New York authorities test their defenses against cyber attacks

Posted at 3:23 PM, Jul 26, 2019
and last updated 2019-07-26 21:49:03-04

Two days after Louisiana officials declared a state of emergency following a massive cyber attack, authorities from New York conducted a “digital fire drill” to see how critical infrastructure would hold up during a security breach.

The tabletop exercise, hosted by IBM at its training facility in Boston on Friday, puts leaders from law enforcement, telecommunications, energy and many other sectors to the test. The idea was to create a makeshift scenario where a cyber attack shuts down key infrastructure, causing anywhere from a loss of power to mass casualties.

The test could expose blind spots for first responders and reiterate the need for leaders at the local level to meet and exchange information, a critical lesson learned in the wake of the 9/11 terror attacks, officials said.

“It’s like a digital fire drill,” said Kenn Kern, chief information officer for the Manhattan District Attorney’s Office. “How are we going to respond right now.”

The drill was put on by organization called New York City Cyber Critical Services and Infrastucture (NYC CCSI), which is spearheaded by the Manhattan District Attorney’s Office, the NYPD, NYC Cyber Command and the Global Cyber Alliance, an international nonprofit aiming to combat cyber attacks.

The group hosted leaders from 17 sectors, which included emergency services, water systems and even nuclear reactors.

Manhattan District Attorney Cyrus Vance said a cyber attack could reveal law enforcement information, such as the names of informants or grand jury material, which is supposed to be kept secret. Vance said his office would also need to function at a high level in case of a cyber attack.

“There is going to be the need for immediate follow up by lawyers,” Vance said. “You’re talking about search warrants. You’re talking about subpoenas. You’re talking about organizing part of the criminal justice response to an attack.”

Louisiana Gov. John Bel Edwards issued a statewide emergency declaration Wednesday after the malware attack was discovered in several school systems throughout Louisiana, his office said. Recently, ransomware hackers have taken over the computer systems of several cities, including Atlanta, Baltimore, Albany and at least two cities in Florida. There have been at least 22 reported breaches of public sector networks in 2019, CNN reported in May.

NYPD Lt. Gustavo Rodriguez, a member of the department’s counterterrorism unit that’s devoted to cyber security, said there have been about 170 cyber attacks reported over the last five years.

“We want to prevent these things,” Rodriguez said. “We want to bring attention to these things so that local municipalities, villages, towns and states across the country can start looking at this problem.”