BILL ANALYSIS �Ó
AB 2200
Page 1
ASSEMBLY THIRD READING
AB 2200 (John A. Pérez)
As Amended May 23, 2014
Majority vote
ADMINISTRATIVE REVIEW 13-0
APPROPRIATIONS 16-1
-----------------------------------------------------------------
|Ayes:|Frazier, Achadjian, |Ayes:|Gatto, Bigelow, |
| |Buchanan, | |Bocanegra, Bradford, Ian |
| |Ian Calderon, Cooley, | |Calderon, Campos, Eggman, |
| |Gorell, Hagman, | |Gomez, Holden, Jones, |
| |Lowenthal, Medina, Olsen, | |Linder, Pan, Quirk, |
| |Quirk-Silva, Salas, | |Ridley-Thomas, Wagner, |
| |Wagner | |Weber |
| | | | |
|-----+--------------------------+-----+--------------------------|
| | |Nays:|Donnelly |
| | | | |
-----------------------------------------------------------------
SUMMARY : Creates the California Cyber Security Commission
(CCSC) within the California Department of Technology (DOT).
Specifically, this bill :
1)Establishes the CCSC within the DOT and specifies the
composition of the membership.
2)Charges the CCSC with improving the state's cyber security and
cyber response capabilities.
3)Authorizes the CCSC to appoint specified representatives to
form an advisory board in order to receive input or advice
concerning the implementation of the CCSC's duties.
4)Specifies that a quorum of the CCSC constitutes nine members
and sets other administrative requirements.
5)Requires the CCSC to issue quarterly reports to the Governor
and Legislature that detail the cyber security status and
progress of the state.
6)Sunsets the CCSC on January 1, 2019.
�
AB 2200
Page 2
7)Makes a number of legislative findings and declarations about
the importance of effective cyber security.
FISCAL EFFECT : According to the Assembly Appropriations
Committee, unknown, one-time costs to create the CCSC and
on-going costs in the range of $500,000 to $1 million (General
Fund) to staff the CCSC assuming between four and seven
positions.
COMMENTS : The Office of Information Security (OIS), within the
DOT, is the primary state office charged with protecting state
information and ensuring confidentiality, integrity, and
availability of state systems and applications. In short, the
OIS is responsible, along with other agencies, for ensuring the
state's cyber security. However, various other programs and
agencies have roles related to managing the state's cyber
security.
This bill creates the CCSC within the DOT to focus on improving
the state's cyber security and cyber response capabilities.
Members, consisting of various state agency department leaders
as well as representatives from private sector industries and
other interests such as air traffic control, ports, and water
systems, would share information to enable state government to
protect and secure important information, data, intellectual
property, financial networks, and critical infrastructure.
According to the author, this bill "would advance the state's
overall cyber security assessment, preparedness, and response
systems; promote cyber security information sharing and the use
of best practices among the private and public sectors; and
identify funding and research opportunities." The author
explains that different elements of the state's cyber security
are fragmented and the CCSC would help the state form a
coordinated strategy.
This bill requires the CCSC to issue quarterly reports to the
Governor's Office and Legislature about the cyber security
status and progress of the state. The report would include
recommendations to improve the state's cyber security.
The CCSC would be required to meet quarterly, or more often as
determined by a majority vote of a quorum of members, or in the
�
AB 2200
Page 3
event of an emergency. This bill provides that nine members
would constitute a quorum and requires members to serve without
compensation other than actual necessary travel expenses.
The CCSC would sunset on January 1, 2019.
Analysis Prepared by : Scott Herbstman / A. & A.R. / (916)
319-3600
FN: 0003817