How to Manage the Risk?
New York City continues to respond to the increasing threat of cyber incidents that place personal, government, and business interests at risk. In 2017, the City created the New York City Cyber Command (NYC3) to enhance its efforts to protect New Yorkers by educating them about cyber threats, helping them to prevent and detect threats, and taking other measures to increase system security.
In July 2017, New York City restructured its municipal cybersecurity authorities to create a centralized, coordinated, City-wide approach to mitigating the risk posed by cybersecurity threats.
The Mayoral Executive Order of 2017 formally authorized the New York City Cyber Command (NYC3) to lead the City’s cyber defense efforts across more than 100 agencies and offices to prevent, detect, respond to, and recover from cyber threats.
By creating NYC3, New York City instituted a modern cybersecurity operation akin to the City’s police, fire, sanitation, and transportation organizations that serves as an equal partner to keep people safe and their information secure.
“Our streets are already the safest of any big city in the country – now we’re bringing that same commitment to protecting New Yorkers into cyberspace.”
-- New York City Mayor Bill de Blasio
NYC3 protects New York City’s infrastructure and critical systems from malicious attacks by using the latest technologies, entering into public-private partnerships, and conducting training and threat simulations for City employees.
Most cybercrime is mobile – over 60 percent of online fraud is accomplished through mobile platforms. New York City is expanding education initiatives to raise awareness about cybersecurity risks and best practices to reduce cybersecurity risks.
Within its first year, NYC3 created the Citywide Cybersecurity Awareness Program to mitigate the risk of cyber-attacks. This education program provides City employees with a range of training and awareness initiatives, including classroom sessions, computer-based training, anti-phishing simulation testing and training, various media initiatives, and role-based training for employees with privileged access to networks and systems.
Most cybercrime is mobile—over 60% of online fraud is accomplished through mobile platforms.
Educational initiatives include:
- Expanding education programs to raise awareness and reinforce best practices to reduce cybersecurity risks.
- Training initiatives to teach individuals about how to mitigate cyber incidents and diminish the power of social engineering as a tool.
Test phishing campaigns allow organizations to assess and improve an employee’s ability to identify and avoid cyber threats in a low-risk environment.
Resources and tools available for organizations as well as personal use can bolster the ability to prevent and detect cyber threats. In 2018, the City of New York launched the free NYC Secure app. The Secure app will alert New Yorkers about unsafe activity on their mobile devices, provide guidance to remediate issues, and help educate them on the privacy implications of the mobile technologies they use.
Cyber NYC, the City’s initiative to grow the cybersecurity sector, will leverage a roster of world renowned partners to launch a global cyber center, an innovation hub for startups, initiatives to fuel commercialization and research, and new talent pipelines to train the cyber workforce of the future.
The NYCx Cybersecurity Moonshot Challenge will arm New Yorkers and small businesses with the information and tools they need to protect their information from cyber threats.
Applying appropriate security controls and exploring innovative approaches to cyber security will lead to a measurable reduction in the overall cyber risk faced by the City. This includes understanding the risks associated with conducting sensitive activity on unsecure or unencrypted Wi-Fi network connections to yield stronger protections and contribute to better protected information assets.
Much like most other cities in the United States and around the world, an ever-increasing number of people in New York City manage their daily lives through smartphones and mobile devices, leaving them particularly vulnerable to malicious cyber activity, as most mobile devices lack basic cybersecurity protections. Additionally, most publicly available Wi-Fi networks lack adequate security and privacy protection for users who assume that their online activity is protected.
To strengthen the protection of Wi-Fi in the City’s public spaces, NYC3 is working to deploy Domain Name System (DNS) protection across all City-owned systems, and they encourage other providers of free Wi-Fi to follow suit.