NY S00924

Establishes a New York State Cyber Security Advisory Board within the Division of Homeland Security and Emergency Services with eleven members appointed by the governor, three recommended by the Senate Temporary President, and three by the Assembly Speaker, requiring expertise in cyber security, telecommunications, and computer systems.

Requires the Division of Homeland Security and Emergency Services to establish a voluntary cyber security information sharing and analysis program within sixty days to increase sharing of cyber threat information between public and private sector entities.

Mandates development of a cyber security framework with standards, methodologies, and procedures to help critical infrastructure owners and operators identify, assess, and manage cyber risks, incorporating voluntary consensus standards and industry best practices.

Requires submission of a report within 120 days on New York State's critical infrastructure cyber security risks, identifying infrastructure where cyber incidents could cause catastrophic regional or statewide effects on public health, safety, or economy.

Directs the Division of Homeland Security and Emergency Services to promulgate regulations establishing liability protections for entities sharing information in good faith, procedures for rapid dissemination of unclassified cyber threat reports, and an enhanced cyber security services program for critical infrastructure companies.