Secondary Navigation

Print

Executive Order 10

February 22, 2022

The Cyber Command Operations of the Office of Technology and Innovation

Download Executive Order 10

WHEREAS, government entities at the Federal, State and local levels have increasingly become the targets of sophisticated malicious cyber-attacks that compromise the security and integrity of government operations; and

WHEREAS, the City of New York is a prime target for cyber-threat actors; and

WHEREAS, protecting the City’s information infrastructure is vital to its continued operations and to ensuring the health, safety and welfare of its residents; and

WHEREAS, pursuant to Executive Order No. 3, issued on January 19, 2022, the Mayor established the Office of Technology and Innovation, which incorporated the Office of Cyber Command, the City’s centralized cyber response office; and

WHEREAS, collaboration and information sharing between government, law enforcement and private stakeholders will enable the City to better assess cyber threat levels and protect its residents from such threats; and

WHEREAS, standardizing the City’s cyber defense and response strategies in coordination with non-City governmental bodies, law enforcement and the private sector will enhance the City’s ability to respond to cyber-threats in a cohesive and comprehensive manner; and,

WHEREAS, this Order is promulgated consistent with the authority contained in Sections 20-j and 1072(p) of the New York City Charter,

NOW, THEREFORE, by the power vested in me as Mayor of the City of New York, it is hereby ordered:

Section 1. The Office of Technology and Innovation, through the Office of Cyber Command, shall direct, manage and have authority over the City’s cyber defense, investigation, response, and policy, in coordination with the New York City Police Department and the Office of Emergency Management, as appropriate.

§ 2. The Office of Cyber Command shall have the authority to:

  1. Set information security and policy standards;
  2. Lead citywide cyber defense, investigation and incident response;
  3. Ingest and disseminate all cyber-threat intelligence, counterintelligence and information regarding cyber matters that constitute a serious threat to national security or the security of New York City;
  4. Serve as the primary liaison between public (federal, state and tribal) and private partners/stakeholders for cyber intelligence sharing, investigation and response coordination;
  5. Enter into agreements with federal, state, tribal and private partners for collaborative cyber intelligence sharing;
  6. Coordinate deployment of citywide technical and administrative controls related to information technology, information security and information privacy;
  7. Ensure compliance with relevant regulatory security standards by external parties having access to citywide information infrastructure;
  8. Review citywide cyber related procurements, in collaboration with procuring agencies; and
  9. Perform such other responsibilities with respect to cybersecurity as the Chief Technology Officer shall direct.

§ 3. The director of the Office of Cyber Command, known under section 20-j of the Charter as the City’s Chief Information Security Officer, shall manage the day-to-day operations of the Office of Cyber Command, under the direction of the Chief Technology Officer.

§ 4. Each agency shall appoint a Cyber Command Liaison to represent the agency and be the primary contact with the Office of Cyber Command.  If an agency has a chief information security officer or a chief information officer, those officers should, to the extent practicable, be independent of the agency’s Cyber Command Liaison.

§ 5. The Chief Technology Officer shall approve all requests made by external parties to the Office of Cyber Command for access to data that the Office of Cyber Command collected from agencies in furtherance of providing services to those agencies.

§ 6. All agency heads are directed to cooperate with Office of Technology and Innovation as the Chief Technology Officer promulgates and implements policies related to the Office of Cyber Command.

§ 7. For purposes of this Order, the term “agency” means (i) any agency the head of which is appointed by the Mayor; (ii) any agency headed by a board, commission or other multi-member body, the majority of the membership of which is appointed by the Mayor; and (iii) the Office of the Mayor.  The Office of Technology and Innovation, through its Office of Cyber Command, shall take all steps necessary, consistent with applicable law, to facilitate and promote participation by non-mayoral agencies in the initiatives set forth in this Order.

§ 8. The Office of Cyber Command shall execute its duties and exercise its powers in collaboration with partner City agencies, with the purpose of minimizing or avoiding adverse impact of cybersecurity policies, standards and other actions on agency programs, purposes and initiatives.  Under the direction of the Chief Technology Officer, the Office of Cyber Command shall consult with and consider recommendations from agencies as they implement cyber policies.

§ 9. This Order shall take effect immediately.                                                                      

Eric Adams
Mayor