New York State Assemblywoman Jenifer Rajkumar has announced that her cybersecurity legislation, A2237, has been signed into law following unanimous passage. The new law aims to protect New Yorkers from cyberattacks and prevent sensitive data from falling into the wrong hands.

In a statement, the Assemblywoman said the legislation prohibits New York State and all municipalities from purchasing “technology from certain international companies whose products threaten national security.” She explained that these manufacturers maintain close ties to foreign governments that legally require them to share data or cooperate with intelligence gathering, creating significant risks of cyberattacks and espionage by hostile actors.

“This international tech—including computers, webcams, drones, and semiconductors resident in other companies’ products—has been exposed as a dangerous liability capable of silently transmitting sensitive data or allowing hackers to take control remotely,” the statement said.

The statement also cited a Pentagon report confirming that the use of such technology compromises national security. According to the report, “adversaries could exploit known cybersecurity vulnerabilities that exist.” Many of these products are already banned from federal procurement due to the severity of the risks involved.

The statement warned that New York State and local governments collectively spend hundreds of millions of dollars on this insecure technology. Among the largest users is New York City Public Schools, which experiences an average of one data security incident per year and holds contracts totaling $330 million for computers identified as having hidden spyware, malware, exploitable vulnerabilities, and “backdoors” that allow devices to be controlled remotely.

“Another user is the Legislative Bill Drafting Commission in Albany, which in 2024 experienced a cyberattack that stole payroll data and shut down the bill drafting system the very week annual budget bills were being finalized,” the statement added. “Alarmingly, New York State Troopers and the NYPD have used imported drones determined with high confidence to send data to their home country’s government for strategic decision-making.”

Assemblywoman Rajkumar built support for the bill over a two-year period. With its enactment, millions of New Yorkers are expected to gain expanded protection from malicious cyber actors. The legislation ensures that taxpayer funds will no longer be used to purchase vulnerable technology, aiming to prevent debilitating cyberattacks, safeguard sensitive information, and curb cyberespionage.

“I am committed to keeping New Yorkers safe, and that includes cybersafety,” Assemblywoman Rajkumar said. “When you decide to purchase tech, you might ask, ‘Does it work well? Is this a good price?’ Likely you do not ask, ‘Is this going to send my data to another country’s government?’”

“My bill guarantees that every procurement officer in New York asks this crucial question,” she added. She noted that procurement decisions affecting power plants, public transit systems, and data servers play a decisive role in determining whether hackers have access to critical systems. She also emphasized that the legislation uses billions of dollars in public purchasing power to keep high-risk technology out of the state while supporting domestic semiconductor manufacturing.

The law’s prohibition on certain imported semiconductors is also expected to strengthen New York’s rapidly growing semiconductor industry, which has attracted $124 billion in investment since 2022. A major pillar of that growth is the Micron Technology semiconductor fabrication facility under development in Clay, New York. The $100 billion project, described as the largest private investment in U.S. history, is expected to create approximately 50,000 jobs.

Cybersecurity and defense experts expressed strong support for the legislation, describing it as a critical measure to protect public systems and infrastructure.

Michael Lucci, chairman and CEO of State Armor, said, “Assemblywoman Rajkumar’s new legislation is an essential step to protect New York’s government systems along with the critical infrastructure of America’s most important City. Federal authorities have flagged certain international technologies, in particular those produced by adversary nations, for having undisclosed backdoors and malicious functionalities that put New York’s cyberinfrastructure at risk.”

Timothy A. Cook, former Executive Director of the Center for Procurement Advocacy, said, “In this season of giving gifts, Assemblywoman Jenifer Rajkumar is giving millions of New Yorkers the gift of cybersecurity. Defending cyberinfrastructure is now as critical as defending physical infrastructure, and the Assemblywoman is bringing her leadership to end procurement of tech creating gaping holes in our security.”

Cook added that after studying state legislation on safe technology procurement nationwide, he has not encountered a bill as comprehensive as this one.

“It even addresses the supply chain risk of unsafe components embedded in other companies’ tech. Her bill serves as a Nation-leading example that all States should emulate, showing how leaders at every level of government can fortify our cybersafety,” he said.

Related posts:

Several Elected Leaders Endorse Rajkumar in Her Primary Race for NYC Public Advocate New York Assemblywoman Rajkumar launches campaign for New York City Comptroller New York Assemblywoman Jenifer Rajkumar Appoints Jacob Gross as Chief of Staff New York Expands Job Access for Disabled Veterans as Governor Hochul Signs Assemblywoman Rajkumar’s Bill