Looking Inside New York State's Cyber Security Strategy

The Smart City Event is happening in about a month, and The Smart City Sentinel has been speaking with our speakers to get a bit of a preview of what attendees should expect from the conference.

Here, we spoke to Frank Bradshaw, CEO, Ho'ike Technologies, who will be a featured speaker in the following session:

Follow the Money: NY State Cyber Security Strategy: Implementing a no back door strategy, NY State has taken a bold stance on Cyber Security. 23 NYCRR 500 is the Cybersecurity rule for organizations under the watch of NY State's Department of Financial Services (DFS). Commonly called the NYS DFS Cybersecurity Act, it requires all organizations under the DFS umbrella (with a few exceptions) to have a sound, robust and auditable Cybersecurity program in place. Failure to meet the requirements could result in the organization being shut down.

Bradshaw began a career in IT by volunteering to lead a group to wire his dorm to being a technical trainer specializing in Lotus Notes and Cybersecurity. 10 years of being a CISSP Master trainer has given him an opportunity to have a hand in the growth of cybersecurity professionals. After many years of working in everything from startups to Fortune 500 companies, Frank Bradshaw now owns and runs Hoike Technologies, a cybersecurity managed services company that specializes in providing SMBs the same level of protection that Fortune 500 companies enjoy, at a price they can afford.

Here is a little preview of his thoughts:

Smart City Sentinel: What will be some key points you plan to hit in your session?
Frank Bradshaw: Several years ago, California passed the first breach notification law. It required a business to notify any California resident if their personal information may have been compromised. Now all 50 states and several territories all have breach notification laws on the books.

NY State is the first state to require certain businesses to have cybersecurity/information security programs in place. This is a game changer because once one state implements something of this magnitude and if it is successful, you will see many other states following suit. This could become the template for federal cybersecurity program standards. After Atlanta mishandled their recent ransomware attack, there is already talk of state legislatures requiring cybersecurity program for local municipalities.

SCS: What new insights can attendees expect to take home from your session?
FB: To understand what a cybersecurity program is, the many moving parts and how it benefits a municipality in the long run.

SCS: Can you identify a few important trends influencing your sector of the IoT which will shape the path of the industry? Why these?
FB: Every day, hackers are exploiting IoT devices because the vast majority of them are unmonitored for malicious activity. In the last year, there was a report of a casino that had their internal network breached through an internet connected thermometer in an aquarium. The hackers gained access to the network through the thermometer. Once on the network, found a database of big spending patrons, and then extracted that database back out through the thermometer and into the cloud.

We have to make proactive steps to get control of IoT devices and to adequately monitor them, as well as segment them into their own network.

Why is this important? As billions of devices go online every day and connect to the internet, hackers know IoT devices are easy targets. Proactivity in securing them must be a top priority.

SCS: What are the biggest challenges facing the IoT? What are some important tools needed to overcome them?
FB: From a cybersecurity perspective, what concerns us most is the ease in which an IoT device can be brought online.

With past clients, we have created policies for the proper review and deployment of all devices on the network.

Without those policies in place, anyone can plug anything into the network, without a proper security review.

That review is what stands between a secure network and a breached one.

SCS: Which vertical markets have the most to gain from IoT implementation? Which are leading and which are still behind the adoption curve?
FB: Obviously, device manufacturers as well as importers. Thanks to Alibaba, there are a lot of IoT devices that can be branded.

SCS: What sessions (other than yours) are you most looking forward to attending at the Expo? Why?
Smart City Leverage – I think it’s fascinating to use infrastructure that already exists (including supplied electricity) for things like public Wi-Fi…even WIFI for a fee for non-residents.

Smart City: Enabling IoT Security and the Chain of Trust. This piggybacks with my discussion. You either enable this voluntarily or eventually it will become involuntary via law

As we are seeing, many municipalities are trying to use technology to allow them to engage more of their constituent. This comes at a price. Unfortunately, many undervalue security as a necessity and over look it….until it’s too late.

Register now to receive a $300 discount.