Objective

To assess the extent of implementation of the two recommendations included in our initial audit report, Cyber Incident Response Team (Report 2020-S-58).

About the Program

Cybercrimes continue to rise. According to the Federal Bureau of Investigation (FBI), complaints of phishing and similar cyberattacks often used to deliver ransomware increased by 162%, from 114,702 in 2019 to 300,497 in 2022. These attacks can have a significant impact on the public when they target public authorities and local governments that oversee a variety of services the public depends on, including water systems, utilities, airports, schools, and health care facilities. In 2022, there were 2,385 complaints of ransomware, according to the FBI’s Internet Crime Report.

In 2017, the Cyber Incident Response Team (CIRT) was created within the Division of Homeland Security and Emergency Services (Division) to provide cybersecurity support to more than 2,800 non-Executive agencies, local governments, and public authorities in New York. CIRT is part of the Division’s Office of Counter Terrorism and currently has 17 members – 11 Division employees and six members of the National Guard. The Division’s mission is to provide leadership, coordination, and support for efforts to prevent, protect against, prepare for, respond to, and recover from terrorism and other man-made and natural disasters, threats, fires, and other emergencies.

The objective of our initial audit, which was issued on November 12, 2021 and covered the period January 1, 2018 to March 26, 2021, was to determine whether CIRT was achieving its mission of providing cybersecurity support to non-Executive agencies, local governments, and public authorities. The audit found that CIRT developed lines of service to guide its work, which includes cyber incident response services, technical cyber services, and information sharing and outreach, but did not establish specific and measurable objectives or quantifiable goals that can be measured to evaluate its accomplishments.

Key Finding

The Division made progress in addressing the issues we identified in the initial audit report; however, additional actions are needed. Of the initial report’s two audit recommendations, one was implemented and one was partially implemented.

Key Recommendation

Officials are given 30 days after the issuance of this report to provide information on any actions planned to address the unresolved issues discussed in this follow-up.