§ 711-c. Cybersecurity incident reviews.
1.Definitions. As used in\nthis section, the terms cybersecurity incident, cyber threat, cyber\nthreat indicator, defensive measure, information system, municipal\ncorporation, public authority, ransom payment and ransomware attack\nshall have the same meaning as such terms are defined in article\nnineteen-C of the general municipal law.\n 2. The commissioner, or their designees, shall review each\ncybersecurity incident report and notice and explanation of ransom\npayment submitted pursuant to sections nine hundred ninety-five-b and\nnine hundred ninety-five-c of the general municipal law to assess\npotential impacts of cybersecurity incidents and ransom payments on the\nhealth, safety, welfare or security of the state, or its residents.\n 3.
Free access — add to your briefcase to read the full text and ask questions with AI
§ 711-c. Cybersecurity incident reviews. 1. Definitions. As used in\nthis section, the terms cybersecurity incident, cyber threat, cyber\nthreat indicator, defensive measure, information system, municipal\ncorporation, public authority, ransom payment and ransomware attack\nshall have the same meaning as such terms are defined in article\nnineteen-C of the general municipal law.\n 2. The commissioner, or their designees, shall review each\ncybersecurity incident report and notice and explanation of ransom\npayment submitted pursuant to sections nine hundred ninety-five-b and\nnine hundred ninety-five-c of the general municipal law to assess\npotential impacts of cybersecurity incidents and ransom payments on the\nhealth, safety, welfare or security of the state, or its residents.\n 3. The commissioner, or their designees, may work with appropriate\nstate agencies, federal law enforcement, and federal homeland security\nagencies to provide municipal corporations and public authorities with\nreports of cybersecurity incidents and trends, including but not limited\nto, to the maximum extent practicable, related contextual information,\ncyber threat indicators, and defensive measures. The commissioner may\ncoordinate and share such reported information with municipal\ncorporations, public authorities, state agencies, and federal law\nenforcement and homeland security agencies to respond to and mitigate\ncybersecurity threats.\n 4. Such reports, assessments, records, reviews, documents,\nrecommendations, guidance and any information contained or used in its\npreparation shall be exempt from disclosure under article six of the\npublic officers law.\n 5. No later than forty-eight hours after receiving a cybersecurity\nincident report containing a request for advice and/or technical\nassistance from the division pursuant to subdivision one of section nine\nhundred ninety-five-b of the general municipal law, the commissioner or\nthe commissioner's designees shall acknowledge receipt of such request.\nAs soon as possible after receiving such a request, the commissioner or\nthe commissioner's designees, subject to the commissioner's discretion\nin prioritizing the division's response to the municipal corporation's\nor public authority's cybersecurity incident report, shall provide\nadvice to the requesting municipal corporation or public authority and,\nto the extent practicable, provide technical assistance.\n