that’s been set up. The cyber command unit, we call C3 under the citywide (chief information security officer) Geoff Brown, reports directly into the mayor’s office, the deputy mayor of operations, not to me. And that’s a good thing because security is such a huge world these days that it requires its own agency, its own dedicated focus and that’s where that lives. So the biggest thing we’ve done is put money to it, and the money is really for staff and for tools to strengthen the city’s ability to detect, to respond, to prevent threats from happening in the first place. It also is investments to ensure that we can continuously proactively check to find holes in the environment if any exist and close them before they’re ever exploited by a bad actor externally. And so we’re feeling really good about it. It takes investment and the mayor’s proposed budget provides exactly that.

C&S: Is that different than other cities?

SS: It is. I don’t know of any other city that has that structure. Coming from me, I think it’s a very good thing because New York City isn’t like any other city. The sheer complexity of what we do and how visible we are externally warrants that cybersecurity be its own entity and have its own separate investment and funding and resources. So I think the executive order Mayor de Blasio issued to create this organization last summer was absolutely the right move. And I think New York should feel really good that we’re not doing what other cities do. We’re taking cybersecurity so seriously, we created a whole agency, and incremental new funding dedicated to it to ensure that we’re safe.

C&S: A couple months ago, there was a huge cyberattack that crippled Atlanta. Do you think that having a New York City approach to cybersecurity could have prevented or at minimized the damage of that attack?

SS: I don’t. I mean, the reality of what happened in Atlanta and also what’s happening in other cities is just not being, it’s not hitting the news unless you’re in the CIO circuit, is that those kinds of threats, especially that one ... can’t be prevented. (Editor's note: After this interview was published, the Department of Information Technology and Telecommunications clarified that Saini meant that such threats are "very hard to prevent.") The key is to have an administration that prioritizes cybersecurity. I’ll put it that way. And investments in cybersecurity in particular are really critical regardless of how it’s structured. In Atlanta, I think Mayor (Keisha Lance) Bottoms publicly said that she had not made cybersecurity a priority. That’s her words. But now, after the attack, it is her No. 1 priority. So I think the mayor is doing absolutely the right thing, which is way before, this is last year, before the Atlanta attack and actually several other attacks that occurred in other cities affecting critical infrastructure, public safety infrastructure, transportation infrastructure. California got affected. He saw the writing on the wall and said, “We’ve got to do this differently,” which is where C3 was born.

C&S: You were CIO in Atlanta before coming to New York City. How different has it been to come from a place where, as you said, it wasn’t initially a priority to a place where it is?

SS: Part of why I had left is first off, I’m actually from New Jersey. So, in part, this was a move home. But the other is, there was a leadership change happening in Atlanta, there was a new mayor coming it. It was a logical time for me to depart. But also, there was minimal – I felt like Atlanta had hit a point where they were not investing as much as I would have wanted them to in moving on a number of areas, scaling out smart city initiatives we had, but also in the cyber space. So it was really a mixed bag of reasons, but moving here to New York, it’s been a real blessing because I think this city and this mayor really understands and values IT. Not to say they didn’t in Atlanta, but certainly, it’s a big deal here. In large part I think it’s because the operations of New York City are so complex and affect so many people that technology plays an even more critical role in the delivery of the services to the 8.7 million people that live here, less so the 500,000 people that live in Atlanta. So I think there’s just a lot more focus and dependence on it, and a lot more investment and appreciation for IT and our services.

C&S: And you said the kind of attack that happened in Atlanta isn’t really preventable. Is it a concern that it could happen in New York City?

SS: Yes. There’s multiple types of cyberattacks that occur all the time. So I would be the first to tell you, and no one could disagree with this, no city, no state, no private sector entity is immune from any of these. Period. If anyone thinks they’re well-protected, well, they shouldn’t say that publicly because they’re just going to be a target. If you talk to the cybersecurity experts out there, they’ll tell you the same thing – that the game now, it’s not about investing in services to protect yourself from ever having an attack. Everyone needs to accept that there will be an attack. It’s a matter of when. It’s a matter of how bad. And the question really will be, how ready are you, as a city or as a private sector company, to detect it and remediate it, and to strengthen your defenses so if it happens again, it won’t be as bad, or that kind of attack won’t happen again. It’s about containment and response and then strengthening your defenses next time. No one is immune. It just so happens that Atlanta got hit, but when was the last time Atlanta was hit? Never. Because we did several other things, at least over the course of my time there, where we could have gotten hit 10 times because we had legacy infrastructure and all sorts of holes. That’s why it’s just one of those things where you’re never 100 percent safe. Nobody is 100 percent safe from a cyberattack. Anyone who says they are, I would worry about.