If Senator Boyle and cosponsors—Senator George M. Borrello of the 57th Senate District and Senator Sue Serino of the 41st Senate District—get their way, municipalities in New York will be banned from paying ransomware demands to get their vital public records data back.
Instead, Senate Bill S7246 proposes the creation of a “Cyber Security Enhancement Fund.” This fund is designed to provide money to villages, towns, and cities with populations of less than a million residents to upgrade their cyber security. The intent is to prevent cyber security breaches from happening in the first place. That is a laudable ideal, but in reality it won’t prove to be fool proof. Good cyber security is so much more than buying technology. It is about discipline—constant discipline—in practicing cyber security. That means having good processes, reporting, and monitoring in place. It means having the right technical talent with the right ongoing training. It means having a culture of security with strong managerial sponsorship. If you have all those in place, you are in a good spot…but even that is not fail-safe.
So what happens when the good intent of SB S7246 fails to deliver the intended result? Is that municipality really supposed to just walk away from all the tax roll information on who has paid and who has not? Do they do without arrest records and court case information? Birth records? I could go on and on. It just isn’t realistic. The unintended consequences are huge for anyone who has worked in this space like I have. These well-meaning senators have no idea and no perspective of what a real ransomware situation is like.
If you want to read the whole story click here – NY Bills Would Ban Municipalities From Meeting Ransomware Demands