BILL ANALYSIS �Ó
AB 1172
Page 1
ASSEMBLY THIRD READING
AB
1172 (Chau)
As Introduced February 27, 2015
Majority vote
-------------------------------------------------------------------
|Committee |Votes |Ayes |Noes |
| | | | |
| | | | |
|----------------+------+--------------------+----------------------|
|Privacy |11-0 |Gatto, Wilk, Baker, | |
| | |Calderon, Chang, | |
| | |Chau, Cooper, | |
| | |Dababneh, Dahle, | |
| | |Gordon, Low | |
| | | | |
|----------------+------+--------------------+----------------------|
|Appropriations |17-0 |Gomez, Bigelow, | |
| | |Bonta, Calderon, | |
| | |Chang, Daly, | |
| | |Eggman, Gallagher, | |
| | | | |
| | | | |
| | |Eduardo Garcia, | |
| | |Gordon, Holden, | |
| | |Jones, Quirk, | |
| | |Rendon, Wagner, | |
| | |Weber, Wood | |
| | | | |
| | | | |
-------------------------------------------------------------------
�
AB 1172
Page 2
SUMMARY: Creates a California Cyber Security Task Force (Task
Force) within the Governor's Office of Emergency Services (OES) to
act in an advisory capacity and make policy recommendations on
cyber security for the State of California. Specifically, this
bill:
1)Codifies the existence of the Task Force within OES.
2)Specifies the nine members of the Task Force.
3)Authorizes the Task Force to convene public and private
stakeholders to act in an advisory capacity and compile policy
recommendations on cyber security for the State of California.
4)Requires the Task Force to complete and issue a report of policy
recommendations to the Governor's office and the Legislature on
an annual basis, as specified.
5)Requires the Task Force to meet quarterly, or more often as
necessitated by emergency circumstances, to ensure that the
policy recommendations from the report are implemented and any
necessary modifications that may arise are addressed in a timely
manner.
6)Authorizes OES and California Institute of Technology (CalTech)
to conduct the strategic direction of risk assessments performed
by the Military Department's Computer Network Defense Team.
7)Creates within OES the position of a State Director of Cyber
Security.
�
AB 1172
Page 3
8)Requires the Task Force to perform certain functions, as
specified.
1)Requires the Task Force to take all necessary steps to protect
personal information and privacy, public and private sector
data, and the constitutional rights and liberties of
individuals, when implementing its duties.
2)Authorizes the Task Force to issue reports to the Governor's
office and the Legislature detailing the Task Force's
activities.
9)Authorizes the Task Force to engage or accept the services of
agency or department personnel, accept the services of
stakeholder organizations, and accept federal, private, or other
non-state funding, to operate, manage, or conduct the business
of the Task Force.
3)Requires each state department and agency to cooperate with the
Task Force and furnish it with information and assistance that
is necessary or useful.
10)Declares the provisions enacted by this bill to be inoperative
and repealed as of January 1, 2020.
FISCAL EFFECT: According to the Assembly Appropriations
Committee, given the numerous functions and responsibilities of
the task force, there would be need for two analysts, in addition
to the executive director, at an ongoing General Fund cost of
around $500,000.
�
AB 1172
Page 4
To the extent the result of the task force's work minimizes the
state's exposure from cyber attacks and related technology
security issues, the state will avoid the costs of such
disruptions, which could otherwise be significant.
COMMENTS:
1)Purpose of this bill. This bill is intended to set forth in
statute a formal structure and responsibilities for the Task
Force, which is currently functioning as an ad hoc advisory body
under OES. This bill is author-sponsored.
2)The work of the existing Task Force. OES and CalTech, acting at
the direction of Governor Brown, created the Task Force to be "a
statewide partnership comprised of key stakeholders, subject
matter experts, [federal agencies], and cyber security
professionals from California's public sector, private industry,
academia, and law enforcement. The Task Force serves as an
advisory body to the State of California Senior Administration
Officials in matters related to Cybersecurity." The Task Force
holds public meetings once per quarter. Its express mission is
to "enhance the security of California digital infrastructure
and to create a culture of cybersecurity through collaboration,
information sharing, and education and awareness."
The Task Force operates as an advisory body only - it has no
formal authority, it takes no votes, it has no budget, and its
membership is open and voluntary. It is currently comprised of
seven subcommittees: risk mitigation; information sharing;
workforce development and education; economic development;
emergency preparedness; legislation and funding; and high tech
and digital forensics.
�
AB 1172
Page 5
Analysis Prepared by:
Hank Dempsey / P. & C.P. / (916) 319-2200 FN:
0000629