As the bloody Russian invasion of Ukraine continues to worsen, U.S. Sen. Kirsten Gillibrand stood at NYPD headquarters today to announce her push to strengthen New York’s cybersecurity and advise individuals on how to protect themselves from cyber attacks.
“Following the sanctions that the U.S. and our allies have levied on Russia, there is an increased risk that Russia will carry out retaliatory cyber attacks, particularly against New York State infrastructure and individuals,” Gillibrand said. “We must act quickly to strengthen our cyber defenses to counter any unwarranted Russian aggression here.”
Gillibrand was joined by City Comptroller Brad Lander, city Chief Technology Officer Matthew Fraser and NYPD Deputy Commissioner of Intelligence and Counterterrorism John Miller.
Because New York City is the economic and financial center of the United States, it’s always viewed as a number one target for foreign adversaries like Russia. That’s why, Miller said, the NYPD views the threat to the city and it’s critical infrastructure as “always high.” But, he added, the Russian invasion of Ukraine has put the city at an even higher alert level.
“We get that we’re in a heightened threat,” Miller said. “We have been gearing up for that heightened threat to come along from our normal high alert to ultra high alert. And that’s where we are and it’s working. I mean, we’re seeing the indicators of compromise, we’re feeding them into our systems. Whether those are IP addresses or other signals, we’re looking for things that are coming in and then sending signals back out. And we’re stopping them. Now, we do that every day. The difference is, we can attribute some of those to this event and to state actors.”
Since the start of the conflict between Russia and Ukraine, Fraser said, the city has seen an uptick in cyber security threats, but no attacks that are specifically targeting the city itself.
“In terms of us being able to foil and respond quickly to these acts as they arise, fortunately we have the right set of tools in place,” Fraser said. “And we deter a significant number of threats a day.”
In order to combat the increased cyber security threat level, Gillibrand said she and U.S. Sen. Chuck Schumer have called for a significant increase in cyber security funding in the federal fiscal year 2022 funding package. This would be directed towards the Multi-State Information Sharing and Analysis Center (MS-ISAC), which is located in upstate New York. MS-ISAC provides early warnings to governments across all 56 states and territories, Gillibrand said, about impending cyber security threats.
Another issue with protecting critical infrastructure from cyber attacks, Gillibrand said, is that 85 percent of infrastructure – like the power grid – is owned by the private sector. Because New York City has been a leader in coordinating cyber security efforts between the public and private sectors, Gillibrand said she’d like to expand the city’s apparatus to other parts of the country.
“This has to be replicated across the entire country,” Gillibrand said. “And it has to be replicated with more than just the most elite of the critical infrastructure. So, we are hoping to create legislation to broaden it so that more entities can opt in. So we have a broader level of protection, but also more resources for the cyber protectors so they can amplify their abilities further. And that’s what today’s about. And I would go back to Washington and write that legislation.”
The senator said there are three ways for individual New Yorkers to best protect themselves from cyber attacks.
First is securing your accounts, Gillibrand said. This includes making sure you use different passwords for each of your accounts – whether it’s banking information or social media – and using two-factor authentication. Second, is installing software updates to your computer and apps as soon as they’re released because these often contain important security upgrades.
Third, the senator said, is to stay aware of cyber attackers who will try to trick you in order to get into your accounts, which is the way most cyber attacks happen.
“Those tricks often come in the form of emails or direct messages that appear to come from businesses telling you that you need to click on a link to update your personal information or collect a prize,” Gillibrand said. “They may also make demands or threats. Remember that you do not have to respond. Take the time to check where the message is coming from. And if the email or account looks legitimate. If you have doubts, you can always reach out to the company by either emailing them independently or picking up the telephone.”