BILL ANALYSIS                                                                                                                                                                                                    



                                                                    AB 1172


                                                                    Page  1





          Date of Hearing:  May 13, 2015


                        ASSEMBLY COMMITTEE ON APPROPRIATIONS


                                 Jimmy Gomez, Chair


          AB  
          1172 (Chau) - As Introduced February 27, 2015


           ----------------------------------------------------------------- 
          |Policy       |Privacy and Consumer           |Vote:|11 - 0       |
          |Committee:   |Protection                     |     |             |
          |             |                               |     |             |
          |             |                               |     |             |
          |-------------+-------------------------------+-----+-------------|
          |             |                               |     |             |
          |             |                               |     |             |
          |             |                               |     |             |
          |-------------+-------------------------------+-----+-------------|
          |             |                               |     |             |
          |             |                               |     |             |
          |             |                               |     |             |
           ----------------------------------------------------------------- 


          Urgency:  No  State Mandated Local Program:  NoReimbursable:  No


          SUMMARY:


          This bill establishes in statute, until January 1, 2020, a  
          California Cyber Security Task Force that was established in  
          2013 by the Office of Emergency Services (OES) and the  
          California Department of Technology (CalTech). Specifically,  








                                                                    AB 1172


                                                                    Page  2





          this bill:


          1)Specifies the task force membership, which is to include the  
            heads of relevant state agencies and cybersecurity experts.


          2)Authorizes the task force to convene public and private  
            stakeholders to act in an advisory capacity and compile policy  
            recommendations on cyber security for the State, and to  
            complete and issue an annual report of policy recommendations  
            to the Governor and the Legislature.


          3)Requires the Task Force to meet quarterly, or more often as  
            necessitated by emergency circumstances, to ensure that the  
            policy recommendations from the report are implemented and any  
            necessary modifications that may arise are addressed in a  
            timely manner. 


          4)Establishes within OES the position of State Director of Cyber  
            Security, to serve as the executive director of the task  
            force, provide strategic direction for risk assessments  
            performed with state resources, complete a risk profile of  
            state assets and capabilities for the purpose of compiling  
            statewide contingency plans, and act as a point of contact to  
            the federal government and private entities within the state  
            in the event of a declared emergency.


          5)Requires the task force to perform numerous specified  
            functions, including:


             a)   Developing cyber prevention, defense, and response  
               strategies and define a hierarchy of command within the  
               state for this purpose.









                                                                    AB 1172


                                                                    Page  3






             b)   Compiling and integrating research conducted by academic  
               institutions, federal laboratories, and other cyber  
               security experts into state operations and functions.


             c)   Expanding collaboration with the state's law enforcement  
               apparatus assigned jurisdiction to prevent, deter,  
               investigate, and prosecute cyber-attacks and  IT crime.


             d)   Proposing potential operational or functional  
               enhancements to the state's cyber security assessment and  
               response capabilities, as well as investment or spending  
               recommendations and guidance for the state's  IT budget and  
               procurement.


          FISCAL EFFECT:


          Given the numerous functions and responsibilities of the task  
          force, there would be need for two analysts, in addition to the  
          executive director, at an ongoing GF costs of around $500,000.


          To the extent the result of the task force's work minimizes the  
          state's exposure from cyber attacks and related technology  
          security issues, the state will avoid the costs of such  
          disruptions, which could otherwise be significant.


          COMMENTS:


          1)Purpose. This bill is intended to set forth in statute a  
            formal structure and responsibilities for the Task Force,  
            which is currently functioning as an ad hoc advisory body  
            under OES. OES and CalTech, acting at the direction of  








                                                                    AB 1172


                                                                    Page  4





            Governor Brown, created the Task Force to be "a statewide  
            partnership comprised of key stakeholders, subject matter  
            experts, [federal agencies], and cyber security professionals  
            from California's public sector, private industry, academia,  
            and law enforcement.  


          2)Related Legislation. AB 670 (Irwin), pending in this  
            committee, requires CalTech to conduct security assessments of  
            the IT resources of every state agency, department or office  
            at least once every two years.


          Analysis Prepared by:Chuck Nicol / APPR. / (916)  
          319-2081