State Report: NY Creates Nation's First Regulatory Cybersecurity Division

With the constant progression of technology, Lacewell said the division was a must for the agency.

“As technology changes the financial services industry, regulation must evolve, and DFS is evolving to meet the challenges and opportunities of the new landscape, to protect consumers, safeguard the industry, and encourage innovation,” Lacewell said.

The division will be led by Justin Herring, currently chief of the cyber crimes unit of the U.S. Attorney's Office of New Jersey. Herring oversees cases in New Jersey's federal court involving national security threats, malware, major hacks targeting corporations, and other situations involving cyber crime.

“I look forward to bringing my expertise to DFS to lead this new division to combat the growing problem of cybercrime, protect New Yorkers and their sensitive information from attacks, and ensure that DFS continues to be a leader in cybersecurity,” Herring said.

Herring was previously a member of the U.S. Attorney's Economic Crimes Unit, where he prosecuted and supervised white-collar cases involving insider trading, investment fraud, and other matters similar to the work that DFS does in New York. He also has experience litigating cases involving digital currency, which DFS regulates.

One such case that he prosecuted as a member of the unit involved a Ukrainian man who was convicted of hacking into business newswires and stealing nonpublic financial information. The hacker sold that information for approximately $30 million in illegal profits and was sentenced to more than two years in prison.

Herring will now serve as executive deputy superintendent of the newly created division, which will work with the consumer protection and financial enforcement division to conduct cyber-related investigations, issue regulatory guidance, offer counsel, and enforce the agency's cybersecurity regulations.

The division will also send trends and threat information to the state's financial institutions about cyberattacks to help the industry prevent future breaches.

“Increasingly today, counterterrorism is about cybersecurity, our biggest threat and our biggest challenge, and Justin's extraordinary background as a prosecutor and cyber and economic crimes expert positions him well to lead this new division, bringing together DFS's longstanding leadership in cybersecurity and cyber policy,” Lacewell said.

Herring was previously a federal prosecutor in Maryland, where he was a member of the major crimes unit. He started there in 2010 and moved over to New Jersey in 2014.

Before entering public service, Herring was an associate at Gibson, Dunn & Crutcher in Washington, DC, for five years after clerking for Senior Circuit Judge Danny Boggs of the U.S. Court of Appeals for Sixth Circuit. He's a graduate of the University of Chicago Law School.

*****

Dan M. Clark is the Albany reporter for the New York Law Journal, an ALM sibling of Cybersecurity Law & Strategy. He can be reached at [email protected].