New Legislation will Modernize and Strengthen Existing Cybercrime and Identity Theft Laws
New Cyber Incident Response Team Will Harden and Support Critical Technology Infrastructure of State and Local Government and Education Institutions
Governor Andrew M. Cuomo today unveiled a comprehensive package to better protect New Yorkers, as well as government entities, from the ever-growing threat of cyber-attacks. The package includes the strengthening and modernization of cybercrime and identity theft laws, as well as the creation of a new Cyber Incident Response Team to provide cybersecurity support to state entities, local governments, critical infrastructure and schools.
"Cyber-attacks against New Yorkers and our government institutions are an ever-increasing threat to the safety and security of our communities, as well as the privacy and financial well-being of our citizens. Our laws must keep pace in order to combat these increasingly sophisticated criminal acts," Governor Cuomo said. "This proposal will give police and prosecutors the authority and the tools they need to bring cyber thieves to justice and protect New Yorkers. It also puts into place to team to help state and local governments respond to and prevent threats to their cyber security. Together, this will help create a stronger, safer and more secure New York for all."
Modernize Cybercrime and Identity Theft Laws
Cybercrime has rapidly become one of the world's most lucrative criminal enterprises. Cyber criminals hack into personal or professional computers and/or accounts to access and exploit private information, using it to charge purchases to bank accounts and steal identities. In fact, cybercrime is now considered to be more profitable than illegal drug trafficking. In 2014 alone, it was estimated that cybercrime cost the global economy over $400 billion.
Despite these concerns, many of the New York's criminal laws that protect financial or intellectual property and ensure privacy have not kept pace with this growth. To remedy this, Governor Cuomo will champion a three-pronged approach to strengthen New York’s penalties for cyber criminals, including:
- Strengthen Computer Tampering Punishments Currently, inflicting $5 million of damage through computer tampering is treated the same as $50,000 of damage. New legislation will gradate these crimes to ensure penalties reflect their severity. As such, new Class B felony will be created to punish those responsible for causing over $1 million in damage by computer tampering.
- Strengthen Identity Theft Punishments Currently, identity theft laws do not distinguish between a criminal who steals one identity or several and additional penalties for aggravated identity theft only protect military service members serving overseas. To this end, Governor Cuomo is proposing new legislation that not only updates the law to address mass-identity theft through gradated criminal punishments ranging from an A misdemeanor to a D felony, but also expands aggravated identity theft protections to other vulnerable groups outside of military service members. There will now be more severe criminal punishments for identity theft committed against seniors and the mentally and physically disabled.
- Expanding computer intrusion laws to better protect private citizens Obsolete legal definitions currently limit the ability of prosecutors to bring serious charges against cyber criminals. New legislation will ensure unauthorized intrusion into private systems will be treated as a crime in all cases. Once enacted, prosecutors will be able to bring criminal charges with a range of punishments to reflect the severity of the hacking.
Cyber Incident Response Team
The New York State Office of Information Technology Services is responsible for the network security of all state Executive agencies, terabytes of critical data and the cyber protection of 120,000 state employees. However, non-Executive state entities, such as the State University of New York or State Education Department, as well as local governments and numerous state and local public authorities are responsible for putting in place and maintaining their own cyber security polices, programs and infrastructure.
While many of these agencies have taken appropriate steps to protect their data and systems, some require additional technical assistance and support. Therefore, Governor Cuomo has directed the Division of Homeland Security and Emergency Services to establish a Cyber Incident Response Team within the office of Counter Terrorism. This team will serve as a go-to resource for non-Executive agencies, local governments, and public authorities in how to better protect their information technology assets, critical operating systems and data from cyber-attacks, malware and ransomware.
The team will serve as a multi-agency strike force, able to respond to cyber intrusions across the state. It will be supported by members of the Division of Homeland Security and Emergency Services, the National Guard, ITS and other agencies with specific expertise. It will conduct vulnerability assessments, network scans, and review of cybersecurity policies to ensure state entities and local governments have the appropriate plans, procedures, and cyber infrastructure in place. It will also provide a single number to call to report cyber incidents, streamlining response efforts.