The Business Council supports provisions found within Part D, of the Public Protection & General Government Article VII budget bill, which propose to create a not-for-profit entity to assume the current functions of the NYS Office of Cyber Security & Critical Infrastructure Coordination and authorizes the State to contract with that not-for-profit to carry out cyber security services and functions.
This initiative proposes a new relationship between government and the private sector which will allow for a greater degree of trust, information sharing, and collaboration to counter the growing threat of malicious activity in cyberspace. One of the most serious challenges facing our state and nation's economy and security is protecting the critical assets of government and the private sector. This proposal calls for a fundamental rethinking of the government's traditional relationship with the private sector, acknowledging that a high percentage of our critical information infrastructure is privately owned.
The continued volume and complexity of cyber security threats demands action now. The risks associated with exposure to cyber dangers know no geographic or governmental boundaries. The potential impact of a cyber incident can be severe—ranging from vital services being unavailable to citizens, malicious software being installed on computers, or hackers breaking into systems to steal information, including trade secrets and personal, private or sensitive data. Critical infrastructure assets may also be severely degraded or destroyed, leading to direct physical harm to citizens or a loss of essential services.
This proposal offers an environment in which trusted relationships between the private sector and government will allow both parties to address barriers, legal and otherwise, to establish consistent security standards and to deal with attacks on critical private-sector networks. It will provide for the foundation from which to formulate an integrated cyber security posture and will encourage a more holistic, enterprise-wide understanding of the resources and challenges which exist so that solutions can be developed in a comprehensive rather than piecemeal manner.
In addition to facilitating the exchange of information, the not-for-profit entity will enhance the ability to respond expeditiously to threats. A more flexible organization will be able to quickly bring the right solutions to bear on the constantly evolving risks that present themselves in cyberspace.
For these reasons, The Business Council supports these Part D provisions and urges favorable action as part of enacting a SFY 2009-10 state budget.