NYDFS held the first of three webinars marking the 5th anniversary of adoption of its Cybersecurity Regulation, known as “Part 500.” The webinar featured from NYDFS Justin Herring, Executive Deputy Superintendent for Cybersecurity, William Petersen, Assistant Deputy Superintendent for Cybersecurity Supervision, and Robert Francis, its CIO. Some takeaways:
- The Cybersecurity Division has now grown to a staff of 30.
- Four units within the Division: Intelligence; Legal; Supervision; & Operations.
- DFS is drafting an updated cyber regulation which may focus on, among other things:
- whether to require several more specific mandates, including on ransomware reporting;
- whether additional controls will be specified in regulation, adding to existing specific mandates like multi-factor authentication and data encryption. One example might be patch management;
- whether the annual certification must be signed by both the CEO and CCO.
- DFS is also modernizing it cybersecurity supervision, including:
- using additional tools such as the “CIBRIQ” questionnaire and open source analytics such as security scorecard websites;
- prioritizing examinations to focus on licensees exhibiting a “high degree of supervisory concern”;
- continuing to build operational partnerships with federal and state counterparts.
The webinar can be found in the DFS Cybersecurity Resource Center, along with the other two webinars held on this topic: https://www.dfs.ny.gov/industry_guidance/cybersecurity