Protecting New York from cyber threats through collaboration and innovation

In the early hours on August 24, Nevada experienced a sophisticated ransomware attack that led to various state systems being offline, in some cases for weeks, as state and federal investigators jumped to carry out the cyber response plan.

While the state was able to keep crucial services running like health and emergency services, the incident was a major attack on Nevada’s systems, the impacts of which are still being investigated more than a month later.

Situations like this are a stark reminder for governments and their partners how important it is to invest manpower, funding and education in cyber and information security. City & State’s Information Security Summit: Protecting NY’s Data & Information Systems, held on Tuesday at EmblemHealth in Lower Manhattan, delved into various facets of cybersecurity in New York, including what the biggest threats are and how to shield against them.

“When you talk about what is happening right now in the state of Nevada, it crystallizes to everybody when they say, ‘This is all theoretical, this really doesn’t happen,’” T-Mobile for Government Executive for Government Strategy Charlie O’Shea, who gave remarks, said. 

The summit opened up with welcome remarks from EmblemHealth Chief Operating Officer Tom MacMillan, who spoke to the company’s work on information security. Emblem makes significant investments in information infrastructure, regularly reports to state regulatory entities and participates in information sharing with public and private entities.

“When you think about security, good guys and bad guys, it’s a race, so everybody has to race faster than the opposition to maintain security,” he said. “We put a lot of our investment in partnerships in innovative, new solutions.”

O’Shea, of T-Mobile, introduced the event’s fireside chat speaker, New York State’s first chief cyber officer, Colin Ahern.

“When Gov. Hochul brought in the first New York state cyber officer to coordinate all of the state departments together, she really stepped up and made a tremendous hire,” O’Shea said. “This is a four-star quality person that the governor brought in to coordinate New York state, as you would expect New York to do.”

In the fireside chat, moderated by City & State Editor-in-Chief Ralph R. Ortega, Ahern touched on the governor’s cyber initiatives, including the country’s first Joint Security Operation Center that provides a statewide view of threats, educating students on tech best practices through the Computer Science for All curriculum and cybersecurity regulations to set minimum standards for hospital computers.

“The governor is not waiting for catastrophe to strike,” he said. “The world gets scarier each and every day. But we can either possibly succeed together, or we can definitely fail if we work alone, so we choose collectively and we choose working together.”

On the topic of federal funding cuts, Ahern said the state will continue to work closely with federal partners whenever possible, but will also hold them accountable when not enough is being done. “We will not hesitate to hold the federal government and this administration to account when we think they’re acting not in accordance with our values, the values of New Yorkers,” he told attendees.

The summit also featured panel discussions among government officials and private executives on the forefront of New York’s cybersecurity industry. The first panel, “Securing New York’s Critical Infrastructure in the Digital Age,” focused on protecting critical infrastructure – which moderator Agostino Cangemi called, “the lifeblood of New York's daily life” – from attacks.

One key takeaway from the discussion was the importance of training people not only in how various technologies and security software work but also in the risks of not being careful. As panelist city Deputy Chief Information Security Officer Jose Tejada said, an untrained user is the weakest link of any cyber chain. 

“Investing in a workforce or cyber training is just as important as investing in tools,” he said. “Any agency or company that just simply invests in tools for cyber defense but does not put the emphasis on the user, in my opinion, [is] doing it wrong.”

The second panel, “The Future of Information Security,” centered around emerging technologies, like artificial intelligence and quantum computing, and how they impact cybersecurity.

“Threat actors only have to be right once,” panelist Scottie Ray, Cloudflare director of solutions engineering, said. “We have to be right a million times, because that’s the number of threats.”

Panelist Preston Miller, senior consulting director at Unit 42 by Palo Alto Networks, noted that “Forewarned is forearmed.”  “When you’re in peacetime,” Miller continued, “now is the time that you need to prepare for the next attack, because it’s going to happen.”

The event was sponsored at the gold level by EmblemHealth; at the silver level by Box, Brown & Weinraub, Carbyne, the New York State Technology Enterprise Corporation, Palo Alto Networks and T-Mobile for Government; and at the bronze level by BusPatrol.