NY.gov Portal State Agency Listing

About the Office of Cyber Security

About OCS

The Office of Cyber Security, led by Thomas D. Smith, is dedicated to the protection of the State's cyber security infrastructure through the identification and mitigation of vulnerabilities, deterring and responding to cyber events and promoting cyber security awareness within the State.

The Office is also responsible for Statewide policies, standards, programs, and services relating to cyber security and geographic information systems (GIS), including the Statewide coordination of GIS.


Director's Page

Director Thomas Smith
Thomas D. Smith was appointed Director of the Office of Cyber Security in July 2010.  Prior to that, he served as Assistant Deputy Director and Counsel since 2007. In that position, he assisted in the agency's policy direction; managed the agency's large scale procurements; coordinated the agency's legislative program; and served as Co-Chair of the Multi-State Information Sharing and Analysis Center's Procurement Workgroup. He also  served as the agency's Ethics Officer and Records Appeals Officer.

Prior to joining the Office of Cyber Security, Mr. Smith served as a supervising attorney at the State Office For Technology where he oversaw the legal team for the State Data Center and served as legislative liaison.  From 1986-2000, he worked in the New York State Office of the State Comptroller, where he served as an associate attorney in the Division of Legal Services/Municipal Law Section and the Division of Legal Services/Investments.

Mr. Smith graduated cum laude from Dartmouth College and earned his Juris Doctor from Albany Law School.  He and his wife reside in the City of Albany and have three children.

 

 

 

OCS Responsibilities

Purpose

The New York State Office of Cyber Security (OCS) was established in September 2002 as an entity with a single focus dedicated to addressing the crucial needs of cyber security and critical infrastructure coordination. Its mission is to provide leadership and vision in cyber security and in geographic information systems.

Effective July 1, 2010, the Division of Homeland Security and Emergency Services was established. The Office of Cyber Security (OCS) merged into the Division of Homeland Security and Emergency Services along with the Office of Counter Terrorism, Office of Emergency Management, Office of Fire Prevention and Control and the Office of Interoperable and Emergency Communications. The individual Offices will continue as specialized offices under the new umbrella agency. This consolidation will allow the State to operate a single, multi-purpose agency focused on first responders and public safety. Collectively, the new Division will be responsible for analysis, information sharing, physical and cyber security, disaster preparedness and relief, interoperable and emergency communications, fire safety, and emergency response.

Responsibilities

OCS is responsible for the State's cyber readiness and critical infrastructure coordination. OCS accomplishes its mission by coordinating the State's cyber incident response team; monitoring the State's networks for malicious cyber activities; coordinating the process by which State critical infrastructure data is collected and maintained; and leading and coordinating geographic information technologies.

OCS operates on the principles of collaboration and cooperation and has developed partnerships at all levels of government and with the private sector to further its objectives.

OCS is responsible for the following major functions:

Cyber Security Governance

  • Develop, maintain and support Statewide cyber security policies and standards.
  • Monitor compliance with Statewide cyber security policies and standards.
  • Promote information security best practices that can be adopted and implemented by State agencies.

Incident Response Team

  • Assess global cyber security threats and vulnerabilities and research innovative solutions to potential and perceived threats.
  • Develop and post cyber security alerts and advisories.
  • Respond to cyber security incidents impacting New York State government.
  • Conduct vulnerability scans and penetration testing; perform forensics, log and malware analysis.

Managed Security Services

  • Provide 24x7x365 cyber security monitoring and response for NYS agencies and public universities.

Training and Outreach

  • Organize, contract for and implement cyber security training for State and local government.
  • Develop informational materials for use by government, education, and home users.
  • Create two-way communication between State, local government, and the education sector to establish mutual understanding and develop relationships with an overarching goal of improving cyber security awareness through an increased number of distribution channels to a variety of entities.

Critical Infrastructure Initiative

  • Provide an advanced information system and related analytical tools to identify the people and critical infrastructure assets potentially affected by future emergency events and identify the assets, both physical and human (i.e., personnel), available to quickly and effectively coordinate the State's response.
  • Develop and deploy a spatial data warehouse and related GIS-based applications to enhance the State's capabilities to securely store, manipulate, analyze, access, and maintain sensitive critical infrastructure and asset data.
  • Work with key State agencies to construct new critical infrastructure datasets, improve existing datasets and develop maintenance plans for all datasets.
  • Provide training to State agencies on the use of the on-line application(s) and the spatial data warehouse.
  • Acquire key critical infrastructure datasets from Federal, local and private sources that are not available from State agencies.

NYS Geographic Information Systems Coordination

  • Serve as chair and provide staff support to the State's GIS Coordinating Body, consisting of representatives from State agencies, local government, the private sector and academia.
  • Manage the Statewide GIS Coordination Program, under the guidance of the GIS Coordinating Body, focusing on the following goals:
    • Development of self-sustaining GIS capacity among all levels of government across the State.
    • Promotion of a more coordinated statewide approach to development and implementation of GIS technology.
    • Improved quality and availability of GIS data.
  • Manage the State's GIS data sharing activities, including:
    • The NYS GIS Data Sharing Cooperative, which is open to government and not-for-profit agencies under terms of the Cooperative license.
    • Provide public access to non-secure GIS data.
  • Manage the NYS GIS Clearinghouse.
  • Provide GIS outreach and training to promote awareness and use of GIS technology among government decision-makers.
  • Maintain and improve the quality of GIS Framework Data.

GIS Emergency Response Activities

  • Improve GIS capabilities deployed in the event of a State declared emergency.
  • Maintain a remote GIS team to support State and local government emergency response needs.
  • Provide for an emergency response capability to acquire remote sensing imagery during emergencies.
  • Establish a statewide network of GIS professionals able to respond to emergency needs.
  • Coordinate GIS emergency response activities among the federal, state, county and municipal governments.

Improved Imagery and Framework Data Activities

  • Develop improved terrain data for New York.
  • Continue improvement and updating of local roads and addressing data.
    • Coordinate updated addresses reported from local government partners
    • Support 911 dispatch activities with comprehensive addresses
  • Continue Statewide Digital Orthoimagery Program, with updated imagery acquired for a portion of the State each year.
    • Foster partnerships with all levels of government to facilitate one imagery program which meets the needs of the stakeholders.

Broadband Mapping

  • Carry out the responsibilities of the broadband mapping program as specified by the NTIA State Broadband Data & Development Program.
  • Support the Governor's Office and the NYS Broadband Council with geographic data and analysis.
  • Develop and maintain the State's web-based broadband map.

Workgroups & Committees

The NYS Office of Cyber Security (OCS) within the Division of Homeland Security and Emergency Services (DHSES) currently participates on numerous workgroups and committees with representatives from all levels of government and the private sector.  The Workgroups and Committees collaborate on cyber security issues and critical infrastructure discussions including the identification and mitigation of vulnerabilities, deterring and responding to cyber events, and promoting cyber security awareness within the State.

Cyber Threat Intelligence Coordinating Group

This group works collectively to understand the developing trends of domestic and international cyber attacks targeting governmental, regulatory authority and private industry infrastructure. The ability to understand these growing threats will enable partners to develop information sharing mechanisms to assist both law enforcement and private security industry to understand vulnerabilities and help ensure continuity of operations. Both the Office of Counter Terrorism and OCS participate in this group, which is led by the Multi-State Information Sharing and Analysis Center.

Digital Forensic Workgroup

The New York State Digital Forensics Workgroup is an organized group of NYS agencies with Digital Forensics interests. This group was formed to address the disparate methodologies followed by many entities. In an effort to promote common solutions, this group is working to create operating procedures and guidelines that any NYS agency can follow.  Its primary purpose is to bring together State agencies actively engaged in gathering and working with digital and multimedia evidence, to foster communication, collaboration, and cooperation, and to ensure quality and consistency within the Digital Forensics community of practice.

Geographic Information Systems (GIS) Coordinating Body

The NYS GIS Coordinating Body, operating under the auspices of the NYS Office of Cyber Security, coordinates, promotes and facilitates the development, effective use, and sharing of geographic information. It also removes barriers to implementing geographic information technology to improve the delivery of public services, protect the public and the environment, and enhance the business climate for the benefit of the State, its municipalities, businesses and citizens.

Please visit:  the GIS Coordination Program for more information on the GIS Coordinating Body the GIS Workgroups and Committees.

Homeland Security Strategic Workgroup (HSSWG)

OCS participates in this workgroup bringing cyber security expertise to the Strategic plan.  Through this group, OCS is expanding its outreach efforts to the Urban Areas Security Initiative and first responder communities.  OCS also develops the investment justifications for cyber security.

InfraGard

OCS is a member of InfraGard.  InfraGard is an information sharing and analysis effort serving the interests and combining the knowledge base of a wide range of members. At its most basic level, InfraGard is a partnership between the Federal Bureau of Investigation and the private sector. InfraGard is an association of businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States. InfraGard Chapters are geographically linked with FBI Field Office territories.

MS-ISAC Education and Awareness Workgroup

OCS represents NYS in this workgroup which is led by the Multi-State Information Sharing and Analysis Center (MS-ISAC). The Workgroup's objectives are focused on recommending development of new or identification of existing cyber security education, awareness and training content for states and localities. This includes recommendation of MS-ISAC program initiatives for the annual National Cyber Security Awareness Month.

MS-ISAC Government Outreach and Marketing Workgroup

OCS represents NYS in this workgroup which is led by the Multi-State Information Sharing and Analysis Center (MS-ISAC). Workgroup members comprised of state and local government cyber security experts from across the United States. This group is tasked with developing guidance for state and local government information security professionals on methods for providing information security products and services to their stakeholders and audiences.

MS-ISAC Legislative Workgroup

OCS represents NYS in this workgroup which is led by the Multi-State Information Sharing and Analysis Center (MS-ISAC). The purpose of the workgroup is to provide a leadership role in advancing information security by sharing information and recommendations with the MS-ISAC members and with governmental and non-governmental entities regarding related legislative and regulatory issues at the federal and state levels, including Washington, D.C. activities and events.

MS-ISAC Metrics and Compliance Workgroup

This Multi State Information Sharing and Analysis Center sponsored workgroup is focused on recommending and implementing methodologies to help states and territories with cyber security metrics and compliance inventory, assessment and audit of their cyber security assets.

MS-ISAC Procurement Workgroup

OCS represents NYS in this workgroup which is led by the Multi-State Information Sharing and Analysis Center (MS-ISAC).  The purpose of the workgroup is to assist state and local governments in identifying strategies for procurement of goods and services related to cyber security initiatives; facilitating opportunities for state and local joint procurement, as well as identifying and recommending available grant opportunties.

NASCIO Security and Privacy Committee

This National Association of Chief Information Officers sponsored committee is charged with supporting NASCIO's strategic objective of protecting the information technology infrastructure of the twenty-first century. A major focus is integration and coordination of federal, state, local government and private sector efforts that further the national cyber security agenda.

Nationwide Cyber Security Review Working Groups

These United States Department of Homeland Security sponsored working groups provide the vehicle by which stakeholders and the community can collaborate and aid in the execution of the Nationwide Cyber Security Review (NCSR), a consolidated review of cyber security measures and capabilities in states and large urban areas.  Participants in these working groups make key decisions and perform key activities for the achievement of the NCSR.

NYS Cyber Security Local Government Workgroup

This group consists of representatives from each level of government (State, county, city, town and village).  They  voluntarily work together to identify the cyber security issues facing localities and work toward solutions.  OCS hosts this group which works toward making cyber security everyone's responsibility.

New York State Forum Security Work Group

The NYS Forum brings State and local government organizations and information technology leaders and professionals together to share knowledge and ideas, and promote policies and practices for effective, equitable and secure use and management of information resources in government.  The Forum Security Work Group's objective is promoting collaboration, education, cyber security awareness, information security governance and risk management.

SANS Advisory Board

OCS represents NYS on this Board to discuss opportunities for discounted training for all 50 states and local government.