citymeetings.nyc

Your guide to NYC's public proceedings.

QUESTION

How quickly did New York City Cyber Command respond to the unauthorized access of 19,000 files, and what processes were involved?

1:58:33

·

114 sec

Video Player is loading.

Current TimeÂ 0:00

DurationÂ 3:44:15

Loaded: 0%

Stream TypeÂ LIVE

Remaining TimeÂ 3:44:15

Â

Kelly Moan explains that New York City Cyber Command worked quickly in responding to the unauthorized access of 19,000 files compared to other impacted entities.

The time from initial disclosure of the vulnerability to identifying the unauthorized access of files was relatively short.
There was a sense of urgency to provide notification as soon as possible.
The analysis to determine impacted data elements was complex, involving multiple layers of review with partners like the DOE and private firms.
The goal was to ensure a full and comprehensive assessment before notifying individuals whose data may have been impacted.

Jennifer Gutiérrez

1:58:33

Is there any way looking back now that Cyber Command could have helped in this process and at least notifying the affected parties in in less than 90 days potentially.

Kelly Moan

1:58:44

So in the particular case of move it.

1:58:47

We actually worked incredibly quickly in comparison to others that were more broadly, but also in comparison to others that were impacted.

1:58:57

If you take a look at what's in the public domain about other entities that were impacted and associated time frames.

1:59:04

We are on the faster side, and in particular, the investigation at sell from initial disclosure of vulnerability to identification of files being unauthorized una unauthorized access to 19,000 unique files Mhmm.

1:59:22

Was quite quick.

1:59:25

From the cybersecurity perspective.

1:59:27

And that's what we endeavor to do each and every time.

1:59:30

A sense of urgency is incredibly critical to making sure that we can affect notification.

1:59:36

Should it be relevant as soon as possible?

1:59:39

The actual will act.

1:59:40

And again, I'm not sure how much folks know about how the sauces need from a analysis this perspective, but the analysis to determine if a data element was impacted is quite complex and making sure that we had the totality of data that was impacted and tying that back to individuals was a paramount consideration for for the city, making sure that we were full and all encompassing, and that meant multiple layers of reviews and assessment with our e discovery firm.

2:00:19

And when I say we, I mean DOE and and New York City Cyber Command in addition to the private teams as well.

← Previous Chapter

What was the timeline for notifying the Office of Technology and Innovation (OTI) about the data breach vulnerability?

Next Chapter →

What was the nature of the incident involving the New York City law department and how would it be classified?