Global cyber incidents like NotPetya and WannaCry and recent ransomware incidents in US cities illustrate the range of impacts a city, like New York, could experience. WannaCry crippled computers in hospitals across the UK preventing doctors from access patient health records and causing surgeries to be suspended. NotPetya brought major corporations and business, such as the global logistics company Maersk, to a standstill. In Baltimore, residents and businesses where unable to access important city services for days and weeks. The city had to develop interim, alternative processes for some services as they worked to restore their technology infrastructure and assets.
New York is a center of cybersecurity and technology talent. Across a diverse range of sectors, from energy and transportation to finance and healthcare, there are professionals who routinely protect their employers and customers from cyber-attacks, and skillfully mitigate the damage when an incident does occur. The aim of this Capstone project is to understand how New York City government can form partnerships with the private and non-profit sectors to tap into and best leverage these cyber and technology professionals during and after a significant cyber incident. The Capstone team will address the following questions:
- What would a coordinated, formal response mechanism by volunteer cyber professional in the event of a significant cyber incident look like?
- What frameworks and models can guide the establishment of this capability?
- How can its maturity be measured?
- What lessons can be taken from recent non-cyber emergencies and disasters, both domestically and internationally, to inform its design?