BILL NUMBER: S193
SPONSOR: MARTINEZ
TITLE OF BILL:
An act to amend the executive law and the state finance law, in relation
to cyber security enhancement funding; and to restrict the use of
taxpayer moneys in paying ransoms
PURPOSE:
The purpose of this bill is to create the Cyber Security Enhancement
Fund that will make available grants and financial assistance to
villages, towns, and cities with a population of one million or less for
the purpose of upgrading the cyber security of their local government.
The monies from the cyber security enhancement fund shall be disbursed
by the division of homeland security and emergency services.
Additionally, this bill establishes that no local or state taxpayer
funds shall be used to pay ransoms for ransomware attacks after January
1, 2024.
SUMMARY OF PROVISIONS:
Section 1: Requires that the commissioner of the division of homeland
security and emergency services establishes a program for upgrading the
cyber security of local governments including towns, villages, and
cities with a population of one million or less to be paid for by the
cyber security enhancement fund.
Section 2: Establishes the cyber security enhancement fund to be jointly
controlled by the state comptroller and the commission of taxation and
finance. The fund consists of five million dollars transferred from the
general fund that will be used to provide grants and other financial
assistance to local governments for upgrading their cyber security.
Section 3: Requires that state and local taxpayer funds no longer be
used to pay ransoms for ransomware attacks after January 1, 2024.
Section 4. Establishes effective date
JUSTIFICATION:
The United States Department of Homeland Security defines ransomware as
a type of malicious software, or malware, designed to deny access to a
computer system or data until a ransom is paid. In addition to the cost
of paying the ransoms themselves, which have been tens if not hundreds
of thousands of dollars themselves, ransomware attacks disrupt key
governmental services, recovery from which has cost some cities upwards
of ten million dollars.
Ransomware attacks on local governments and local government agencies,
such as school districts and police departments, have steadily been on
the rise since they first began to appear in 2013. This is because local
governments have fewer resources dedicated to protect their electronic
data, making them easy targets. This includes an attack in April 2019 in
Albany, NY which shut down many city services and interfered with police
responses to non-emergency calls. If nothing is done, such attacks will
continue to occur and have the potential to cost New York Taxpayers
millions of dollars in ransom payments and repairs to government
services. Addressing this issue requires that we invest in the cyber-se-
curity of our local governments. There are many technologies available
that can help prevent these attacks; they simply need to be implemented
by local governments.
A small investment in local government cyber security now, can help stop
cyber-criminals from profiting on the backs of New York State taxpayers
and protect important state and local government services from
disruption. This bill will do this by creating a fund from which local
governments can receive grants and other forms of financial assistance
to upgrade their cybersecurity and prevent these attacks. To incentiv-
ize these upgrades, the bill will prevent state and local governments
from paying ransoms for ransomware attacks after January 1, 2024 by
which time they should be able to sufficiently upgrade their cyber-se-
curity systems.
FISCAL IMPLICATIONS:
$5 Million from the general fund
EFFECTIVE DATE:
This act shall take effect immediately.