ALBANY — New state legislation signed into law in late December is aimed at increasing cybersecurity safeguards for New York’s energy grid. The legislation, which passed unanimously in both the state Assembly and state Senate, strengthens protections for the local power-distribution system and requires utilities to secure critical infrastructure against cyberattacks, the office of Gov. […]
ALBANY — New state legislation signed into law in late December is aimed at increasing cybersecurity safeguards for New York’s energy grid.
The legislation, which passed unanimously in both the state Assembly and state Senate, strengthens protections for the local power-distribution system and requires utilities to secure critical infrastructure against cyberattacks, the office of Gov. Kathy Hochul said in announcing the bill signing on Dec. 23.
The new law will require utilities to prepare for cyberattacks in their annual emergency response plans. That’s similar to what utilities do to prepare for storms, the governor’s office said.
The legislative provisions will also provide the state Public Service Commission enhanced auditing powers to ensure that critical infrastructure and customer data is secured.
New York State adopted the new law following federal guidance requesting that state’s set minimum cybersecurity requirements for critical infrastructure, including the energy system. In several cases over the past decade, cyberattacks have proven capable of shutting down electric grids, government officials say.
“Hackers continue to target our nation’s critical infrastructure and industrial control systems to threaten the services Americans rely on every day. It’s great to see New York take this important step to protect critical energy and gas infrastructure regulated at the state level,” Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA), said in a statement. “CISA looks forward to continuing to partner closely with the State of New York to help ensure secure and resilient infrastructure.”
Timothy P. Cawley, chairman, president, and CEO of Consolidated Edison, Inc., added, “Cyberattacks are a growing threat to energy systems and energy providers across the country, which is why Con Edison takes so seriously our responsibility to protect critical infrastructure, information systems and customer data. We applaud our partners in government ... for ensuring New York remains a national leader on an issue of critical importance.”