BILL ANALYSIS �Ó
-----------------------------------------------------------------
|SENATE RULES COMMITTEE | AB 2200|
|Office of Senate Floor Analyses | |
|1020 N Street, Suite 524 | |
|(916) 651-1520 Fax: (916) | |
|327-4478 | |
-----------------------------------------------------------------
THIRD READING
Bill No: AB 2200
Author: John A. Pérez (D)
Amended: 8/22/14 in Senate
Vote: 21
SENATE GOVERNMENTAL ORGANIZATION COMMITTEE : 8-1, 6/24/14
AYES: Correa, Cannella, De León, Galgiani, Hernandez, Lieu,
Padilla, Torres
NOES: Vidak
NO VOTE RECORDED: Berryhill, Vacancy
SENATE APPROPRIATIONS COMMITTEE : 5-0, 8/14/14
AYES: De León, Hill, Lara, Padilla, Steinberg
NO VOTE RECORDED: Walters, Gaines
ASSEMBLY FLOOR : 74-3, 5/28/14 - See last page for vote
SUBJECT : California Cyber Security Steering Committee
SOURCE : Author
DIGEST : This bill creates a 13-member California Cyber
Security Steering Committee (Committee) in the Governors Office
of Emergency Services (OES); continues in existence the
California Cyber Security Task Force (Task Force); and requires
the Committee to seek to implement the policy recommendations of
the Task Force based on specified priorities. Sunsets the
provisions of this bill on January 1, 2020.
Senate Floor Amendments of 8/22/14 substitute the creation of a
CONTINUED
�
AB 2200
Page
2
Committee instead of a California Cyber Security Commission, and
continue in existence the Task Force.
ANALYSIS :
Existing law:
1. Establishes the Department of Technology (DOT) within the
Government Operations Agency, responsible for establishing
and enforcing state information technology strategic plans,
policies, standards, and enterprise architecture. The
Director of DOT is the State Chief Information Officer, and
is responsible for enhancing the security, reliability, and
quality of information technology networks, services, and
systems.
2. Requires each state agency to have a chief information
officer who is appointed by the head of the state entity, and
is responsible for supervising all information technology,
including information security.
3. Establishes the Office of Information Security (OIS), within
DOT, which is responsible for ensuring the confidentiality,
integrity, and availability of state systems and
applications. Requires the OIS to develop an information
security program and establish policies, standards, and
procedures directing state agencies to effectively manage
security and risk.
4. Establishes OES to provide critical infrastructure protection
and related emergency response.
This bill:
1. Makes various legislative findings and declarations relative
to the state's growing dependence on technology which has
made it increasingly vulnerable technically, legally, and
financially to both foreign and domestic cybersecurity
attacks and that for the purposes of public safety and
protection of public assets, the state has a role in
coordinating and improving its overall security and response
capabilities.
2. Continues in existence the Task Force, created in OES and
CONTINUED
�
AB 2200
Page
3
DOT.
3. Requires OES and DOT to convene stakeholders, both public and
private, to act in an advisory capacity and compile policy
recommendations on cyber security for the state. Requires
the Task Force to complete and issue a report of policy
recommendations to the Governor's Office and Legislature.
4. Requires the Task Force to meet at least quarterly within
existing resources to ensure the policy recommendations from
the report are implemented and any necessary modifications
which may arise are addressed in a timely manner.
5. Requires OES and DOT to collaborate with the Committee to
help streamline implementation of policy recommendations set
forth in the Task Force's report. Also, requires that this
collaboration be guided by specific priorities as described
in this bill.
6. Authorizes OES and DOT to conduct the strategic direction of
risk assessments performed by the Military Department's
Computer Network Defense Team as budgeted in the Budget Act
of 2014.
7. Creates the Committee within OES consisting of 13 members, as
specified. Stipulates that members of the Committee will
meet at least quarterly and serve without compensation,
except that members will be entitled to receive actual and
necessary travel expenses while on official business of the
Committee. Provides that representatives appointed by the
Governor, Speaker of the Assembly, or Senate Rules Committee
shall serve a two-year term; any designee shall serve at the
pleasure of the official who designated them; and provides
that eight members will constitute a quorum.
8. Requires the Committee to seek to implement the policy
recommendation of the Task Force based on the following
priorities:
A. Developing cyber prevention, defense, and response
strategies and defining a hierarchy of command within
the state.
B. Partnering with the United States Department of
CONTINUED
�
AB 2200
Page
4
Homeland Security to develop an appropriate information
sharing system to effectively disseminate cyber threat
and response information and data to relevant private
and public sector entities.
C. Providing recommendations for information technology
security standards.
D. Compiling and integrating the research conducted by
academic institutions, federal laboratories, and other
cybersecurity experts.
E. Expanding the state's public-private cybersecurity
partnership network both domestically and
internationally.
F. Developing and providing training programs with the
state's higher education and labor entities to produce a
credentialed and qualified state cybersecurity
taskforce.
G. Expanding collaboration with the state's law
enforcement apparatus.
H. Proposing potential operational or functional
enhancement, as well as investment or spending
recommendation and guidance.
I. Coordinating the pursuit of fiscal resources to
enhance the state's cybersecurity, information
technology, data privacy, cyber research, and
technology-based emergency response capabilities.
9. Authorizes the Task Force to issue reports to the Governor
and the Legislature detailing the activities of the Task
Force, including, but not limited to, progress on the Task
Force's tasks and actions taken and recommended in response
to an incident, as appropriate.
10.Requires the Task Force to engage or accept (a) the services
of agency or department personnel, (b) the services of
stakeholder organizations, and (c) federal, private, or other
nonstate funding, to operate, manage, or conduct the business
of the Task Force.
CONTINUED
�
AB 2200
Page
5
11.Requires the Task Force to operate within the current
information technology budget of each department and agency
they serve.
12.Requires each department and agency to cooperate with the
commission and furnish it with information and assistance
necessary or useful to further the purposes of this bill.
13.Contains a January 1, 2020 sunset provision.
Background
The OIS is the primary state office charged with protecting
state information and ensuring confidentiality, integrity, and
availability of state systems and applications. In short, OIS
is responsible, along with other agencies, for ensuring the
state's cybersecurity. However, various other programs and
agencies have roles related to managing the state's
cybersecurity.
In May 2013, the Governor's Office convened the Task Force to
assess departmental technology systems and assemble key
stakeholders to discuss cybersecurity issues. The state has
made a number of cybersecurity investments, including: funding
research at Lawrence Livermore Laboratories and augmenting the
cybersecurity unit within the California National Guard. In
addition, numerous academic and private sector organizations are
working on the issue of cybersecurity.
FISCAL EFFECT : Appropriation: No Fiscal Com.: Yes
Local: No
Unknown with latest amendments.
SUPPORT : (Verified 8/25/14)
Bay Area Council
League of California Cities
Risk and Insurance Management Society
San Diego Regional Economic Development Corporation
SMUD
OPPOSITION : (Verified 8/25/14)
CONTINUED
�
AB 2200
Page
6
Office of the San Diego County District Attorney
ARGUMENTS IN SUPPORT : The League of California Cities writes
that this bill places cybersecurity on more solid footing, with
enhanced visibility and importance within the state policymaking
arena. This is an issue of rapidly increasing importance that
not only affects the financial data of businesses and personal
data of private individuals, but has national security
implications - as evidenced by the fact that the U.S. Defense
Department has taken a leading role, in part due to concerns
about potential cyber-attacks launched by other nations. Closer
to home, California municipalities, to the degree they are
digitizing their financial and other data and engaging in
electronic transactions, are also at risk, so this is and will
remain a critical issue for many of our larger cities.
ARGUMENTS IN OPPOSITION : The Office of the San Diego County
District Attorney writes, "we believe this proposal is misguided
and will have a deleterious effect on the work that is currently
being done in this region served by our Computer and Technology
Crime High-Tech Response Team (CATCH). For the past several
years, the legislature has decreased our funding, leading to
budget uncertainty that jeopardized the very existences of these
critical teams. The state even disbanded the Advanced Training
Division (ATC), which provided critical training for these task
forces. Incredibly, despite the state's damaging actions over
the past several years, our task force has increased
investigations and prosecutions. Now, AB 2200 seeks to deliver
what can only be described as life-threatening blow to the very
law enforcement groups who are the most knowledgeable about one
of the fastest growing and economically threatening criminal
trends in our communities."
ASSEMBLY FLOOR : 74-3, 5/28/14
AYES: Achadjian, Alejo, Allen, Ammiano, Bigelow, Bloom,
Bocanegra, Bonilla, Bonta, Bradford, Brown, Buchanan, Ian
Calderon, Campos, Chau, Chesbro, Conway, Cooley, Dababneh,
Dahle, Daly, Dickinson, Eggman, Fong, Fox, Garcia, Gatto,
Gomez, Gonzalez, Gordon, Gorell, Gray, Grove, Hagman, Hall,
Harkey, Roger Hernández, Holden, Jones, Jones-Sawyer, Levine,
Linder, Logue, Lowenthal, Maienschein, Medina, Melendez,
Mullin, Muratsuchi, Nazarian, Nestande, Olsen, Pan, Patterson,
CONTINUED
�
AB 2200
Page
7
Perea, John A. Pérez, V. Manuel Pérez, Quirk, Quirk-Silva,
Rendon, Ridley-Thomas, Rodriguez, Salas, Skinner, Stone, Ting,
Wagner, Waldron, Weber, Wieckowski, Wilk, Williams, Yamada,
Atkins
NOES: Donnelly, Beth Gaines, Mansoor
NO VOTE RECORDED: Chávez, Frazier, Vacancy
MW:d 8/25/14 Senate Floor Analyses
SUPPORT/OPPOSITION: SEE ABOVE
**** END ****
CONTINUED