In the wake of recent cyberattacks, cities and states are taking a stand.
On March 29, New York City (the City) Mayor Bill de Blasio announced NYC Secure, an initiative that will include a suspicious activity alert app for residents and security upgrades to the City's public Wi-Fi networks.1The initiative is intended as a citywide effort to better protect citizens and mitigate systemic-level cyber threats to citizens or City infrastructure, not unlike the ransomware attack suffered by the City of Atlanta last month, which included the disabling of public Wi-Fi.2
Hailed as New York City's "first ever cybersecurity initiative," NYC Secure will be developed and implemented by NYC Cyber Command, and will offer free resources to increase cybersecurity for residents and visitors to the Big Apple starting this summer. Core features of the app include alerting users to suspicious mobile device activity, identifying potentially malicious Wi-Fi networks, apps or websites, and providing tips for users to be more aware of their digital activities. While the app's intentions are admirable, the City has already recognized the risks of improper implementation, particularly with respect to the potential for increasing the surface area of attack by creating another access point to user data.To mitigate some of the privacy risks, the City aims to respect and protect the privacy of app users' information by limiting the app's functionality so that it will not access personally identifiable information or perform any external or cloud-based analysis of private data (which won't be collected or transmitted by the app), unlike other commercially available threat assessment counterparts. City officials also highlighted the app's "strict privacy policy and layers of technical controls that ensure user privacy is protected."3 The City plans to apply the same levels of restrictions and protections to its efforts to secure browsing on public Wi-Fi.
If properly implemented, the progressive NYC Secure initiative could be a first step toward setting the standard for similar city-provided services nationwide. City officials aptly compared the initiative to previous efforts to make the streets of New York City safe, and noted the importance of "bringing that same commitment to protecting New Yorkers into cyberspace."4 As more and more daily activities of residents and visitors are conducted online (particularly through mobile devices and on public networks susceptible to a variety of external cyber threats), increased attention should be paid to state and local-level protections.
Footnotes
2. https://www.nytimes.com/2018/03/27/us/cyberattack-atlanta-ransomware.html
This article is presented for informational purposes only and is not intended to constitute legal advice.
