New York Chief Information Officer Angelo Riddick said Tuesday the state is responding to “a recent uptick in traffic attempting to connect to our network with IP addresses originating in Russia.”
Speaking during StateScoop’s Cybersecurity Modernization Summit, Riddick said the state has “permanently blocked” such attempts and continues to devise new strategies to protect a digital infrastructure spread across 1,400 miles of fiber optic cable.
“We are seeing phishing, credential harvesting, malware, ransomware, web application attacks, software and hardware vulnerability exploits and so much more,” Riddick said. “We start by taking every threat seriously and communicating in real time to all those who need to know or need to share. This is our new normal.”
Riddick also lauded the federal infrastructure law’s inclusion of funding to help state and local governments work together and cited some of New York’s plans. These include an initiative expected to launch later this year that would give local governments access to endpoint detection tools used by New York state agencies.
“For years we have done this informally on an as-needed basis, but formalizing this partnership is part of the state’s new all-in approach on cybersecurity,” he said.
New York has also funded the first year of a project to implement zero-trust security, a framework that requires users to continuously verify their identities. Riddick said New York is also using funding from the infrastructure law to “enhance” the state’s red team, a group that tests the security readiness of the state’s executive branch agencies.
State technology officials around the country have said they’re keeping a closer eye on their networks following Russia’s invasion of Ukraine. Colorado Gov. Jared Polis last month signed an executive order authorizing his technology office to protect against Russian cyberattacks and limit the state’s use of Russian-made software. Other states have taken similar measures.
New Mexico Gov. Michelle Lujan Grisham earlier this month named a new adviser for cybersecurity and critical infrastructure, citing “potentially crippling Russian cyberattacks.”