NY Governor Hochul announces formation of JSOC to oversee cyber across the state

ALBANY, N.Y.—New York State Governor Kathy Hochul announced on Feb. 22, 2022, the creation of a Joint Security Operations Center (JSOC) in the New York City borough of Brooklyn that will serve as the nerve center for joint local, state and federal cyber efforts, including data collection, response efforts and information sharing. 

In a partnership launched with New York City Mayor Eric Adams, Albany Mayor Kathy Sheehan, Syracuse Mayor Ben Walsh, Buffalo Mayor Byron Brown, Rochester Mayor Malik Evans, Yonkers Mayor Mike Spano, and cyber leaders across the state, the JSOC is the nation's first-of-its-kind cyber command center that will provide a statewide view of the cyber threat landscape and improve coordination on threat intelligence and incident response.

"There is a new type of emerging risk that threatens our daily lives, and just as we improved our physical security infrastructure in the aftermath of 9/11, we must now transform how we approach cybersecurity with that same rigor and seriousness," Hochul said. "I'm proud to announce this dynamic and innovative partnership to establish the Joint Security Operations Center in collaboration with New York City, our upstate cities, and government and business leaders across the state. Cybersecurity has been a priority for my administration since Day 1, and this command center will strengthen our ability to protect New York's institutions, infrastructure, our citizens and public safety." 

Collaborative Approach

This innovative collaboration has been months in the making and is the result of Governor Hochul and her team's early vision and commitment to enhancing the State's cybersecurity posture. No other state has brought together cybersecurity teams in a shared command space at this scale including federal, state, city, and county governments, critical businesses and utilities, and state entities like Division of Homeland Security and Emergency Services, Office of Information Technology Services, New York State Police, MTA, Port Authority of New York and New Jersey, the New York Power Authority, among others.

New York's leadership in finance, energy, transportation, healthcare, and other critical fields makes the State an attractive target for cyberattacks that can disrupt operations, including critical infrastructure and services to citizens. While government entities across the State have historically taken an independent approach to cyber defense and protecting the safety of their technology assets, acting alone is no longer optimal. As the frequency and sophistication of cyberattacks have grown, so too has the need for a "whole of government" approach.

"New York City is a prime target for those who want to attack our cyber infrastructure to cause destruction,” Mayor Adams said. “While New York City Cyber Command is already a national model for impeding these threats, it's time our cybersecurity moved to the next level. We know that when it comes to cyberattacks, the difference between a minor disruption and a catastrophe can be a matter of minutes. That is why the new Joint Security Operations Center will take an integrated and holistic approach to hardening our cyber defenses across the state.”

The JSOC, headquartered in Brooklyn and staffed by both physical and virtual participants from across the state, will improve defenses by allowing cyber teams to have a centralized viewpoint of threat data. This will yield better collaboration on threat intelligence, reduction in response time, and quicker remediation in the event of a major cyber incident. It will help participating entities respond to potential issues and elevate systemic trends that may have otherwise gone undetected. This approach leverages all the cyber defense assets at the state, city, local and authority level under one umbrella.

Antoinette King, PSP, DPPS, SICC, Founder, Credo Cyber Consulting, exclusively told Security Systems News, “As a resident of NYS, I am thrilled to see that Governor Hochul has such a strong focus on cybersecurity. The formation of a Joint Security Operations Center is an important step towards protecting our state’s critical infrastructure from the eminent cyber threats that it faces.

“Information sharing has always been a point of contention between federal, state, and local municipalities for various reasons. But, now more than ever we need to see these agencies come together in solidarity to be more efficient and effective in fighting cybercrime. Forming a centralized information-sharing operation is an important step in the right direction.”

New York State will collaborate with city and regional leaders on cyber trainings and exercises as the JSOC becomes operational over the coming months. The Governor and her team will continue ongoing conversations with the White House and federal partners to ensure coordination.

Investment in Cybersecurity

The new JSOC builds on Hochul's proposal in this year's budget for investment in New York State's cyber protections, which includes $61.9 million for cybersecurity, doubling the previous investment. These investments will fund critical protections, including the expansion of the state's cyber Red Team program to provide additional penetration testing, an expanded phishing exercise program, vulnerability scanning and additional cyber incident response services. In addition, these investments help ensure that if one part of the network is attacked, the State can isolate and protect the rest of the system.

As part of this proposal, the Governor is also proposing a $30 million "shared services" program to help local governments and other regional partners acquire and deploy high-quality cybersecurity services to bolster their cyber defenses. The interconnected nature of the state's networks and IT programs means that attacks can quickly spread across the state. Many government entities often do not have the funding or resources necessary to protect their systems, some which provide critical services like healthcare, law enforcement, emergency management, water treatment, and unemployment insurance, to name a few. 

"In today's globally interconnected world, everyone plays a role in protecting Americans against the threat of cyberattacks,” noted Cybersecurity and Infrastructure Security Agency Director (CISA) Jen Easterly. “The Cybersecurity and Infrastructure Security Agency applauds the creation of the NY JSOC and, as always, stands ready to partner with our state and local counterparts in keeping New York's critical infrastructure safe and secure. Proactive cybersecurity incident response and recovery planning will help mitigate risk and ensure a unified response when an incident happens. Collaboration is at the heart of CISA's mission, and we look forward to supporting this effort as it becomes operational."

"Thanks to Governor Hochul's leadership and vision, we are bringing an integrated, statewide approach to cybersecurity with our government partners,” added Division of Homeland Security and Emergency Services Commissioner Jackie Bray. “The JSOC will become the nerve center for collecting intelligence on potential threats, keeping an eye out for intruders and breaches, and responding to cybersecurity threats and incidents."