As U.S. businesses become more and more vulnerable to hacks and cybersecurity breaches – so too are New York’s governing agencies, where antiquated systems make these institutions key targets for bad actors. At City and State’s 2024 Digital New York Summit, cybersecurity experts and government leaders discussed various weaknesses and solutions to strengthening government digital infrastructures.
Keynote speaker Dru Rai, the state’s chief information officer, opened the summit by emphasizing the urgency of investing in cybersecurity and digitization.
“By law, IT is in charge of safeguarding the state systems and cyber intrusion and attacks, an awesome responsibility, which grows every day in both importance and magnitude. If we don't have a solid cybersecurity posture, most of our services will not have any meaning,” Raid told attendees at the Museum of Jewish Heritage in Lower Manhattan. “More than ever, our challenge is to meet New Yorkers where they are, to provide services they need and to ensure interactions with the government are simple, seamless and straightforward.”
To make this a reality, Rai highlighted the state Office of Information Technology commitment to investing in tools and resources to grow the city’s capacity for digitization, while acknowledging obstacles that may hinder its progress.
“The journey from concept to delivery can be very slow and we're trying to fix those. Many of our projects we take are frankly too big or too complex, too long. And therefore, we ultimately fail to deliver the fundamental change,” Rai explained. “Technology changes in the blink of an eye, hence I believe we need to be more nimble and adapt to changes when they're happening.”
Rai also highlighted the four major tenets of the agency he oversees, from cyber efforts through its Joint Security Operations Center, to prioritizing customer experience, workforce development and harnessing AI use while being mindful of its risks – details highlighted in the agency’s comprehensive policy of responsible AI roadmap.
Panelists at the event also discussed issues with legacy systems – often being too archaic to adapt to new systems, making agencies more vulnerable to fraud and human error.
“So the first challenge is really working within outdated infrastructure. Many of the city's systems for many years have operated off of a mainframe. So between having limited staff who don’t know how to work off of a mainframe, it’s costly to maintain, it’s prone to failure and it has a lack of compatibility with other systems as other IT solutions are evolving,” Dawn Pinnock, commissioner of the New York City Department of Citywide Administrative Services, said on a panel titled “How tech can move government forward,” moderated by journalist Ben Max.
“I think it's really important to not have our teams lose pace,” Pinnock added. “because this is an opportunity for upskilling,”
Another panelist, Deputy Comptroller for State Government Accountability Tina Kim also highlighted legacy systems’ vulnerability to cybersecurity risks.
“The first actually is the lack of modernization of the legacy system. They are issues with cybersecurity risks. A lot of the issues that arose during the pandemic, in certain programs, if you look at their root costs, a lot of them are related to the legacy systems that states had in place at that time,” Kim told attendees.
Panelist Rakesh Malhotra, co-founder and managing partner of Nuvalence, brought attention to bureaucratic redlining that he said needs to be addressed alongside antiquated legacy systems. Among these were challenges to data sharing, as agencies struggle to work efficiently with laws dating back to the Privacy Act of 1974.
“With the government, we have an extra challenge [because] the data sharing agreements need to be made on a federal, state, city [level][…] On the government side of things, when we try to tackle a solution, we are hindered in some ways, delayed, because we have to hash out every single data sharing agreement within the agency,” Kevin Kim, commissioner of the New York City Department of Small Business Services, said on the panel.
According to Kim, one solution could lie in integrated data systems, where data can be shared across city agencies in real time through the use of consolidated websites and AI, while being mindful of its risks. Although agency heads are keen to incorporate automation through AI, Kim advised increased investment in AI risk mitigation.
“AI can really vary,” said Kim. “So these are things that you really want to look at, because the controls are actually different, depending upon the risk level that you're actually seeing related to artificial intelligence. One of the things you find is that people actually don't even have inventories, or clear definitions of what artificial intelligence actually is.”
Panelists stressed that AI should be used in tandem with a growing workforce, as city agencies invest in upskilling through additional training. Benefits of government partnerships with the private sector were also discussed, namely those at the Cybersecurity and Infrastructure Security Agency.
“As part of these partnerships, we have resources we bring to the table, information that we can share regarding ongoing threats,” said R.S. Richard Jr., chief of cybersecurity, region 2 at the Cybersecurity and Infrastructure Security Agency.
Richard, participating on a panel titled, “Uprgrading and protecting New York’s cyber and physical infrastructures,” hosted by City & State Deputy Managing Editor Holly Pretscky, continued, “We gather so much information from other partnerships with different security organizations and government agencies. These are all taxpayer funded initiatives to enhance cybersecurity in critical infrastructure in your faith-based institutions and your nonprofits.”
Another member of the panel Joe Dabrowski, regional vice president of state, local and education sales at Rubrik, advised that one of the things agencies can do is to create robust cyber recovery plans like tabletops, which can be adjusted to each organization’s needs.
Speakers also highlighted the importance of investing in data protection and cybersecurity, with Benjamin Voce-Gardner, director of the Office of Counter Terrorism, state Division of Homeland Security and Emergency Services, giving details on the state’s cybersecurity strategy.
“We’re looking at a lot of our hardware and software, and we are proactively trying to replace legacy equipment, which is obviously a huge vulnerability,” he said. “And when we do, we're operating in a secure fashion. Number two is to collaborate: that's working with our partners across the board, [and] with local governments to ensure that they become more security.”
As New York City in particular moves forward to automate major aspects of its governing infrastructure, government leaders assured that these digital changes wouldn’t replace human labor. “AI can provide real opportunities to save money to improve processes, maximize efficiencies and to make the government more responsive to citizens. But we must do it right, by maximizing the benefit while reducing the risk,” said Rai.
NEXT STORY: New York Thermal Networks Summit drives conversation on ‘revolutionary technology’