There’s no question New York is a prime target for a terror attack – and that includes attacks on its cyber networks.
With Thomas Smith at the helm, the New York Office of Cyber Security (OCS) works to protect the state’s cyber security infrastructure through the identification and mitigation of vulnerabilities, deterring and responding to cyber events and promoting cyber security awareness around the Empire State. The OCS is also responsible for promulgating state policies, standards, programs, and services relating to cyber security and geographic information systems (GIS).
Smith was appointed to the position of director in July 2010. Until 2007, he’d served as Assistant Deputy Director and Counsel. He aided in the agency’s policy direction, managed large-scale procurements, coordinated the agency’s legislative program and served as co-chair of the Multi-State Information Sharing and Analysis Center’s Procurement Workgroup. Before his work in the OCS, Smith served as a supervising attorney at the State Office for Technology, where he also acted as a legislative liaison.
During a question-and-answer session with Homeland Security Today, Smith talked about the current threats, how Internet security is no longer just an “IT” problem, and how the general public needs to be more aware of proper “cyber hygiene.” He also discussed themes that emerged from the recent 14th Annual New York State Cyber Security Conference and 6h Annual Academic Symposium, co-hosted by his office.
Q. Are there any significant events that impressed upon corporations, governments and the public the importance of cyber security within the past few years?
Noting the [recent] breach at the International Monetary Fund… as well as other high-profile intrusions such as those against Google, or viruses like the 2010 Stuxnet worm, Smith said “those are things that are now in the common nomenclature … those things are helping raise the consciousness – the threats are real, the threats are sophisticated, the threats are pointed at anyone who holds information, essentially, anyone who uses the Internet. In some ways, it makes carrying the message forward about the importance of cyber security a little easier because people are conscious of it. …There’s certainly a growing consciousness that ‘it could happen to me, too’ in the larger sense.”
Q. What was the biggest theme that emerged from the cyber conference June 7-8?
“The theme that we are trying to get at is … making sure that cyber security is something that they [security professionals, management, etc…] view it as an integral part of overall risk management … it’s no longer the province of, ‘this is something you have to give to IT.'”
“A lot of the messages that we heard were that there are so many potential actors, it’s hard to discern in a given situation what the agenda of a hacker may or may not be,” whether it be to access one’s financial information, personal information, or other critical infrastructures connected to the Internet. “The real takeaway was that we’re all a target for these threats and we all have vulnerabilities that need to be addressed.”