NY DFS creates cybersecurity division, naming federal prosecutor as head
With the constant progression of technology, Lacewell said the division was a must for the agency.
New York’s financial regulatory agency has created a first-in-the-nation cybersecurity division to place special focus on protecting the state’s consumers and industries from digital threats, the regulator announced on Wednesday.
Acting Superintendent Linda Lacewell of the state Department of Financial Services said the division is the first of its kind to be established by a banking or insurance regulator.
The move comes more than two years after the agency promulgated the country’s first wide-reaching cybersecurity regulations to protect the state’s financial services industry and consumers from digital vulnerabilities.
With the constant progression of technology, Lacewell said the division was a must for the agency.
“As technology changes the financial services industry, regulation must evolve, and DFS is evolving to meet the challenges and opportunities of the new landscape, to protect consumers, safeguard the industry, and encourage innovation,” Lacewell said.
The division will be led by Justin Herring, currently chief of the cybercrimes unit of the U.S. Attorney’s Office of New Jersey. Herring oversees cases in New Jersey’s federal court involving national security threats, malware, major hacks targeting corporations, and other situations involving cybercrime.
“I look forward to bringing my expertise to DFS to lead this new division to combat the growing problem of cybercrime, protect New Yorkers and their sensitive information from attacks, and ensure that DFS continues to be a leader in cybersecurity,” Herring said.
Related: NY State regulators sue federal agency over fintech charters
Past experience
Herring was previously a member of the U.S. Attorney’s Economic Crimes Unit, where he prosecuted and supervised white-collar cases involving insider trading, investment fraud, and other matters similar to the work that DFS does in New York. He also has experience litigating cases involving digital currency, which DFS regulates.
One such case that he prosecuted as a member of the unit involved a Ukrainian man who was convicted of hacking into business newswires and stealing nonpublic financial information. The hacker sold that information for approximately $30 million in illegal profits and was sentenced to more than two years in prison.
Herring will now serve as executive deputy superintendent of the newly created division, which will work with the consumer protection and financial enforcement division to conduct cyber-related investigations, issue regulatory guidance, offer counsel, and enforce the agency’s cybersecurity regulations.
The division will also send trends and threat information to the state’s financial institutions about cyberattacks to help the industry prevent future breaches.
“Increasingly today, counterterrorism is about cybersecurity, our biggest threat and our biggest challenge, and Justin’s extraordinary background as a prosecutor and cyber and economic crimes expert positions him well to lead this new division, bringing together DFS’s longstanding leadership in cybersecurity and cyber policy,” Lacewell said.
Herring was previously a federal prosecutor in Maryland, where he was a member of the major crimes unit. He started there in 2010 and moved over to New Jersey in 2014.
Before entering public service, Herring was an associate at Gibson, Dunn & Crutcher in Washington, D.C., for five years after clerking for Senior Circuit Judge Danny Boggs of the U.S. Court of Appeals for Sixth Circuit. He’s a graduate of the University of Chicago Law School.
Related: The risks and rewards of cybersecurity
This article first appeared on Law.com, a sister publication of PropertyCasualty360.