Governor Hochul Signs Nation-Leading Legislation to Protect Energy Grid from Cyber Threats

Governor Kathy Hochul today signed legislation (A.3904B/S.5579A) that will create strongest-in-the-nation cybersecurity protections for the state's energy grid. This action, taken during a global surge in cyberattacks against critical infrastructure, will ensure New York's grid, the backbone of the state's economy, remains reliable and secure.

"The first modern electric grid was built in New York State, and 140 years later, we continue to take nation-leading steps to keep the lights on for all New Yorkers by strengthening our cybersecurity," Governor Hochul said. "We understand that as the financial capital of the world and a leader in clean energy, New York is a target for hackers. This critical legislation will help protect millions of New Yorkers who depend on reliable electric service and ensure a smooth transition to clean energy."

Legislation A.3904B/S.5579A, which passed unanimously in both the New York State Assembly and New York State Senate, strengthens protections for the local distribution system and requires utilities to secure critical infrastructure against cyberattacks. The legislation will require utilities to prepare for cyberattacks in their annual emergency response plans - similar to what utilities do to prepare for storms. The new protections will provide the Public Service Commission enhanced auditing powers to ensure that critical infrastructure and customer data is secured.

This action comes following guidance from President Joe Biden requesting that state's set minimum cybersecurity requirements for critical infrastructure, including the energy system. In several instances over the past decade, cyberattacks have proven capable of shutting down electric grids.

State Senator Kevin S. Parker said, "This legislation is a critical step in protecting New York's energy infrastructure from cyberattacks and ensuring our state has a reliable power source. That's why I'm pleased to see the Governor sign this into law today. We are setting an example for states across the country as New York continues to lead the nation on this important issue."

Assemblymember Michael Cusick said, "This bill signing represents a sea change in the protection of critical energy infrastructure in New York State, one that I believe will become a model for other states across the country. I want to thank the Governor and my partners in the State Legislature for their support in protecting New York's grid against hackers. This is a proud moment for New York, proving again that the Empire State leads from the front."

Chief Cyber Officer Colin Ahern said, "New York is leading on cybersecurity and this legislation is an important step in creating secure energy infrastructure across the state. Governor Hochul is leading the charge to combat emerging threats, a priority for the state and nationally. I'm excited to continue our progress on this front and work with our partners on this important mission."

Division of Homeland Security and Emergency Services Commissioner Jackie Bray said, "Under Governor Hochul's leadership, New York State has significantly enhanced its cyber defenses. We have made substantial investments in resources and services to help our local government partners defend against cyberattacks. This legislation builds on these achievements by helping protect critical energy infrastructure from disruption. DHSES looks forward to continuing to work closely with our critical infrastructure partners on ensuring New York's energy infrastructure is secure."

Chair and CEO of the New York State Public Service Commission Rory Christian said, "I applaud Governor Hochul's vision to recognize the importance of protecting the State's energy grid from the potential of a cyberattack. Our economy and society depends on a receivable power grid, so protecting it should be amongst our highest priorities."

Director of the Cybersecurity and Infrastructure Security Agency Jen Easterly said, "Hackers continue to target our nation's critical infrastructure and industrial control systems to threaten the services Americans rely on every day. It's great to see New York take this important step to protect critical energy and gas infrastructure regulated at the state level. CISA looks forward to continuing to partner closely with the State of New York to help ensure secure and resilient infrastructure."

Chairman, President, and Chief Executive Officer, Consolidated Edison, Inc. Timothy P. Cawley said, "Cyberattacks are a growing threat to energy systems and energy providers across the country, which is why Con Edison takes so seriously our responsibility to protect critical infrastructure, information systems and customer data. We applaud our partners in government - Governor Hochul, Senator Parker, and Assemblyman Cusick - for ensuring New York remains a national leader on an issue of critical importance."

Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger said, "As technology is used in new ways across the energy sector, it is imperative that we take steps to protect our energy grid from cyber threats. We applaud New York for advancing nation-leading, cybersecurity legislation for energy companies. This is an important step towards protecting critical infrastructure and we look forward to working with the Hochul Administration on implementing the new requirements."