New York bill would prioritize cyberthreat planning for water infrastructure owners
A bill introduced in New York’s Legislature would charge state public safety leaders and water suppliers with preparing for cyberattacks on key pieces of the state’s critical infrastructure.
State Sen. Jeffrey Klein introduced S. 7601 on Wednesday, and the bill would factor cyberthreats into the required contingency plans drawn up by the state’s Division of Homeland Security and Emergency Services and all water infrastructure providers in New York.
While all owners of dams or water treatment plants were previously required to undergo “vulnerability analysis assessments” to assess potential trouble spots in case of a terrorist attack, Klein’s bill would have infrastructure providers include a review of the health of the company’s networks in those documents as well.
Water suppliers would have to deliver the new reports to the state’s Department of Health by Jan. 1, 2017, which would then send those documents to the homeland security division, the New York State Police and the state’s chief technology officer. All of the assessments would be exempt from disclosure under the state’s public records law.
Based on the results of those reviews, the commissioner of the homeland security division would then be able to issue “recommendations or general guidance to the water supplier based on the assessment to enhance protections against a terrorist attack or cyber attack,” which would also be exempt from disclosure.
[Read more: NASCIO urges states to develop plans for cyberattacks on critical infrastructure]
Similarly, the head of the health department (or the various county health departments around the state) would be able to issue guidance to publicly owned water suppliers to develop plans that protect against “threats from terrorist attacks, including cyber attacks, designed to disrupt the provision of safe drinking water or significantly affect the public health, or significantly affect the safety or supply of drinking water provided to communities or individuals.”
The bill’s focus on protecting pieces of critical infrastructure comes just a month after the National Association of State Chief Information Officers issued a report calling on state IT leaders to develop plans for handling cyberattacks on these types of infrastructure facilities.
However, the legislation’s chances in the General Assembly aren’t particularly strong.
The legislative analytics company FiscalNote gives the legislation just a 10 percent chance of passing the Senate’s Committee on Veterans, Homeland Security and Military Affairs, and earning a floor vote. Specifically, the company cites the bill’s lack of co-sponsors and the fact that “the committee refers few of its assigned bills to the floor” as factors that could keep the legislation from moving forward.
Contact the reporter at alex.koma@statescoop.com, and follow him on Twitter @AlexKomaSNG.
