BILL ANALYSIS �Ó
AB 1172
Page 1
Date of Hearing: May 13, 2015
ASSEMBLY COMMITTEE ON APPROPRIATIONS
Jimmy Gomez, Chair
AB
1172 (Chau) - As Introduced February 27, 2015
-----------------------------------------------------------------
|Policy |Privacy and Consumer |Vote:|11 - 0 |
|Committee: |Protection | | |
| | | | |
| | | | |
|-------------+-------------------------------+-----+-------------|
| | | | |
| | | | |
| | | | |
|-------------+-------------------------------+-----+-------------|
| | | | |
| | | | |
| | | | |
-----------------------------------------------------------------
Urgency: No State Mandated Local Program: NoReimbursable: No
SUMMARY:
This bill establishes in statute, until January 1, 2020, a
California Cyber Security Task Force that was established in
2013 by the Office of Emergency Services (OES) and the
California Department of Technology (CalTech). Specifically,
�
AB 1172
Page 2
this bill:
1)Specifies the task force membership, which is to include the
heads of relevant state agencies and cybersecurity experts.
2)Authorizes the task force to convene public and private
stakeholders to act in an advisory capacity and compile policy
recommendations on cyber security for the State, and to
complete and issue an annual report of policy recommendations
to the Governor and the Legislature.
3)Requires the Task Force to meet quarterly, or more often as
necessitated by emergency circumstances, to ensure that the
policy recommendations from the report are implemented and any
necessary modifications that may arise are addressed in a
timely manner.
4)Establishes within OES the position of State Director of Cyber
Security, to serve as the executive director of the task
force, provide strategic direction for risk assessments
performed with state resources, complete a risk profile of
state assets and capabilities for the purpose of compiling
statewide contingency plans, and act as a point of contact to
the federal government and private entities within the state
in the event of a declared emergency.
5)Requires the task force to perform numerous specified
functions, including:
a) Developing cyber prevention, defense, and response
strategies and define a hierarchy of command within the
state for this purpose.
�
AB 1172
Page 3
b) Compiling and integrating research conducted by academic
institutions, federal laboratories, and other cyber
security experts into state operations and functions.
c) Expanding collaboration with the state's law enforcement
apparatus assigned jurisdiction to prevent, deter,
investigate, and prosecute cyber-attacks and IT crime.
d) Proposing potential operational or functional
enhancements to the state's cyber security assessment and
response capabilities, as well as investment or spending
recommendations and guidance for the state's IT budget and
procurement.
FISCAL EFFECT:
Given the numerous functions and responsibilities of the task
force, there would be need for two analysts, in addition to the
executive director, at an ongoing GF costs of around $500,000.
To the extent the result of the task force's work minimizes the
state's exposure from cyber attacks and related technology
security issues, the state will avoid the costs of such
disruptions, which could otherwise be significant.
COMMENTS:
1)Purpose. This bill is intended to set forth in statute a
formal structure and responsibilities for the Task Force,
which is currently functioning as an ad hoc advisory body
under OES. OES and CalTech, acting at the direction of
�
AB 1172
Page 4
Governor Brown, created the Task Force to be "a statewide
partnership comprised of key stakeholders, subject matter
experts, [federal agencies], and cyber security professionals
from California's public sector, private industry, academia,
and law enforcement.
2)Related Legislation. AB 670 (Irwin), pending in this
committee, requires CalTech to conduct security assessments of
the IT resources of every state agency, department or office
at least once every two years.
Analysis Prepared by:Chuck Nicol / APPR. / (916)
319-2081