On Dec. 19, Gov. Kathy Hochul signed a bill sponsored by South Queens Assemblymember Jenifer Rajkumar, which passed the state Assembly by a unanimous vote and aims to protect New Yorkers’ private information by ensuring that hardware and software used by government agencies remains uncompromised. A223 prohibits the State and all municipalities from purchasing technology from certain international companies whose products threaten national security and received the support from several cybersecurity experts who gave testimony on the importance of its subject.
Michael Lucci, chairman and CEO of State Armor, is one such expert in support of the bill. State Armor is a nonprofit advocacy group dedicated to “help states enact solutions to global security threats” via means of research and education. According to Lucci, federal authorities have flagged certain types of international technologies, most of which were produced or manufactured by “adversary nations,” that have potential backdoors to access data and present a risk to cyberinfrastructure.
“Assemblywoman Rajkumar’s new legislation is an essential step to protect New York’s government systems along with the critical infrastructure of America’s most important City,” Lucci said. “While national security is primarily the responsibility of Washington, D.C., Assemblywoman Rajkumar’s legislation shows that states are the critical first line of defense to prevent technological vulnerabilities that would imperil the systems and services New Yorkers depend upon for everyday life.”
Some of the backdoor loopholes in the tech also include the ability to be operated remotely. The largest consumers of the tech in question is actually the NY Public School system, which currently has $330 million worth of contracts for computers and more that have “hidden spyware, malware and other vulnerabilities.”
Most recently, in January of this year, NY Public Schools experienced the “largest breach of American children’s’ data” when company PowerSchool failed to ensure multi-factored authentication. Another breach occurred to the Legislative Bill Drafting Commission in Albany, when a 2024 cyberattack stole payroll data and shut down the bill drafting system the very week annual budget bills were being finalized. However, neither of these incidents were linked to nefarious actions perpetrated by a foreign entity.
“I am committed to keeping New Yorkers safe, and that includes cybersafety. When you decide to purchase tech, you might ask, ‘Does it work well? Is this a good price?’ Likely you do not ask, ‘Is this going to send my data to another country’s government?’” Rajkumar said. “My bill guarantees that every procurement officer in New York asks this crucial question. From our power plants to our public transit to our servers packed with sensitive information, our procurement decisions determine whether or not there is an open door for hackers.”
Rajkumar also noted the bill will garner more government contracts to bolster US-based semiconductor companies, as the semiconductor industry received a $124 billion worth of investments in 2022 and a fabrication facility owned by Micron Technology is soon to be opened nearby in Clay, New York.
“In this season of giving gifts, Assemblywoman Jenifer Rajkumar is giving millions of New Yorkers the gift of cybersecurity,” said Timothy A. Cook, former Executive Director of the Center for Procurement Advocacy. “Defending cyberinfrastructure is now as critical as defending physical infrastructure, and the Assemblywoman is bringing her leadership to end procurement of tech, creating gaping holes in our security.”
