Cybersecurity will remain at the top of New York State’s regulatory agenda this year.
In his annual State of the State address last week, New York Governor Andrew M. Cuomo called for new measures to defend against cyber-attacks aimed at disrupting the mid-term elections. The governor’s proposals include:
- Creating an Election Support Center to work with the State Board of Elections to develop regulations to secure the state’s election infrastructure against cyber-attacks. The center would also train county election officers in cybersecurity best practices and share cyber threat intelligence within the state.
- Developing an Elections Cyber Security Support Toolkit to address cyber risks at the state and local levels including monitoring functions to keep an eye on any changes to voter databases to ensure that the changes are legitimate.
- Calling for the State’s Office of Information Technology Services to provide cyber risk assessments to New York’s counties to identify cyber risks and protect voting machines from tampering.
- Notifying the State Board of Elections and the State Police whenever there is a data breach that potentially exposes confidential voter or election information.
- Requiring the State Board of Elections to issue an annual election security report to the Governor’s office and state legislature addressing cyber risks and recommendations for remediation.
In response to reports of Russian meddling in last year’s presidential election, Governor Cuomo had already ordered a review of New York’s election-related cybersecurity defenses and asked the state’s Cyber Security Advisory Board to work with other state agencies to “assess the threats to the cyber security of New York’s elections infrastructure, identify security priorities, and recommend any necessary additional security measures.”
The governor noted that there have been “no credible reports to election system disruptions” in the state.
New York’s focus on election cybersecurity comes less than four months after the federal government told officials in 21 states that hackers targeted their election systems in the months leading up to last year’s presidential election. The government hasn’t made details about the threats public but several states have publicly acknowledged that hackers broke into their voter registration systems or voter rolls – all of which contain voter information. The compromised systems were not involved in the actual tallying of votes.
As early as 2016, the FBI warned state election officials that hackers had compromised at least two state election databases, stealing undisclosed voter information.
While the federal government has warned of threats to state and local election systems, it has been slow to take action to assist states in securing their election systems from cyber-attacks. Last week, however, six senators introduced a bipartisan bill to require certain assessments of cybersecurity threats and mandate information sharing by election agencies. It also would provide grants to strengthen state voting systems, a measure that could work hand-in-hand with Governor Cuomo’s proposal.